# Windows Diagnostic infection - Program Files shortcut problem



## Exodyne

Hi all, I recently came across an infection (Windows Diagnostic) on my computer but with the help of the below thread I was able to remove it, and to my knowledge it should be completely removed from my computer. The problem was similar though not exactly the same as I just received the 'Hard Drive Failure' notice and nothing else.

http://www.computerforum.com/193048-my-hdd-failing-we-speak-urgent-help-required.html

I've also read that the infection causes some files on the computer to become hidden and this is where I'm having problems in returning my computer to its previous state. Below are methods I used to unhide my files and my current problem.

*Methods attempted to unhide files:*

Used the unhide.exe located at the site below, as well as the one posted in the aforementioned thread. This managed to retrieve some of my files.
http://www.pcrisk.com/removal-guides/6061-windows-diagnostic-removal
Went into folder options and selected 'Show hidden files and folders'. This did nothing I believe.
Typed 'attrib C: *.* /d /s -h' into the command prompt. This resulted in a lot of 'access denied' statements.

*Current Problem:*
When I go Start > All Programs, all the folders are all there but when I open them they display nothing. I can still access the programs if I open an associated file (ie. Opening a Microsoft Word document).

I was able to locate the program on my computer (C:\Program Files\Microsoft Office\Office12) which means the files aren't hidden but shortcuts are? I should be able to recreate a shortcut in 'All Programs', but doing this with all the programs I have will be difficult. Is there any other way to restore all the folders to display their respective files?

Also, the icons I had in the 'quick launch' toolbar and at least one of my shortcuts on the desktop are also missing, but these are minor problems compared to the above.

I was going to post this in the other thread however I'm not sure the problem is entirely related. Please move my post to the other thread if necessary.

Thank you.


----------



## JHM

This sounds very much like the "Windows Recovery" virus that Gloria got on her machine. Get Johnb35's advice, but I think you are going to have to run "Combofix" to sort out most of your problems. See the thread on the "Windows Recovery Virus" in this section. I posted pictures of a lot of the stuff I encountered cleaning it up. Will also post pictures of what you can do to make hidden files visible, (for WinXP - your system might vary a bit), though it is only a partial fix. i.e. it doesn't repair the problem, just circumvents it to some extent.

1) Click on "Tools" up at the top left of your open folder.






2) From the drop down menu select "Folder Options"






3) When the "Folder Options" window opens, click on "View".






4) When the "View" window opens :
a) Select "Show hidden files and folders"
b) Uncheck the checkbox for "Hide protected operating system fiules (Recommended)"


----------



## johnb35

This group of malware that hides icons has turned into the most common one out there right now I believe.  What procedures did you use to clean your infections?  I would need to see logs of malwarebytes and hijackthis.  Also would need you to run combofix if you haven't already done so.  Here are the the links to the programs.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## Exodyne

First I attempted to run Malwarebytes but it wouldn't begin scanning, so I downloaded Rkill.exe that you provided before I was able to make a scan. It found several infections and I removed them. I also tried running HiJackThis prior to using Rkill.exe but it also ended up freezing, and after Rkill.exe it ended up closing/removing the program by itself. I did not attempt to run it again afterwards. I also did an AVG scan this morning and found 2 viruses and removed them.

*Malwarebytes log (at time of infection)*

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6526

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/05/2011 2:00:44 AM
mbam-log-2011-05-08 (02-00-44).txt

Scan type: Quick scan
Objects scanned: 183307
Time elapsed: 1 hour(s), 9 minute(s), 20 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
c:\programdata\nuhverxdmtu.exe (Trojan.FakeAlert) -> 5004 -> Unloaded process successfully.
c:\programdata\41737976.exe (Trojan.FakeAlert) -> 4600 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NuHveRXdmtu (Trojan.FakeAlert) -> Value: NuHveRXdmtu -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\Exodyne\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\nuhverxdmtu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\41737976.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\96368D1.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Local\Temp\-213E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Local\Temp\1363E8.tmp (Trojan.Agent) -> Delete on reboot.
c:\Users\Exodyne\AppData\Local\Temp\tmp61EE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Local\Temp\tmp982.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Exodyne\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.


*Malwarebytes log (current)*

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6526

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/05/2011 11:42:59 PM
mbam-log-2011-05-08 (23-42-59).txt

Scan type: Quick scan
Objects scanned: 183070
Time elapsed: 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


*HiJackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:05 PM, on 8/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Exodyne\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13189 bytes


*ComboFix log*

ComboFix 11-05-07.02 - Exodyne 09/05/2011   0:31.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.1915.903 [GMT 10:00]
Running from: c:\users\Exodyne\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Exodyne\AppData\Local\TempDIR
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-08 to 2011-05-08  )))))))))))))))))))))))))))))))
.
.
2011-05-08 14:51 . 2011-05-08 14:52	--------	d-----w-	c:\users\Exodyne\AppData\Local\temp
2011-05-08 14:51 . 2011-05-08 14:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-08 13:51 . 2011-04-18 17:17	307288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-05-08 13:51 . 2011-04-18 17:12	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-05-08 13:51 . 2011-04-18 17:17	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-05-08 13:51 . 2011-04-18 17:16	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-05-08 13:51 . 2011-04-18 17:13	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-05-08 13:51 . 2011-04-18 17:13	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-05-08 13:50 . 2011-04-18 17:25	40112	----a-w-	c:\windows\avastSS.scr
2011-05-08 13:50 . 2011-04-18 17:25	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-05-08 13:49 . 2011-05-08 13:49	--------	d-----w-	c:\programdata\AVAST Software
2011-05-08 13:49 . 2011-05-08 13:49	--------	d-----w-	c:\program files\AVAST Software
2011-05-07 15:14 . 2010-07-16 04:59	656320	----a-w-	c:\windows\system32\drivers\pctEFA.sys
2011-05-07 15:14 . 2010-07-16 04:59	338880	----a-w-	c:\windows\system32\drivers\pctDS.sys
2011-05-07 15:13 . 2011-01-16 23:10	251560	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2011-05-07 15:13 . 2010-12-15 22:38	103232	----a-w-	c:\windows\system32\drivers\pctwfpfilter.sys
2011-05-07 15:13 . 2010-12-10 06:57	160448	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-07 15:13 . 2010-12-10 03:24	239168	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2011-05-07 15:12 . 2010-12-15 22:46	70536	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2011-05-07 15:10 . 2011-05-07 15:12	--------	d-----w-	c:\program files\Common Files\PC Tools
2011-05-07 15:10 . 2011-05-07 15:12	--------	d-----w-	c:\programdata\PC Tools
2011-05-07 15:10 . 2011-05-07 17:53	--------	d-----w-	c:\program files\PC Tools Security
2011-05-07 15:10 . 2011-05-07 15:10	--------	d-----w-	c:\users\Exodyne\AppData\Roaming\PC Tools
2011-04-26 04:55 . 2011-03-03 12:09	2336384	----a-w-	c:\windows\system32\BootMan.exe
2011-04-26 04:55 . 2010-07-14 22:44	86408	----a-w-	c:\windows\system32\setupempdrv03.exe
2011-04-26 04:55 . 2010-07-14 22:44	8456	----a-w-	c:\windows\system32\EuGdiDrv.sys
2011-04-26 04:55 . 2010-07-14 22:44	14216	----a-w-	c:\windows\system32\epmntdrv.sys
2011-04-26 04:55 . 2010-07-14 22:44	14848	----a-w-	c:\windows\system32\EuEpmGdi.dll
2011-04-26 04:55 . 2011-04-26 04:55	--------	d-----w-	c:\program files\******
2011-04-26 04:19 . 2011-04-26 05:11	--------	d-----w-	c:\users\Exodyne\AppData\Local\WBFSManager
2011-04-26 04:15 . 2011-05-07 17:39	--------	d-----w-	c:\program files\WBFS
2011-04-23 01:29 . 2011-04-23 01:29	--------	d-----w-	c:\program files\iPod
2011-04-23 01:29 . 2011-04-23 01:30	--------	d-----w-	c:\program files\iTunes
2011-04-23 01:23 . 2011-04-23 01:23	--------	d-----w-	c:\program files\Bonjour
2011-04-19 04:17 . 2011-04-23 15:51	--------	d-----w-	c:\users\Exodyne\AppData\Local\Ocster Backup
2011-04-19 04:17 . 2011-04-23 15:51	--------	d-----w-	c:\programdata\sysnfxo
2011-04-19 04:17 . 2011-04-19 04:17	--------	d-----w-	c:\users\_ocster_backup_
2011-04-19 04:16 . 2011-04-19 04:16	--------	d-----w-	c:\programdata\Ocster Backup
2011-04-13 06:36 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 06:36 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-13 06:36 . 2011-02-16 16:21	430080	----a-w-	c:\windows\system32\vbscript.dll
2011-04-13 06:36 . 2011-02-16 16:16	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-04-13 06:36 . 2011-02-16 14:02	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-04-13 06:36 . 2011-03-02 15:44	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-13 06:36 . 2009-05-04 09:59	25088	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-04-11 06:49 . 2011-04-11 06:50	--------	d-----w-	C:\OMF
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 06:20 . 2011-04-06 06:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-02-18 05:36 . 2011-02-18 05:36	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-02-18 05:36 . 2011-02-18 05:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2009-11-19 10:08 . 2009-11-19 10:08	3749224	----a-w-	c:\program files\Common Files\adlmint_libFNP.dll
2009-11-19 10:08 . 2009-11-19 10:08	2941288	----a-w-	c:\program files\Common Files\adlmint.dll
2010-02-25 04:48 . 2010-02-25 04:48	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2009-12-31 00:53	2349080	----a-w-	c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-25 30192]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-07 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-22 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-14 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-14 8456]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-25 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-28 3407292]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 16472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Brofsxrtapdd;Brofsxrtapdd; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 13:43]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 13:43]
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{052D881E-1F75-46A6-BDBF-90AFA7BD8EA0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Exodyne\AppData\Roaming\Mozilla\Firefox\Profiles\8f828cuo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: ALOT Toolbar: toolbar@alot.com - %profile%\extensions\toolbar@alot.com
FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 00:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2402920769-3105643166-1956800451-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,d3,a9,14,c3,cf,85,48,cc,ae,cd,ea,a8,96,b4,cc,a4,ff,cb,90,1e,
   fc,05,a3,91,a2,10,3b,f6,43,53,0a,aa,7f,b6,8d,18,9a,ee,8d,e4,0a,5e,f9,e4,db,\
"rkeysecu"=hex:32,b9,83,f5,60,48,c5,a3,34,71,9d,63,61,e7,82,1b
.
[HKEY_USERS\S-1-5-21-2402920769-3105643166-1956800451-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):18,dd,c1,9c,45,cd,24,67,40,63,2f,37,4c,9a,e6,b9,e6,99,80,5c,13,
   e9,55,86,ef,29,2a,50,7d,47,56,c8,3f,3c,67,6c,64,bb,5e,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2402920769-3105643166-1956800451-1000_Classes\CLSID\{cbf58ea1-3f09-428f-a2a0-ebc2078bdb12}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000143
"Therad"=dword:00000020
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4216)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-05-09  01:00:59
ComboFix-quarantined-files.txt  2011-05-08 15:00
.
Pre-Run: 14,069,456,896 bytes free
Post-Run: 15,987,560,448 bytes free
.
- - End Of File - - E02C48ADFDBF17E5B34E9F0E1B65F773


Not sure if it matters but I installed Avast and uninstalled AVG in between the HiJackThis scan and ComboFix scan. ComboFix was unable to run whilst AVG was running, and there was no way to close AVG even from the task manager so only option was to uninstall. I thought I'd mention it just in case.


----------



## johnb35

Yeah, combofix can't run with avg installed unfortunately, thats one of the reasons why I don't recommend AVG anymore.  Did you run the avg removal tool?

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

Do you have the vista install cd?   You can always try repairing the operating system.  Or something I really don't recommend is to do a system restore back prior to being infected and then rescan your system.


----------



## Exodyne

I uninstalled AVG via 'Program & Features' on the Control Panel and it seems to have uninstalled without problems. Should I run the avg removal tool as well?

Unfortunately I was never given a vista install cd when I bought my laptop, so I don't have one I'm afraid. I even remember asking them directly for it but they said they didn't have it.

Would a system restore affect the computer negatively? Or is there a specific reason why you wouldn't recommend it?


----------



## johnb35

AVG doesn't usually uninstall cleanly.  Using the removal tool is always recommended.  Well sometimes doing a system restore back prior to being infected may cause you to still be infected as malware will hide in system restore files.  But sometimes its the only option for some people.  If you do decide to do the system restore then I would go back a week prior to being infected and then rerun malwarebytes and your antivirus program.  If everything seems to be working correctly then you should delete all restore points and create a fresh one at that time.


----------



## Exodyne

I ran the AVG removal tool. Thanks for the link. 

Is that the only option left me? It sounds like I should avoid it if possible so I'd like to try any other options beforehand.

Does a system restore remove saved files/bookmarked sites/etc. made during that week as well? I've never used the system restore before so I'm unaware of what exactly happens or even how to go about it.


----------



## johnb35

It doesn't touch any saved documents or programs only windows files/registry.  If the unhide program didn't work maybe you can just reinstall the programs that aren't working correctly and recreate the shortcuts.


----------



## Exodyne

I think all the programs (based on the ones I've tried so far) are working properly and the unhide program did work to some extent. Right now it's not a problem of hidden files as it is just missing shortcuts that were linked to the previously hidden files. I guess I'll attempt to just recreate all the shortcuts for the time being and then try a system restore later on if a problem occurs.

Thanks for all the help John (assuming that's your name, haha) . I really appreciate it.


----------



## Timgringo

*Same problem 4173796.exe*

The exact same thing has happened to me.  I have McAffee running on my Vista  PC wish identified the virus exactly as mentioned earlier, with the 41737976.exe.

It has elevated my CPU temperature to 83 degrees, loses 1/3 of my hard disk and activates four instances of the attrib.exe processes and other bad stuff.

I too am not sure where this comes from and how to get rid of it.  I desperately need help.


----------



## johnb35

Timgringo said:


> The exact same thing has happened to me.  I have McAffee running on my Vista  PC wish identified the virus exactly as mentioned earlier, with the 41737976.exe.
> 
> It has elevated my CPU temperature to 83 degrees, loses 1/3 of my hard disk and activates four instances of the attrib.exe processes and other bad stuff.
> 
> I too am not sure where this comes from and how to get rid of it.  I desperately need help.



Please do the following.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## Timgringo

*It works (apparently)*

I installed malwarebytes, did a quick scan.  It immediately identified the trojan "FakeAlert!qrb"  (Question:  what hacker would deliberately name his program "Fake Alert????!!!!)  I then deleted it and it seems that all is running normally except for the fact, it hid many of my files.  I just need to go in and manually unhide them I guess.

Is there anything else I should be doing?

Regardless, thanks.  Your advice really helped.

Timgringo


----------



## johnb35

Please download and run Unhide.exe, this should restore most of your hidden icons/files.

http://download.bleepingcomputer.com/grinler/unhide.exe

Let me know if it doesn't.

Also, please post the logs requested so we can make sure you are infection free.


----------



## CHLIU

johnb35 said:


> Please download and run Unhide.exe, this should restore most of your hidden icons/files.
> 
> http://download.bleepingcomputer.com/grinler/unhide.exe
> 
> Let me know if it doesn't.
> 
> Also, please post the logs requested so we can make sure you are infection free.



I also encountered the same question.
Below are the logs.

AVG results:

"Scan ""Whole computer scan"" completed."
"Infections";"10";"10";"0"
"Warnings";"2";"2";"0"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"2011年5月20日, 上午 12:26:30"
"Scan finished:";"2011年5月20日, 上午 04:50:09 (4 hour(s) 23 minute(s) 38 second(s))"
"Total object scanned:";"4316328"
"User who launched the scan:";"LIU"

"Infections"
"";"File";"Infection";"Result"
"";"E:\program\Acronis Disk Director Suite 10 build 2160\crack\Keygen.exe";"Trojan horse Downloader.Generic7.AEYM";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Sent Items\127E0035-00000135.eml:\crack.rar:\Keygen.exe";"Trojan horse Downloader.Generic7.AEYM";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Sent Items\127E0035-00000135.eml:\crack.rar";"Trojan horse Downloader.Generic7.AEYM";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Sent Items\127E0035-00000135.eml";"Trojan horse Downloader.Generic7.AEYM";"Healed"
"";"E:\data\Mail_vista\Local Folders\Junk E-mail\59016A7D-00000321.eml:\貨物款式.zip:\貨物款式.lnk";"Virus identified Worm/AutoRun.IC";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Junk E-mail\59016A7D-00000321.eml:\貨物款式.zip";"Virus identified Worm/AutoRun.IC";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Junk E-mail\59016A7D-00000321.eml";"Virus identified Worm/AutoRun.IC";"Healed"
"";"C:\ProgramData\ieswqMPFEaliD.exe (3344)";"Virus found Win32/Heur";"Moved to Virus Vault"
"";"C:\ProgramData\ieswqMPFEaliD.exe";"Virus found Win32/Heur";"Reboot is required to finish the action"
"";"C:\ProgramData\ieswqMPFEaliD.exe";"Virus found Win32/Heur";"Reboot is required to finish the action"

"Warnings"
"";"File";"Infection";"Result"
"";"HKU\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ieswqMPFEaliD";"Found registry key with reference to infected file C:\ProgramData\ieswqMPFEaliD.exe";"Moved to Virus Vault"
"";"C:\Users\LIU\AppData\Local\Temp\360Inst-uusee.exe";"Corrupted executable file";"Moved to Virus Vault"

hijackthis results:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 上午 05:58:15, on 2011/5/20
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\FlashGet Network\Flashget\FlashGet.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.exe
C:\PPS.tv\PPStream\PPSAP.exe
C:\PPS.tv\PPStream\PPStream.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID 登入協助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Baidu Toolbar - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: PPS.lnk = C:\PPS.tv\PPStream\PPStream.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O8 - Extra context menu item: UseFlashGet - D:\Downloads\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - D:\Downloads\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: 使用迅雷下載全部連結 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥 - C:\Program Files (x86)\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra 'Tools' menuitem: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra 'Tools' menuitem: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra button: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lib-ezproxy.tamu.edu:2048/lib/tamu/support/plugins/ebraryRdr.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} (KrbClient Class) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} (AresPKIAtx.AtxClient) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\SoDAHK.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18747 bytes

I also used the unhide.exe, and it works.


----------



## johnb35

Please do the following.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

Please post the malwarebytes log along with a fresh hijackthis log.


----------



## CHLIU

johnb35 said:


> Please do the following.
> 
> Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.
> 
> Double-click *mbam-setup.exe* and follow the prompts to install the program.
> At the end, be sure a checkmark is placed next to
> *Update Malwarebytes' Anti-Malware*
> and *Launch Malwarebytes' Anti-Malware*
> 
> then click *Finish*.
> If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
> Once the program has loaded, select *Perform quick scan*, then click *Scan*.
> When the scan is complete, click *OK*, then *Show Results* to view the results.
> Be sure that everything is checked, and click *Remove Selected*.
> A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware
> 
> Please post the malwarebytes log along with a fresh hijackthis log.



Hi, John,

I have followed your instruction above, and the logs are shown above (in my first post).
The problem seems to be fixed. Thank you so much.


----------



## johnb35

CHLIU said:


> Hi, John,
> 
> I have followed your instruction above, and the logs are shown above (in my first post).
> The problem seems to be fixed. Thank you so much.



You posted the avg log not the malwarebytes log.  Please repost the hijackthis log after running malwarebytes.  The hijackthis log that is showing is still showing infections.


----------



## CHLIU

johnb35 said:


> You posted the avg log not the malwarebytes log.  Please repost the hijackthis log after running malwarebytes.  The hijackthis log that is showing is still showing infections.



Sorry, I seems to misunderstand what you are saying.

malwarebytes logs:

Scan type: Quick scan
Objects scanned: 197666
Time elapsed: 19 minute(s), 48 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 9
Registry Keys Infected: 41
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 17
Files Infected: 699

Memory Processes Infected:
c:\program files (x86)\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> 4140 -> Unloaded process successfully.
c:\program files (x86)\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> 5988 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files (x86)\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\Encrypt.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\quality.dll (Adware.Funshion) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2923508C-9425-4A61-B9CE-A98239055916} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BarBroker.BDBroker.1 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BarBroker.BDBroker (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.BandIE.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.BandIE (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBar.Tool.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBar.Tool (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.ToolBand.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.ToolBand (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.5 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{201E93EA-C7E1-4849-9985-0D2207A3F528} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1F4FE513-E22F-4F1F-BB77-B1ED95E434CF} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5478D59A-B281-4F58-AD2E-103474434377} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4A2B9AD8-5540-46A3-BBB4-8DED5FB09DE8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\thunder (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.


----------



## CHLIU

Continuing:

Folders Infected:
c:\program files (x86)\funshion online (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashstamp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\LIU\AppData\Local\Temp\0.4619063860145921.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Local\Temp\uuseedownload.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Local\Temp\nsc30AE.tmp\picturewindow.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\LIU\local settings\temporary internet files\Content.IE5\NJ1WOZ06\windows-update-sp3-kb97873-setup[1].exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Roaming\microsoft\internet explorer\quick launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Roaming\microsoft\internet explorer\quick launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Roaming\Adobe\plugs\mmc139.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\CoreAAC.ax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\coreavc.ax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\crashreport.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshiongame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionservice.diagnose (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionupgrade.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\nicdescr.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\routersetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305600407_434208cfd4ec3a1.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305600407_6634280_1290649463_962.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305600407_6634280_1290649463_962.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305601795_6634280_1290649464_159.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305601795_6634280_1290649464_159.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305610154_6634280_1290649464_419.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305610154_6634280_1290649464_419.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305611667_6634280_1290649465_92.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305611667_6634280_1290649465_92.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305613049_6634280_1290649465_427.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305613049_6634280_1290649465_427.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305614562_6634280_1290649465_753.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305614562_6634280_1290649465_753.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305674960_6634280_1290649466_964.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305674960_6634280_1290649466_964.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305676758_6634280_1290649468_117.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305676758_6634280_1290649468_117.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305678387_6634280_1290649469_743.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305678387_6634280_1290649469_743.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305695545_6634280_1290649469_46.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305695545_6634280_1290649469_46.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305697079_6634280_1290649472_628.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305697079_6634280_1290649472_628.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305698511_6634280_1290649477_548.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305698511_6634280_1290649477_548.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305702574_6634280_1290649478_26.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305702574_6634280_1290649478_26.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305704734_6634280_1290649483_445.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305704734_6634280_1290649483_445.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305706237_6634280_1290649483_502.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305706237_6634280_1290649483_502.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305714429_6634280_1290649484_858.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305714429_6634280_1290649484_858.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305717742_6634280_1290649484_528.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305717742_6634280_1290649484_528.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305719163_6634280_1290649485_78.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305719163_6634280_1290649485_78.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305751478_6634280_1290649485_309.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305751478_6634280_1290649485_309.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305752991_6634280_1290649488_495.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305752991_6634280_1290649488_495.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305758120_6634280_1290649488_511.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305758120_6634280_1290649488_511.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305759633_6634280_1290649489_242.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305759633_6634280_1290649489_242.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305761146_6634280_1290649489_814.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305761146_6634280_1290649489_814.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305762615_6634280_1290649490_537.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305762615_6634280_1290649490_537.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305764129_6634280_1290649490_233.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305764129_6634280_1290649490_233.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305765643_6634280_1290649491_504.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305765643_6634280_1290649491_504.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305767157_6634280_1290649491_837.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305767157_6634280_1290649491_837.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305770206_6634280_1290649492_264.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305770206_6634280_1290649492_264.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305771721_6634280_1290649492_122.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305771721_6634280_1290649492_122.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305773206_6634280_1290649493_412.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305773206_6634280_1290649493_412.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305777187_6634280_1290649493_870.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305777187_6634280_1290649493_870.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305784706_6634280_1290649499_571.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305784706_6634280_1290649499_571.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305786174_6634280_1290649499_67.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305786174_6634280_1290649499_67.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305787623_6634280_1290649505_985.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305787623_6634280_1290649505_985.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305791682_6634280_1290649505_532.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305791682_6634280_1290649505_532.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305792944_6634280_1290649505_748.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305792944_6634280_1290649505_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305793585_6634280_1290649506_68.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305793585_6634280_1290649506_68.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305794987_6634280_1290649506_169.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305794987_6634280_1290649506_169.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305804219_6634280_1290649507_360.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305804219_6634280_1290649507_360.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305805786_6634280_1290649507_730.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305805786_6634280_1290649507_730.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305807689_6634280_1290649508_516.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305807689_6634280_1290649508_516.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305809204_6634280_1290649508_777.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305809204_6634280_1290649508_777.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305810666_6634280_1290649508_83.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305810666_6634280_1290649508_83.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305811912_6634280_1290649511_592.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305811912_6634280_1290649511_592.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305839520_6634280_1290649512_151.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305839520_6634280_1290649512_151.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305841541_6634280_1290649515_43.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305841541_6634280_1290649515_43.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843224_6634280_1290649515_782.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843224_6634280_1290649515_782.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843261_6634280_1290649516_916.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843261_6634280_1290649516_916.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305844834_6634280_1290649516_317.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305844834_6634280_1290649516_317.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305846347_6634280_1290649517_243.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305846347_6634280_1290649517_243.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305847792_6634280_1290649517_751.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305847792_6634280_1290649517_751.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305849201_6634280_1290649518_449.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305849201_6634280_1290649518_449.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305853070_6634280_1290649518_673.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305853070_6634280_1290649518_673.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305854583_6634280_1290649519_748.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305854583_6634280_1290649519_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305939358_6634280_1290649522_804.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305939358_6634280_1290649522_804.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\0.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\1.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\2.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\3.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\4.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\5.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\6.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\7.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\8.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\9.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpcleardisk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpError.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpplaybartip.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpprompt.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpquestion.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmptimerclose.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\buffering.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmaxbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenubtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenubtnen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenuf.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenufen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionminbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionnormalbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captiontext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captiontexten.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\changemodebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\checkbox_box.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\checkbox_check.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\diskwarnning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\dragcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\hideplayinfobtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ierrorreshbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ierrorwarning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ierrorwndbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarback.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarbacken.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarforward.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarforwarden.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarhomepage.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarhomepageen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarrefresh.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarrefreshen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\intergratemodebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\L.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\listheaderbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\listheadersplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\list_expend.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\loadingfunshion.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframebtm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframeleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframeright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframetop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncleftbtmcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainnclefttopcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncrightbtmcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncrighttopcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionbtnarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionbtnbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidbarhead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidbartrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidebarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidebarthumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optiontext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optiontexten.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\p.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\pauseadclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\pauseflickerbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarsplidrgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgndright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgndrightsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgndsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarthumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarthumbsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbufferinfowndbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbufferinfowndleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbufferinfowndright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnfullview.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnmute.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnmutesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnextsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnontop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnormal.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpause.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpausesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnplay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnplaylist.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnplaysmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpre.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpresmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnsetting.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnsimple.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnstop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnstopsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtntop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnvolume.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnvolumesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarleftbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarrightbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarsplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerhidebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerhidebtnen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerhidebtnrgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playertipclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playflickerbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobkgndsel.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobtmbar.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobtnmenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfocurplay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfoheaderbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfotitlebk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistaddbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistremove.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistversplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistversplidmark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbefore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbeforesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbkgndsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbardownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbardownloadsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarhead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarheadsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarthumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarthumbsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbartrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbartrailsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\R.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\radiobtnbox.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\radiobtnpt.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\rpcloading.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\rpcstartdlgbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbardownarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbardownarrowl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbardownarrowround.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbaruparrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbaruparrowl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbaruparrowround.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverbkgndl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetbkgndhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetbkgndl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgethead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetheadhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetheadl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetmid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetmidhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetmidl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgettrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgettrailhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgettraill.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrolllinkbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrolllinkfrm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\settingdlgicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\showplayinfobtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\splidbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\splidbarmark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarsplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tabmodebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnmenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnopenlcl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnshowplayer.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbartipdownarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistbtnhide.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistbtnshow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistreplaybtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistrightline.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskliststaticons.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskliststatselicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmanagerclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmanagerclosetxtbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbaritem.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarlist.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarlscrollbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarrscrollbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgntitlebkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgntitleleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgntitleright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmngbtnicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktabbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\TaskText.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktexten.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbardelete.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbardownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarplay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarrestore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarstop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\textbtnbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tipbottomarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tiprightarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tiptoparrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmigorebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmupdatebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatecapbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatecapclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatecaption.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updateiconfail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updateiconinit.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updateiconsuc.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodPlay.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodplayen.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodWeb.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodWebEn.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\webclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\webclosebtnrgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\x.bmp (Adware.Funshion) -> Quarantined and deleted successfully.


----------



## CHLIU

continuing:

c:\Users\LIU\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\liu-pc_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\cacheflash\donghuanew_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flash\980ef71b_c41b_511c_2591_1c44d72c2cec.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\0592f407_3d4c_caf9_54b8_9df51e45793c.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\05ab3df7_96f7_f3c1_c7e4_57c5af04df14.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\066bfa23_9783_739f_2459_ba891ea66d34.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\0911a5df_fa44_164a_8502_afc9f921946c.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\0ff1f136_5915_bde9_a422_22aa9cbdc2a3.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\19037f00_64b6_855b_bcb5_de37f6538f97.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\19e0a898_4a6b_0ac0_f4af_5d012464b2f6.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\1bac7ebe_d7a6_54da_5dc5_933f05b6dd50.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\1e035502_89da_3c1b_2e7d_39cab9fb7307.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\202f3106_3d86_3e00_5b50_9d97a900ba03.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\35fd07a9_3462_fab1_78f0_85c07123d022.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\3bd9da56_d8a5_d6cf_afbc_c8812cb4cdea.date1305580578.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\3eefb90b_c946_8b7b_0c08_9278aef747b2.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\417a75b1_4062_888c_8890_0de6d0bf3f8f.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\42f73ea7_62a2_99f3_eff0_19077d4330c3.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\432162c3_2811_ec46_659e_e8b1b876a472.date1303597463.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\5063a532_ed17_a8ea_443d_dbb695e989ff.date1305804206.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\5399d719_1e56_bdbd_8b26_b87123013d57.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\577fbbe0_6b57_ae58_740b_4a351c6108dc.date1305694907.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\5f0875ac_463a_dcd4_c54e_d8bd9c112f4a.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\61510264_071f_a9c7_bd54_7a0509e6f48b.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\6601537d_9ad3_ad5a_abe1_21fdd3fa1126.date1305859824.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\6a8d5ed7_d2bf_c868_3f07_70831a084d3c.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\6da894eb_ebd3_fd6b_e80a_6a8b038f14b6.date1305859824.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\73991fd0_ebda_d973_cb58_c5037dc4b9af.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\75de27e8_d33f_dc61_a715_b944bae4b2dd.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\77e12a01_5f44_de43_8655_0df3bdf46564.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\7936cdc1_21e8_d648_23eb_10089fdf258a.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\8355b1e5_1e71_38ab_19db_b78d7cfef3ef.date1305694907.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\84de0843_65ac_810e_365a_67ef5cc4f69e.date1305890632.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\85982499_5c78_98bb_4d06_5935dd59088f.date1303597463.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\8bc775cd_ba7a_1296_c741_4eb61c0feb96.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\9b1f9dfe_2b01_a8ca_1a3e_0c0c37593e04.date1305600407.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\a0ee6889_0a7e_429b_03eb_775619512f74.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\a984887b_4b95_6c06_5507_9c417174458b.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\a9fe845b_12af_5dc4_f22b_0c3a3d9b9110.date1305314637.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\ad55237a_1d7a_1f93_91fe_f4839278e83f.date1303597463.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\b14f3e5e_39be_5587_b8cd_0487407c52da.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\b36f7c70_b57f_20ca_95e6_3f21b448217d.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\b7562ce6_0285_8927_fc35_da702fb83c02.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\bce941cf_72fb_e345_6c44_39b1455466be.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\c355c0b8_4929_98d2_4e80_4fc7d20c6503.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\c476bf0c_8a8e_8439_868a_c6d569cf52df.date1305580578.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\c7b8eef0_99b0_8d02_0054_b4be04163027.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\cd6c30bc_187d_88ec_b292_97c93d341e11.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\cf6c9342_fff5_1b58_405a_404728bb52eb.date1305804206.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\d783f4f4_ff1d_dac6_0eb8_5d59d968ec05.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\d8e7bc85_854f_8755_a36b_79eba2a99612.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\db333118_cf35_10fa_b579_fc5ea733989b.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\e3c61cf8_e5db_8244_0413_da5351d8f69d.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\ede2b6be_33a9_139f_de84_a9981770b2d5.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\f2d9789a_7515_8793_a350_98c47e71c444.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\f5ff9a31_84e9_f8b5_fb10_8a623b7f4ebb.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\f8ea1151_8ca4_59a5_cb11_c38bd9ee26c9.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\facc8125_adb0_c38f_6394_bdc0ed002f6c.date1303597463.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashstamp\blank.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\名?探柯南-第615集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第10集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第11集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第12集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第13集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第14集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第15集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第161集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第16集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第17集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第18集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第19集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第1集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第200集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第20集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第21集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第22集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第23集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第24集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第25集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第26集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第27集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第28集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第29集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第2集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第30集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第31集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第32集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第33集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第34集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第35集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第36集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第37集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第38集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第39集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第3集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第40集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第41集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第42集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第43集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第44集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第45集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第46集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第47集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第48集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第497集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第49集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第4集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第50集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第51集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第52集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第53集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第54集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第59集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第5集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第6集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第7集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第8集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第9集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\1451101_1268545035_452.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\1451101_1269751503_694.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\14669960_1263174334_463.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1261359980_386.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1261962952_905.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1264405603_500.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1264990481_630.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1265591798_65.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1266290176_165.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1266802844_711.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1268034052_11.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1269242510_27.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\17239948_1263779573_692.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\17239948_1267407438_926.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1282534701_591.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1283752504_562.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1287380192_78.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289116054_375.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702071_741.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702072_759.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702073_117.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702073_326.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702075_466.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702075_865.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702076_74.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702078_977.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702079_492.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702080_114.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702080_551.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702081_290.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702082_743.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702083_64.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702084_729.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702086_463.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702087_842.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702088_317.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702089_803.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702090_187.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702090_243.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702091_503.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702092_620.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702093_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702093_957.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702094_736.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702095_286.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702096_491.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702096_67.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702097_447.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702098_326.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702099_483.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702100_871.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702101_46.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702101_905.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702103_742.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702104_638.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702105_375.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702106_361.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702107_114.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702107_864.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702108_688.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702109_625.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702110_197.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702113_329.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702113_892.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702114_168.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702114_405.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702115_120.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702116_483.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702117_764.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702118_335.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702118_977.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702119_759.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702120_336.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702121_670.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702122_31.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702123_463.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702124_500.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702127_207.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702128_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702129_875.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702130_153.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702131_437.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702132_381.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702133_182.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702133_833.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702134_537.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702135_182.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702137_831.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702138_715.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702139_603.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702140_682.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702141_450.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289710688_150.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1290323624_421.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1290924688_351.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1291529290_795.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1292134703_652.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1292736073_245.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1293341342_275.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1294547124_73.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1295158123_835.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1295764215_557.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1297583420_774.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1298702526_5.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1298702527_578.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1298702527_626.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1299386997_163.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1300603282_392.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1301222377_833.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1303020559_643.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1304835935_652.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1284876206_11.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1285482536_226.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1286768589_133.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1287975476_199.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1288682373_833.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1296370088_685.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1301819330_305.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\2332025_1298179840_572.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\4125403_1270462439_978.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\434208cfd4ec3a1.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1271051762_81.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1271663170_651.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1272189266_33.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1272905883_693.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1273395301_235.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1274078418_366.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1274613139_511.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1275231261_657.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1280662134_949.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1281254753_972.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1281930372_802.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1283072465_437.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1284281433_697.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1286096084_968.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649464_159.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649464_419.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649465_427.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649465_753.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649465_92.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649466_964.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649468_117.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649469_46.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649469_743.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649472_628.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649477_548.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649483_445.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649483_502.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649484_528.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649485_309.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649485_78.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649488_495.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649488_511.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649489_242.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649489_814.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649490_233.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649490_537.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649491_504.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649491_837.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649492_122.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649492_264.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649493_412.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649493_870.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649499_571.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649499_67.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649505_532.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649505_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649505_985.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649506_169.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649506_68.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649507_730.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649508_516.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649508_777.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649508_83.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649511_592.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649512_151.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649515_43.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649515_782.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649516_317.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649517_243.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649517_751.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649518_449.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649518_673.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649519_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649877_598.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649880_472.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649881_740.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1296971890_457.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\adlinkparamfile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\ad_define.fai.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\flashnew.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\flashparam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\flashparam.txt.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\Pop Game.lnk (Adware.Funshion) -> Quarantined


----------



## CHLIU

hijackthis logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 08:51:47, on 2011/5/20
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
E:\PPS.tv\PPStream\PPSAP.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\PPS.tv\PPStream\PPStream.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\setup_9.0.0.722_20.05.2011_08-09.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID 登入協助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: PPS.lnk = C:\PPS.tv\PPStream\PPStream.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O8 - Extra context menu item: UseFlashGet - D:\Downloads\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - D:\Downloads\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: 使用迅雷下載全部連結 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥 - C:\Program Files (x86)\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra 'Tools' menuitem: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra 'Tools' menuitem: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra button: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lib-ezproxy.tamu.edu:2048/lib/tamu/support/plugins/ebraryRdr.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} (KrbClient Class) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} (AresPKIAtx.AtxClient) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\SoDAHK.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18483 bytes


----------



## johnb35

Please uninstall AVG so you can perform the following procedure.  Combofix will not run while AVG is installed.



*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## CHLIU

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running
[/QUOTE]

The ComboFix log:

ComboFix 11-05-19.02 - LIU /05/20 星期五  22:07:57.1.4 - x64
執行位置: K:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Pop Game.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Shopping Sites.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_img_415jza.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_img_914jza.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_1112hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11615hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11616hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11617hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11642hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11644hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11645hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11646hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11648hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12872hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12873hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12904hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12907hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13292hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13444hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13473hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13474hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13654hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13992hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14113hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14114hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14121hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14152hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14172hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14173hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14192hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14452hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15290hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15323hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15326hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15346hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15353hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_16064hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_2915hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_2920hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_336hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_338hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_339hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_340hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_341hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_342hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_343hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_345hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_362hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_371hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_398hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9244hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9248hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9249hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9250hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9261hhb.jpg
c:\users\LIU\AppData\Roaming\Adobe\plugs
c:\users\LIU\AppData\Roaming\Adobe\plugs\mmc146321496.txt
c:\users\LIU\AppData\Roaming\Adobe\shed
c:\users\LIU\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\Downloaded Program Files\1.1.0.2770
c:\windows\Downloaded Program Files\1.1.0.2770\auc_lib.dll
c:\windows\Downloaded Program Files\1.1.0.2770\daas_s.dll
c:\windows\Downloaded Program Files\1.1.0.2770\DownloadManagerV2.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\ebraryRdr.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\fds.dll
c:\windows\Downloaded Program Files\1.1.0.2770\flashplaydll.dll
c:\windows\Downloaded Program Files\1.1.0.2770\fscax.dll
c:\windows\Downloaded Program Files\1.1.0.2770\fslauncher.dll
c:\windows\Downloaded Program Files\1.1.0.2770\GNowStarter.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\gp.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\JuniperSetupClient.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\Livenet.dll
c:\windows\Downloaded Program Files\1.1.0.2770\Livenet2.dll
c:\windows\Downloaded Program Files\1.1.0.2770\medialist.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\mlist.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\npTVUAx.dll
c:\windows\Downloaded Program Files\1.1.0.2770\powerlist.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\PowerPlayer.dll
c:\windows\Downloaded Program Files\1.1.0.2770\pp2play.dll
c:\windows\Downloaded Program Files\1.1.0.2770\ppsimage.dll
c:\windows\Downloaded Program Files\1.1.0.2770\psclg.dll
c:\windows\Downloaded Program Files\1.1.0.2770\psnetwork.dll
c:\windows\Downloaded Program Files\1.1.0.2770\Vodnet.dll
c:\windows\Downloaded Program Files\1.1.0.2770\Vodres.dll
c:\windows\Downloaded Program Files\cache
c:\windows\struct~.ini
c:\windows\SysWow64\admshare.dat
.
.
(((((((((((((((((((((((((  2011-04-21 至 2011-05-21 的新的檔案  )))))))))))))))))))))))))))))))
.
.
2011-05-21 03:20 . 2011-05-21 03:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-21 03:20 . 2011-05-21 03:20	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-05-21 03:02 . 2011-05-21 03:03	--------	d-----w-	C:\32788R22FWJFW
2011-05-21 00:49 . 2011-05-21 00:49	--------	d-----w-	c:\users\LIU\AppData\Roaming\Malwarebytes
2011-05-21 00:49 . 2010-12-20 23:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-21 00:49 . 2011-05-21 00:49	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-21 00:49 . 2011-05-21 00:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-21 00:49 . 2010-12-20 23:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-21 00:44 . 2011-05-21 01:10	--------	d-----w-	c:\program files (x86)\Ask.com
2011-05-20 12:15 . 2011-03-02 16:12	117760	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-05-20 12:15 . 2009-05-04 10:21	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-05-20 12:15 . 2009-05-04 09:59	25088	----a-w-	c:\windows\SysWow64\dnscacheugc.exe
2011-05-20 10:57 . 2011-05-20 10:57	388096	----a-r-	c:\users\LIU\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-20 10:57 . 2011-05-20 10:57	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-05-20 05:43 . 2011-05-20 05:43	--------	d-----w-	c:\users\LIU\AppData\Roaming\f-secure
2011-05-20 05:42 . 2011-05-20 05:42	--------	d-----w-	C:\$AVG
2011-05-20 05:25 . 2011-05-20 05:25	--------	d-----w-	c:\users\LIU\AppData\Roaming\AVG10
2011-05-20 05:18 . 2011-05-20 05:18	--------	d-----w-	c:\programdata\Common Files
2011-05-20 05:13 . 2011-05-21 02:53	--------	d-----w-	c:\programdata\AVG10
2011-05-20 05:08 . 2011-05-21 02:57	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-05-20 05:06 . 2011-05-20 05:06	--------	d-----w-	c:\program files (x86)\AVG
2011-05-20 05:03 . 2009-10-22 18:54	40464	----a-w-	c:\windows\system32\drivers\76733322.sys
2011-05-20 05:03 . 2009-10-10 04:30	352784	----a-w-	c:\windows\system32\drivers\7673332.sys
2011-05-20 05:03 . 2009-09-25 22:59	157712	----a-w-	c:\windows\system32\drivers\76733321.sys
2011-05-20 04:52 . 2011-05-21 02:49	--------	d-----w-	c:\programdata\MFAData
2011-05-20 04:27 . 2011-05-20 04:27	--------	dc----w-	c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-05-20 04:27 . 2011-05-20 04:27	--------	d-----w-	c:\program files (x86)\Uniblue
2011-05-20 04:26 . 2011-05-20 04:26	--------	d-----w-	c:\users\LIU\AppData\Local\PackageAware
2011-05-17 07:27 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{50851374-5853-4E49-B2A6-D3F77751918E}\mpengine.dll
2011-05-17 01:38 . 2011-05-17 01:38	--------	d-----w-	c:\program files (x86)\FoxTabFlvPlayer
2011-05-13 21:46 . 2011-05-21 00:56	--------	d-----w-	c:\programdata\Skype Extras
2011-05-13 21:45 . 2011-05-13 21:45	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2011-05-11 22:50 . 2011-05-11 22:50	32	----a-w-	C:\temp.tmp
2011-05-01 17:59 . 2011-05-01 17:59	--------	d-----w-	C:\avrescue
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 09:31 . 2011-03-27 09:31	42839	----a-w-	c:\windows\SysWow64\mp3.zip
2011-03-21 23:49 . 2011-03-21 23:49	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-03-21 23:49 . 2011-03-21 23:49	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-21 23:49 . 2011-03-21 23:49	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-03-21 23:49 . 2011-03-21 23:49	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-03-21 23:49 . 2011-03-21 23:49	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-03-21 23:49 . 2011-03-21 23:49	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-03-21 23:49 . 2011-03-21 23:49	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-03-21 23:49 . 2011-03-21 23:49	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-03-21 23:49 . 2011-03-21 23:49	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-03-21 23:49 . 2011-03-21 23:49	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-03-21 23:49 . 2011-03-21 23:49	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-03-21 23:49 . 2011-03-21 23:49	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-03-21 23:49 . 2011-03-21 23:49	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-03-21 23:49 . 2011-03-21 23:49	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-03-21 23:49 . 2011-03-21 23:49	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49	222208	----a-w-	c:\windows\system32\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49	12288	----a-w-	c:\windows\system32\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49	114176	----a-w-	c:\windows\system32\admparse.dll
2011-03-21 23:48 . 2011-03-21 23:48	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-03-21 23:48 . 2011-03-21 23:48	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-03-21 23:48 . 2011-03-21 23:48	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-03-21 23:48 . 2011-03-21 23:48	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-03-21 23:48 . 2011-03-21 23:48	448512	----a-w-	c:\windows\system32\html.iec
2011-03-21 23:48 . 2011-03-21 23:48	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-03-21 23:48 . 2011-03-21 23:48	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-03-21 23:48 . 2011-03-21 23:48	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-03-21 23:48 . 2011-03-21 23:48	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-03-21 23:48 . 2011-03-21 23:48	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-03-21 23:48 . 2011-03-21 23:48	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-03-21 23:48 . 2011-03-21 23:48	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-03-21 23:48 . 2011-03-21 23:48	160256	----a-w-	c:\windows\system32\wextract.exe
2011-03-09 11:06 . 2010-06-24 16:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17	1487240	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TopmostClock"="c:\program files (x86)\Topmost Clock\TopMostClock.exe" [2002-09-07 540672]
"PPS Accelerator"="e:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]
"UniblueRegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 49152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-16 126976]
.
c:\users\LIU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
funshion.lnk - c:\program files (x86)\Funshion Online\Funshion\Funshion.exe [N/A]
PPS.lnk - c:\pps.tv\PPStream\PPStream.exe [2011-4-5 4553608]
setup_9.0.0.722_20.05.2011_08-09.lnk - c:\users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe [2011-5-20 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 GPU-Z;GPU-Z;c:\users\LIU\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 76733322;76733322 Boot Guard Driver;c:\windows\system32\DRIVERS\76733322.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 76733321;76733321;c:\windows\system32\DRIVERS\76733321.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 setup_9.0.0.722_20.05.2011_08-09drv;setup_9.0.0.722_20.05.2011_08-09drv;c:\windows\system32\DRIVERS\7673332.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
 ‘計劃任務’ 文件夾 裡的內容
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
2011-05-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: UseFlashGet - d:\downloads\FlashGet\ComDlls\Bholink.htm
IE: UseFlashGetDownloadAllLink - d:\downloads\FlashGet\ComDlls\Bhoall.htm
IE: 使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bholink.htm
IE: 使用迅雷下載全部連結 - c:\program files (x86)\Thunder Network\Thunder\Program\getallurl.htm
IE: 全部使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bhoall.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: 妏蚚WEB捃濘狟婥 - c:\program files (x86)\Thunder Network\WebThunder\GetUrl.htm
IE: 妏蚚WEB捃濘狟婥窒蟈諉 - c:\program files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
IE: 轉換為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換連結目標到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換連結目標為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換選定的連結到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: 轉換選定的連結為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: 轉換選擇內容到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換選擇內容為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 附加至現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0062C9BD-B349-40DE-91A0-755F37ACD559}
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE: {{95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58
IE: {{95B3F550-91C4-4627-BCC4-521288C52979} - c:\program files (x86)\PPLive\PPVA\PPLiveVA.exe
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: ecpa.cpa.gov.tw
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: webscache.com
Trusted Zone: gogobox.com.tw
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
FF - ProfilePath - c:\users\LIU\AppData\Roaming\Mozilla\Firefox\Profiles\cd323wjo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd5f95d&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=zh-TW&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-ClubBox - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*1*_*b*y*_*灼\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*5*
0\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比！除了執行速度快、穩定且容易使用之外，它還內建防護機制，讓您安心瀏覽網頁，無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
完成時間: 2011-05-20  22:24:00
ComboFix-quarantined-files.txt  2011-05-21 03:24
.
Pre-Run: 2,065,690,624 位元組可用
Post-Run: 4,525,789,184 位元組可用
.
- - End Of File - - 03D81EDE993423F83D7464DA08455744


----------



## CHLIU

The hijackthis logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 10:28:38, on 2011/5/20
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
E:\PPS.tv\PPStream\PPSAP.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\setup_9.0.0.722_20.05.2011_08-09.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID 登入協助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: PPS.lnk = C:\PPS.tv\PPStream\PPStream.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O8 - Extra context menu item: UseFlashGet - D:\Downloads\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - D:\Downloads\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: 使用迅雷下載全部連結 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥 - C:\Program Files (x86)\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra 'Tools' menuitem: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra 'Tools' menuitem: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra button: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lib-ezproxy.tamu.edu:2048/lib/tamu/support/plugins/ebraryRdr.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} (KrbClient Class) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} (AresPKIAtx.AtxClient) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16244 bytes

Before using the steps of your suggestion, my computer sometimes works abnormally such that I need to enforce to shut down my computer.
Currently, the computer works normally.
Again, I would like to thank your helps.


----------



## CHLIU

I have tried to use Winrar, and the winrar.exe does not work well.
The computer will stop so that I need to enforce to shut down it.
I do not know why this may happen.
Also I tried to ctrl+alt+del, the taskmgr does not show up. Instead an error message has shown up.
John, do you have any idea about this?


----------



## johnb35

You still have a mess going here.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Driver::
76733322
76733321
setup_9.0.0.722_20.05.2011_08-09drv

File::
c:\windows\system32\DRIVERS\76733322.sys 
c:\windows\system32\DRIVERS\76733321.sys 
c:\windows\system32\DRIVERS\7673332.sys 

Reglock::
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*1*1*_*b*y*_*灼\OpenWithList]
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*1*cT]
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*1*cT\OpenWithList]
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*7*5*0\OpenWithList]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Also, I need you to post an uninstall list using hijackthis, as you have some software that needs to be uninstalled.  

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it.  Then copy and paste the log back here.


----------



## CHLIU

Hi, John,

I followed your instruction.
Below are the logs.


1. ComboFix logs 

ComboFix 11-05-19.02 - LIU /05/21 星期六  17:23:06.2.4 - x64
執行位置: c:\users\LIU\Desktop\ComboFix.exe
Command switches used :: c:\users\LIU\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功創造新還原點
.
FILE ::
"c:\windows\system32\DRIVERS\7673332.sys"
"c:\windows\system32\DRIVERS\76733321.sys"
"c:\windows\system32\DRIVERS\76733322.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   (the files have been deleted))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\7673332.sys
c:\windows\system32\DRIVERS\76733321.sys
c:\windows\system32\DRIVERS\76733322.sys
c:\windows\SysWow64\admshare.dat
.
.
(((((((((((((((((((((((((((((((((((((((   驅動/服務   (drives/services))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_76733321
-------\Legacy_76733322
-------\Legacy_setup_9.0.0.722_20.05.2011_08-09drv
-------\Service_76733321
-------\Service_76733322
-------\Service_setup_9.0.0.722_20.05.2011_08-09drv
.
.
(((((((((((((((((((((((((  2011-04-21 至 2011-05-21 的新的檔案  (new files))))))))))))))))))))))))))))))))
.
.
2011-05-21 22:37 . 2011-05-21 22:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-21 22:37 . 2011-05-21 22:37	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-05-21 19:42 . 2011-05-21 19:42	--------	d-----w-	c:\users\LIU\AppData\Local\{9D2432CF-0859-4778-90D7-E6AA5A39A38D}
2011-05-21 08:10 . 2011-05-09 22:00	8718160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D904F49B-B2FA-4D99-A3FB-FDEC11B48E59}\mpengine.dll
2011-05-21 07:41 . 2011-05-21 07:41	--------	d-----w-	c:\users\LIU\AppData\Local\{80BFF129-3416-4F1C-B99C-9DC499E03156}
2011-05-21 06:47 . 2011-05-21 06:47	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-05-21 06:35 . 2011-05-21 06:35	--------	d-----w-	c:\users\LIU\AppData\Roaming\Uniblue
2011-05-21 03:58 . 2011-05-21 03:58	--------	d-----w-	c:\programdata\WindowsSearch
2011-05-21 00:49 . 2011-05-21 00:49	--------	d-----w-	c:\users\LIU\AppData\Roaming\Malwarebytes
2011-05-21 00:49 . 2010-12-20 23:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-21 00:49 . 2011-05-21 00:49	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-21 00:49 . 2011-05-21 00:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-21 00:49 . 2010-12-20 23:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-21 00:44 . 2011-05-21 01:10	--------	d-----w-	c:\program files (x86)\Ask.com
2011-05-20 12:16 . 2011-04-07 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-05-20 12:15 . 2011-03-03 15:59	32256	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-05-20 12:15 . 2011-03-03 15:40	28672	----a-w-	c:\windows\SysWow64\Apphlpdm.dll
2011-05-20 12:15 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-05-20 12:15 . 2011-03-03 14:00	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-20 12:15 . 2011-03-10 17:18	1360384	----a-w-	c:\windows\system32\mfc42u.dll
2011-05-20 12:15 . 2011-03-10 17:18	1398784	----a-w-	c:\windows\system32\mfc42.dll
2011-05-20 12:15 . 2011-03-10 17:03	1162240	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-05-20 12:15 . 2011-03-10 17:03	1136640	----a-w-	c:\windows\SysWow64\mfc42.dll
2011-05-20 12:15 . 2011-03-02 16:12	117760	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-05-20 12:15 . 2009-05-04 10:21	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-05-20 12:15 . 2009-05-04 09:59	25088	----a-w-	c:\windows\SysWow64\dnscacheugc.exe
2011-05-20 10:57 . 2011-05-20 10:57	388096	----a-r-	c:\users\LIU\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-20 10:57 . 2011-05-20 10:57	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-05-20 05:43 . 2011-05-20 05:43	--------	d-----w-	c:\users\LIU\AppData\Roaming\f-secure
2011-05-20 05:42 . 2011-05-20 05:42	--------	d-----w-	C:\$AVG
2011-05-20 05:25 . 2011-05-20 05:25	--------	d-----w-	c:\users\LIU\AppData\Roaming\AVG10
2011-05-20 05:18 . 2011-05-20 05:18	--------	d-----w-	c:\programdata\Common Files
2011-05-20 05:13 . 2011-05-21 02:53	--------	d-----w-	c:\programdata\AVG10
2011-05-20 05:08 . 2011-05-21 08:41	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-05-20 05:06 . 2011-05-20 05:06	--------	d-----w-	c:\program files (x86)\AVG
2011-05-20 04:52 . 2011-05-21 02:49	--------	d-----w-	c:\programdata\MFAData
2011-05-20 04:26 . 2011-05-20 04:26	--------	d-----w-	c:\users\LIU\AppData\Local\PackageAware
2011-05-17 01:38 . 2011-05-17 01:38	--------	d-----w-	c:\program files (x86)\FoxTabFlvPlayer
2011-05-13 21:46 . 2011-05-21 00:56	--------	d-----w-	c:\programdata\Skype Extras
2011-05-13 21:45 . 2011-05-13 21:45	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2011-05-11 22:50 . 2011-05-11 22:50	32	----a-w-	C:\temp.tmp
2011-05-01 17:59 . 2011-05-01 17:59	--------	d-----w-	C:\avrescue
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   (modified files within three months)))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 10:07 . 2010-05-22 04:46	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-03-27 09:31 . 2011-03-27 09:31	42839	----a-w-	c:\windows\SysWow64\mp3.zip
2011-03-21 23:49 . 2011-03-21 23:49	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-03-21 23:49 . 2011-03-21 23:49	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-21 23:49 . 2011-03-21 23:49	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-03-21 23:49 . 2011-03-21 23:49	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-03-21 23:49 . 2011-03-21 23:49	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-03-21 23:49 . 2011-03-21 23:49	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-03-21 23:49 . 2011-03-21 23:49	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-03-21 23:49 . 2011-03-21 23:49	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-03-21 23:49 . 2011-03-21 23:49	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-03-21 23:49 . 2011-03-21 23:49	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-03-21 23:49 . 2011-03-21 23:49	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-03-21 23:49 . 2011-03-21 23:49	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-03-21 23:49 . 2011-03-21 23:49	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-03-21 23:49 . 2011-03-21 23:49	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-03-21 23:49 . 2011-03-21 23:49	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49	222208	----a-w-	c:\windows\system32\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49	12288	----a-w-	c:\windows\system32\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49	114176	----a-w-	c:\windows\system32\admparse.dll
2011-03-21 23:48 . 2011-03-21 23:48	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-03-21 23:48 . 2011-03-21 23:48	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-03-21 23:48 . 2011-03-21 23:48	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-03-21 23:48 . 2011-03-21 23:48	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-03-21 23:48 . 2011-03-21 23:48	448512	----a-w-	c:\windows\system32\html.iec
2011-03-21 23:48 . 2011-03-21 23:48	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-03-21 23:48 . 2011-03-21 23:48	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-03-21 23:48 . 2011-03-21 23:48	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-03-21 23:48 . 2011-03-21 23:48	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-03-21 23:48 . 2011-03-21 23:48	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-03-21 23:48 . 2011-03-21 23:48	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-03-21 23:48 . 2011-03-21 23:48	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-03-21 23:48 . 2011-03-21 23:48	160256	----a-w-	c:\windows\system32\wextract.exe
2011-03-09 11:06 . 2010-06-24 16:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:59 . 2011-05-20 12:15	100352	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-05-20 12:15	331776	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-05-20 12:15	284672	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:40 . 2011-05-20 12:15	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-20 12:15	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-20 12:15	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-20 12:15	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-21_03.21.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-20 12:16 . 2011-02-24 16:37	20864              c:\windows\system32\kdusb.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37	17792              c:\windows\system32\kdcom.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37	18816              c:\windows\system32\kd1394.dll
+ 2011-05-20 12:16 . 2011-02-18 14:16	90624              c:\windows\system32\drivers\bowser.sys
- 2008-06-21 17:57 . 2008-01-18 13:54	90624              c:\windows\system32\drivers\bowser.sys
- 2008-06-20 14:00 . 2011-05-21 02:48	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 14:00 . 2011-05-21 20:59	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 14:00 . 2011-05-21 20:59	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 14:00 . 2011-05-21 02:48	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-20 14:00 . 2011-05-21 20:59	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-20 14:00 . 2011-05-21 02:48	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-10 02:58 . 2011-01-08 09:03	48128              c:\windows\system32\atmlib.dll
+ 2011-05-20 12:17 . 2011-02-16 16:37	48128              c:\windows\system32\atmlib.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	90624              c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\c2e290ea5939ffa8c97df48143ce963f\stdole.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	72192              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\b5060cde905fc2985ea40240302ef790\PresentationFontCache.ni.exe
+ 2011-05-21 09:22 . 2011-05-21 09:22	61952              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\2a8fab25b6260d8c5e473a90e7d27b10\PresentationCFFRasterizer.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	33792              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\d4be04e6290beb4e9d92ada1e95efcd3\Microsoft.WSMan.Runtime.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	32256              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\26da6ec39849c357d0b30c7acf596f75\Microsoft.VisualC.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	62464              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\d0c7254acc5449c40ebb845268abb32f\ehiExtCOM.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	62976              c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\f7b19312ce7a502f6e41b3f92b1108c0\ehExtCOM.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	28672              c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\6493cd4844de8d93bcdc28dcb9c7675c\dfsvc.ni.exe
+ 2011-05-21 09:16 . 2011-05-21 09:16	78848              c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\e22a0825c6807a3387bbb9dcf9b751b4\Accessibility.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\19e65cc6f0b9e1351800b927c5fc84a1\UIAutomationProvider.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\bcef6f53118369be4ca1220016317094\System.Windows.Presentation.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\86a5c7b7ac7ba6b5af26281e8b23c61f\System.Web.DynamicData.Design.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89b58b78f98b2c73ed5467e545347212\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\60c1f7d6f44dbf1bdda4ff4fe625cf65\System.AddIn.Contract.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0c7b2a0925eee0967c30fc4cdf49a837\PresentationFontCache.ni.exe
+ 2011-05-21 08:58 . 2011-05-21 08:58	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c1c77ff2b66cce626dd6746f81bcc80\PresentationCFFRasterizer.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	79872              c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\d0abd01879b714a1b9348c754b91555c\napcrypt.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	17920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a75c2084db4f608227eda8715f5601a4\Microsoft.WSMan.Runtime.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\669d9f05659d54eab4f5a3820916105b\Microsoft.Vsa.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54	15872              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\6c984804de9a0d7de8e7bd5f06ac5b1f\Microsoft.VisualC.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\910cc782cef5b01e5b1e54b7afc78c63\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\85830306e830dcac325690954298ab02\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	57856              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\b9d02f5f6acc6c11170481d9928c48c4\ehiUserXp.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\bbd8ff7eb576e32b912bcbe73b093419\dfsvc.ni.exe
+ 2011-05-21 08:44 . 2011-05-21 08:44	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\565d193dfea32659de5c814de5207abc\Accessibility.ni.dll
- 2011-02-10 16:45 . 2011-01-20 14:57	479744              c:\windows\system32\XpsGdiConverter.dll
+ 2011-05-20 12:17 . 2011-02-22 14:47	479744              c:\windows\system32\XpsGdiConverter.dll
+ 2011-05-20 12:16 . 2011-02-24 16:38	979840              c:\windows\system32\winresume.exe
+ 2006-11-08 12:19 . 2011-05-21 05:22	337606              c:\windows\system32\prfh0404.dat
+ 2006-11-08 12:19 . 2011-05-21 05:22	104554              c:\windows\system32\prfc0404.dat
+ 2006-11-02 12:46 . 2011-05-21 05:22	598702              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-05-21 05:22	104716              c:\windows\system32\perfc009.dat
+ 2011-05-20 12:16 . 2011-03-03 16:02	975872              c:\windows\system32\inetcomm.dll
+ 2011-05-20 12:17 . 2011-02-12 05:38	269824              c:\windows\system32\FXSCOVER.exe
+ 2006-11-02 15:21 . 2011-05-21 05:53	391208              c:\windows\system32\FNTCACHE.DAT
- 2006-11-02 15:21 . 2011-02-10 03:24	391208              c:\windows\system32\FNTCACHE.DAT
- 2010-10-13 20:27 . 2010-09-06 15:33	145920              c:\windows\system32\drivers\srvnet.sys
+ 2011-05-20 12:17 . 2011-02-18 14:17	145920              c:\windows\system32\drivers\srvnet.sys
+ 2011-05-20 12:17 . 2011-02-18 14:17	176128              c:\windows\system32\drivers\srv2.sys
+ 2011-05-20 12:17 . 2011-02-18 14:18	450560              c:\windows\system32\drivers\srv.sys
- 2010-04-14 09:49 . 2010-02-23 11:32	106496              c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-05-20 12:16 . 2011-02-18 14:16	106496              c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-05-20 12:16 . 2011-02-18 14:16	274432              c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-05-20 12:16 . 2011-02-18 14:16	135680              c:\windows\system32\drivers\mrxsmb.sys
- 2010-04-14 09:49 . 2010-02-23 11:32	135680              c:\windows\system32\drivers\mrxsmb.sys
+ 2011-05-20 12:16 . 2011-02-24 16:38	979840              c:\windows\system32\Boot\winresume.exe
+ 2011-05-20 12:17 . 2011-02-16 14:15	367616              c:\windows\system32\atmfd.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	929280              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\80ede06a6dad28ceb92e4badfbdae2c8\System.Security.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17	396288              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\2cade508af9b8d3572d9694cf26e211c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	911872              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\e45ed0a118cb86edd189f932c390ac9b\System.Net.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	782848              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\78968553edfea1de924cb22241c9a14e\System.Messaging.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	534016              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\0bec578c80c5d5f941e47fec552cf72e\System.Management.Instrumentation.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	568832              c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\5fa6651d1f1d35457a81ebe1879c0469\System.IO.Log.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	294400              c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\908ca4b6076b9fbd764f4e144dd6abd9\System.IdentityModel.Selectors.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	446464              c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4e9883ba777b8637d44e75ced9df52c8\System.EnterpriseServices.Wrapper.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42	289280              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\2b21e1449396b5bef01f7fbe2a075761\System.Drawing.Design.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17	650240              c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\f6242f5fa2eb7c5fe03a903d10fe5fbd\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	489472              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a3e84409297322f787323f4ee21af822\System.Data.Services.Design.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	194560              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\4f12ec2bdfe03a09e1ee836cda16b0d6\System.Data.DataSetExtensions.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17	191488              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\fdadb0736d41edfa1566fbd59787c865\System.Configuration.Install.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	132096              c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\b2d736a1207b6d98728ea8bc1f4d0618\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	889856              c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\7f7aff55b617e3acc8b1c0b8b3eeeadc\System.AddIn.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	156672              c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\6c6921a2853a8534d34a0943faf8c515\System.AddIn.Contract.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	297984              c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\c4e8ea6f178a1bf7e1892220f3c6f66a\sysglobl.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	525824              c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6a20a552c6f1bd690ec6ba0f3c2aed11\SMSvcHost.ni.exe
+ 2011-05-21 09:18 . 2011-05-21 09:18	349184              c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\db6d5845b196212f922184319fe2690f\SMDiagnostics.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	438784              c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\a7f57135dab4b027d08f967540a358bb\ServiceModelReg.ni.exe
+ 2011-05-21 07:41 . 2011-05-21 07:41	620544              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\d888d6b14f60299133567c29c31eb3cc\PresentationFramework.Luna.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41	279040              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\d1aaa68a1c87e9be6cd51041304ed4f7\PresentationFramework.Classic.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41	317440              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\81a9420b00dac39197eee5922496597d\PresentationFramework.Royale.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41	463360              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0f052e87b7ee16a6b2fbc0f49604f7bd\PresentationFramework.Aero.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	852992              c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\1d3decedc93894161b950340745beb23\napsnap.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	154112              c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\2109a805f6c59032f33d99264904ee09\napinit.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	177152              c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\fdb67097ee60518a7a8d23911e1daf49\naphlpr.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	126464              c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\08307be731b5f7391c572ac790feee2e\napcrypt.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	184320              c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a98eb080955fbfb2a788cdc32327aaf9\MSBuild.ni.exe
+ 2011-05-21 09:20 . 2011-05-21 09:20	414720              c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\d82ec0dee31a07c6ac47f7fb8c5fa875\MMCFxCommon.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	657920              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\f3a62412ef5f407ba1fe669c60e60c78\Microsoft.WSMan.Management.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	105984              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\56b26f3cf4a90e19eed44441b1f49a5f\Microsoft.Vsa.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	584192              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\3cdda9c10cdc6db1e42fb085ce8d7de6\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	999936              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cc6f792a9169021865a0a1ccebe7e959\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	416768              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\bf5dd66f446ef9d19e88f576af2243f6\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22	713216              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a2637cdd28a97220b40adcbf640b3311\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	224768              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\68d94344418f5e7a0990549903d7d0b7\Microsoft.PowerShell.Security.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	933376              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\704b2ceff574db095bb0f2f3361b53c6\Microsoft.MediaCenter.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	324608              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4efeb3f7f163fcdec6af8198dcbf35a3\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	946688              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1deb09f66840b7610d40899c71b9c656\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	794624              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\daabdf661cf443b268ead1f2fdb57c5b\Microsoft.ManagementConsole.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	373760              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\1f41ec3085193121ca5f0e5fd4a8674e\Microsoft.GroupPolicy.Interop.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	198656              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\a611e70fae7306fdd2a70f074bdeb7c8\Microsoft.Build.Utilities.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	228864              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\7af2da0b9aee709a43281e8c659f5aa9\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	120832              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\dc0577b1a1f37abcbf18ef67202c3d54\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	142336              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\8483fade8695fb4aade0e60f455131aa\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	294912              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\85dae31cde0964355a405014981c635d\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	372224              c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\61233315b557e62c754b0f3089829f37\Mcx2Dvcs.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	372224              c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f52a18d4d8adda63247538c1ced4868a\mcupdate.ni.exe
+ 2011-05-21 09:20 . 2011-05-21 09:20	337920              c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\db9e222fb09a787c0027c20f1b3ed733\mcstoredb.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	893952              c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\129bfda294e27ea00209bc6f2a67603f\mcstore.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	108032              c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\e1fa30a45b44ff3647d29e6f23c0553f\loadmxf.ni.exe
+ 2011-05-21 09:20 . 2011-05-21 09:20	645120              c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\282b9198577d289bc38ed3755c042ccc\EventViewer.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	313856              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\6755e4038419c116d30b4de5d2be8d75\ehiWUapi.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	927232              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\ebe8720510b77a50cab9e7e51213ede0\ehiwmp.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	138752              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\4036778f6edd9f160ac30fad35667e4a\ehiUserXp.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	151040              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\19e100517d541f33e761b39d6da3e591\ehiReplay.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	397824              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\2d55292c7d533b6e1dadbb36f51261e1\ehiExtens.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	368640              c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5561533e485e6c58612de7601f665233\ehExtHost.ni.exe
+ 2011-05-21 09:19 . 2011-05-21 09:19	409600              c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\cdd0e815e96795eb377d588d6476a67f\ehepgdat.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	311296              c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\16b921e21b836561d80b27541a3c441e\ehCIR.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	348672              c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1992a696357466a9a717d6467756cbb7\CustomMarshalers.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	640000              c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\7a62a1dc741fd1630a2b55ecb0af591c\ComSvcConfig.ni.exe
+ 2011-05-21 09:16 . 2011-05-21 09:16	568320              c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\a9ffb7a9120c4ec1657c432339f97b73\BDATunePIA.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d838a6606af8703d1828983e4eaead5\WsatConfig.ni.exe
+ 2011-05-21 09:03 . 2011-05-21 09:03	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7053f38509cd157016b3bfccceb8f37\WindowsFormsIntegration.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\84d367fc31a2a78d9d9806c90336bd6f\UIAutomationTypes.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\2161cd27f6e97c0be6dd8e745603c835\UIAutomationClient.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03	235520              c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\e671425660554ad34cec1b60aed7c008\TaskScheduler.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\a3bd0860a80dc61f232c4f3ca7d9f137\System.Xml.Linq.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\24e503132547ce6fe9bbf412e5447c69\System.Web.Routing.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\0caf396f060dbe01a2587834d6a4d823\System.Web.RegularExpressions.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\55bbb45ae998b33324105c61959a46cb\System.Web.Extensions.Design.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\c1a18b7306693a4e26e7768ad94d7cf7\System.Web.Entity.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\07c1f5cbf076797aeddb04890e737a35\System.Web.Entity.Design.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\cdd4a709bc48f962b98f421d51f013cf\System.Web.DynamicData.ni.dll
+ 2011-05-21 09:00 . 2011-05-21 09:00	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ea67d43fa1402344ea60f72b1e48aa2d\System.Web.Abstractions.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\2e1f77805242e6ba616571580f9aad81\System.Transactions.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ce73262a893af528ab9fde7b033f6da2\System.ServiceProcess.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1be007f7ea5af72f66440d21a786cf2f\System.Security.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4ebc669b482345b1efe452d4e2ee9705\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\45aadcfa5a64d65be508b335cd7a729e\System.Runtime.Remoting.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4e7fd11c9c5410e77f8855e0a8c8292d\System.Net.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	593408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\afeea6beb2d67a6e0c1aed0376e69777\System.Messaging.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6abb8798383d6fc844c467df6c6eeeeb\System.Management.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\c3dc94dfbced37c9b1ce840e8eac4a04\System.Management.Instrumentation.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\9d6f502b0c29e25d0986d1b2da79634f\System.IO.Log.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\15dae896a0a67f955349d09eb3812702\System.IdentityModel.Selectors.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34c839b0fd9f085105dc2c0a1219d02d\System.EnterpriseServices.Wrapper.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34c839b0fd9f085105dc2c0a1219d02d\System.EnterpriseServices.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5dd2fa1f99b0570b7e8397adfa0e9e9a\System.Drawing.Design.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c37ae529e62c0374f8461754405c969e\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6beade2268ecf5e850c02502abe53cb8\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\db1e876ccd04cccd17dfcb22f8d0ebb2\System.Data.Services.Design.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\01cbc556eb008d89eed4a1b62a124184\System.Data.Services.Client.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\af472410b03f93c6606e92f862f39c8f\System.Data.Entity.Design.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\09a454a771ca774f81fbf31227e78c31\System.Data.DataSetExtensions.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\886c8bd1f835e78b659b71aeed3ed15a\System.Configuration.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\819da2483c5c1a292618a58247a5194a\System.Configuration.Install.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\12ba53baab1f1dfb681844e367a1a07f\System.AddIn.ni.dll
+ 2011-05-21 09:00 . 2011-05-21 09:00	232448              c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\4e275b57357ccbae6a79720f0f8f0465\sysglobl.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\04a480b777f819e8ec461f6dc97f38c1\SMSvcHost.ni.exe
+ 2011-05-21 08:56 . 2011-05-21 08:56	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\c0863c5df248b7e336227922615628a1\SMDiagnostics.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\cc40d1c026a087c5aa12b022bcdd3e60\ServiceModelReg.ni.exe
+ 2011-05-21 07:45 . 2011-05-21 07:45	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae27ef98a34b890d92982d623fc38360\PresentationFramework.Royale.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8523057f6790305f4968da89e3f64be4\PresentationFramework.Classic.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0dac60e34d8e1b520fa8ebcb4acc85ae\PresentationFramework.Luna.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\075f1bb73b4bf872524a17609c081c5d\PresentationFramework.Aero.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	724992              c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\5dfa0316e606b6e0ec0b59372da88665\napsnap.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	110080              c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\a902add323ae7c602e0391c1ef19b3a2\napinit.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	115712              c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\da3a5511db63187e419a50fbba6eb754\naphlpr.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\76537ee945701f8089ceb4bbbf391502\MSBuild.ni.exe
+ 2011-05-21 08:56 . 2011-05-21 08:56	285184              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\e1c03e3d9ff974cbfe383801dc9522f2\MMCFxCommon.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	508928              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\54d545a0eb41c5e042e4b2a1d8204735\Microsoft.WSMan.Management.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c59ae82e5eff22ec8b9c4c0f5a8a4ddc\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	737792              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b2fb01f1c7aeff57e27b61ba33207bf2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	291328              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\aa8c7e19dd9c6bcd4cf6b62feea91650\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	515584              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a6a0e3c14be16f49cd4cd10056c1ec4b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	729600              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7984fe494d472b6a71796f9736ca9119\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	156160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0960fac77346669592b7d0ef69bef180\Microsoft.PowerShell.Security.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	593408              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4afd6f23c8a742baab1e635b4f1fe57a\Microsoft.MediaCenter.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	558592              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\96846be15be8de0531330213d3c3c806\Microsoft.ManagementConsole.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	264704              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\5fef005cfc3954b33cff1894d0191b07\Microsoft.GroupPolicy.Interop.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bd76a907390f1d9e74aff4fbf9dd4748\Microsoft.Build.Utilities.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	160768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7216a1dcf1f8a3e8779c2148ccad0b13\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	888320              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6a9a6c9107cd8773d0f38600b0a227b2\Microsoft.Build.Engine.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\062f44f096bc84f442e9a5317e3cd2e1\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	543744              c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\3f823badb65f0aad02e9dc613a97f290\EventViewer.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	160768              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\59c9fe037c933de1fee660faf21f903b\ehiExtens.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	243200              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\8a51215b253c185a317c68c6c65205e8\ehExtHost32.ni.exe
+ 2011-05-21 08:56 . 2011-05-21 08:56	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5e4551c1842d1006848b51cf72272795\CustomMarshalers.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\93b8ffc620ba0822f1dcbc97cfd25111\ComSvcConfig.ni.exe
- 2011-02-10 16:45 . 2011-01-20 15:01	1653760              c:\windows\system32\XpsPrint.dll
+ 2011-05-20 12:16 . 2011-03-12 22:52	1653760              c:\windows\system32\XpsPrint.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37	1063296              c:\windows\system32\winload.exe
+ 2011-05-20 12:16 . 2011-03-03 13:46	2762240              c:\windows\system32\win32k.sys
+ 2011-05-20 12:17 . 2011-02-22 13:53	1149440              c:\windows\system32\FntCache.dll
- 2011-02-10 16:45 . 2011-01-20 14:02	1555968              c:\windows\system32\DWrite.dll
+ 2011-05-20 12:17 . 2011-02-22 13:53	1555968              c:\windows\system32\DWrite.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37	1063296              c:\windows\system32\Boot\winload.exe


----------



## CHLIU

ComboFix log-continuing:

+ 2011-05-21 09:18 . 2011-05-21 09:18	3072512              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\243b56e7c39b5943590fe69710472404\System.Runtime.Serialization.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17	1022464              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1cca4208510b6fd2aa300a4755e68831\System.Runtime.Remoting.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	1453056              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b5da1b5fd3d79bc14c215e8860aa9dfb\System.Printing.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	1408000              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2123039cd5539f5b2984bb4da33da9ab\System.Management.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	1428992              c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\65bf783991dd45d82878673ab3d455e5\System.IdentityModel.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	1081344              c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4e9883ba777b8637d44e75ced9df52c8\System.EnterpriseServices.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42	2312704              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\289446d900797ee0f4fe6eb2734ced7f\System.Drawing.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	1219584              c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\f3ec314f8b284b153e81bd2719f0aebf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	1639936              c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\7cffeefbc1e2205464ef060b88356de6\System.DirectoryServices.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17	2433024              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\78f031e35cf064d50947eab21f6b9742\System.Deployment.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42	8617984              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\13419672da708e1bcc25f3002d533704\System.Data.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	3461632              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\3ac565b01079a593f00831c12b4e9c34\System.Data.SqlXml.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	1845248              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\b86b617d9f71ba88601d927904d0b14b\System.Data.Services.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	1277440              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\7d507e27d86371d792d9f7a3dece8d46\System.Data.Services.Client.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17	1512448              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\943ec86d4573de347624f5d2cf60692f\System.Data.OracleClient.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42	3480576              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\87ad08f598ab2b653e1be78bd64375ba\System.Data.Linq.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	1078272              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\359205ca87c95468c7211c8db1aa8fa0\System.Data.Entity.Design.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41	3312128              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\e98de035aeb2f5ca054d333ff466ef94\System.Core.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	1308160              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\861eb580850b91413580bfcd86f4f2ac\System.Configuration.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	3101184              c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\d5a8a936cb28dc964cb5f2607a3e5872\ReachFramework.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22	2109440              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\aa2e7028a9e2f5c332625ed09e9843cd\PresentationUI.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24	1882112              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\ad0c62f2a611a5987774258a2fa289a9\PresentationBuildTasks.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	3482112              c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\e2d2332dcf597c2e0a5b078f60b8ac26\Narrator.ni.exe
+ 2011-05-21 09:23 . 2011-05-21 09:23	2314240              c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\5c6cdfa9c9c9f8924692dfa14292060f\MMCEx.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	7836672              c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\2df1dcaabbf8ba1220ab044f48ad5b46\MIGUIControls.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	2173952              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\b9646bb53c420d17b131729246054341\Microsoft.VisualBasic.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	1598976              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b835020d0724da54dbc6cfd50568fe20\Microsoft.Transactions.Bridge.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23	2104832              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\e9f582a0f0d6c7f2e3658fc894e58011\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22	2101248              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a9639b5b560d6efbc8bcfbe3596bc918\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22	5346816              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6c162c4a7ab1cf98be95d89ea188dc1e\Microsoft.PowerShell.Editor.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22	1081856              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\55897ef082a9339abb9c75d6783acefa\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	7721472              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c00392f5ff3bba222562442153242b15\Microsoft.MediaCenter.UI.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	3208704              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\cc02d8ce8646e7e8177796ab78bb260e\Microsoft.JScript.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	2357248              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\cd6a7a8a0f3ebeb2dd4d74114c45c12a\Microsoft.Ink.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	2592768              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\83c6649bbb61620f6cf1fd48933d0b1e\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	2217984              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\eb6f1771c3c84c26ab78a2c2e57f51cd\Microsoft.Build.Tasks.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	2575872              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\7f0aadc37b5d22ce313c744403ceb72a\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16	2433024              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\d1b67cf47083dd2ae5da934d8a70aeea\Microsoft.Build.Engine.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21	1188352              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\40af195f2850dbc88177f33595c62ec6\Microsoft.Build.Engine.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	2413056              c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\e18fbea17fc779a808255ad4d57cfd48\ehRecObj.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	2002432              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\cb262a5805dbe95cd4e3903068f900b1\ehiVidCtl.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	2885120              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0286181616ffd631403fcc6d7ad196e6\ehiProxy.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	1039872              c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\9d1a59e841dae8e32520a50798d7e5ba\ehiPlay.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19	3039232              c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\915ab39cf92b4a66ebc7ac8cc200c0db\ehepg.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	3325952              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b713b41679bdcb5a6cc0487bb4ceb9f0\WindowsBase.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f622c994edcea757d2a416e3cd2b1b13\UIAutomationClientsideProviders.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\45f10e36f25d92dd808caab75e45b8ae\System.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\653b1be0c33cfade02fb0a61f135e488\System.Xml.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03	1316864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\87634062d0ca86ffdf63f450f2c7e8b4\System.WorkflowServices.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	1911296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5ed98761e1ae9b1932db90949464d098\System.Workflow.Runtime.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ce06af33a044d2d1681a34d5056ff763\System.Workflow.ComponentModel.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\e0e96f32122b8826da6ab1d99ab67d6f\System.Workflow.Activities.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1113c8ce01a5bc82bfde60e7bf4adcf1\System.Web.Services.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d6a0cba36faf63040b55838c1c9287c0\System.Web.Mobile.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01	2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c9ca6d6a1a01e1f71875003eac19cea5\System.Web.Extensions.ni.dll
+ 2011-05-21 09:00 . 2011-05-21 09:00	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\38c4b6858ec921d52207a2a822e79061\System.Speech.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	1651200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5bace67488cbc31ef0a69e52fb719daa\System.ServiceModel.Web.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	2346496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ed2e2a6aefaad58224bcd97060507a3d\System.Runtime.Serialization.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0bce6b10c60fff3fea9ccc63f374da69\System.Printing.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	8365056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\18d8770b19c50f3011b7eba109b4ab6c\System.Management.Automation.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1403b6ce8f9b41a446e2954dd64f1388\System.IdentityModel.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d5100c24f083084e1d2556839904e987\System.Drawing.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2e0959aca71bd161b5834cfbdbc8a3c7\System.DirectoryServices.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\af9926fcbda1e5916461b5198cf0d325\System.Deployment.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	6621696              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\e1053db6ce65cc97268fc79cc380f0c1\System.Data.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\8c45d91a54a9f4185d485f2bea2cfd72\System.Data.SqlXml.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\d1094d10091f97519fc1701b9a5213bb\System.Data.Services.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54	1119232              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\694dd53ab2f684d99bfce62e2f8f0e98\System.Data.OracleClient.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\694dce206b8abfa3dd1f87a840f85e29\System.Data.Linq.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\5793f0c3b4bbabda54333af06d605100\System.Data.Entity.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ef9ef14bd5c8ff03d334178113fa6234\System.Core.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	2146816              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9045fdb5e131b1d7855d79c399e43ce2\ReachFramework.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf1cf263c7046fac6780d65b8f5f3068\PresentationUI.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7a7fdac28dd989c0d75f9c5471fb9842\PresentationBuildTasks.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	2538496              c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\c6cb0f0b8bc1db65ceb69a630fe1e40d\Narrator.ni.exe
+ 2011-05-21 08:58 . 2011-05-21 08:58	1536512              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b987222d6af55dab31ec15ec51c77241\MMCEx.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	6340096              c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\995eb5db2b78e7a0652a892544cd3565\MIGUIControls.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	1711616              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9140c0829b03183f35f543966edc1841\Microsoft.VisualBasic.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4b9dc838670ddf626e49c7b6d8a43ce5\Microsoft.Transactions.Bridge.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	1609728              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ec3785c2c0df50169845ea06c6d7925c\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	3722752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\353f55b42ed20782a768f4029b65fb30\Microsoft.PowerShell.Editor.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58	1704448              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\14ae3de9995d5836a8487782215ad4d6\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	5486080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\83cd6f48442d319627dfd2035ab73215\Microsoft.MediaCenter.UI.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7229b571999ffda51219230f12afcbbe\Microsoft.JScript.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\a753258f9e80a80a3556504a62deac23\Microsoft.Ink.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57	2088448              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\6b35e3f4e68ab511d1b05c31f41c019d\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	1873408              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\dce42b99f5536090bfa08b9045ce7755\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5ac955488c1e60518303ce09df1ceff6\Microsoft.Build.Tasks.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44	1778176              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e6f39eaf4471a8d7a734c1ba0b4b8a88\Microsoft.Build.Engine.ni.dll
+ 2011-05-20 12:17 . 2010-10-29 10:52	4567040              c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-08-12 21:41 . 2010-05-21 10:58	4567040              c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-05-20 12:17 . 2010-10-29 10:53	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-08-12 21:41 . 2010-05-21 10:56	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-11-02 12:35 . 2011-04-29 16:54	44548040              c:\windows\system32\mrt.exe
+ 2011-05-21 07:40 . 2011-05-21 07:40	10596864              c:\windows\assembly\NativeImages_v2.0.50727_64\System\9508d69bb9b3139fa24a0738aa384a3b\System.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18	23813632              c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\98fc0c0a263298100c930018723d58ae\System.ServiceModel.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22	11254784              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\97e84ca0e8c1a7eabe8802421bb7fdc9\System.Management.Automation.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42	13718528              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\fe9ff8d2ba50a4c199ef0d838db9dbef\System.Design.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25	13758976              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\5591fcd02c812cf204e8c37dccc9adb8\System.Data.Entity.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41	19176960              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c4b2384feac37251c3d3547e29bc41cd\PresentationFramework.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41	16513536              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\eecc6daa4530c8217c8286b4168bfe57\PresentationCore.ni.dll
+ 2011-05-21 07:39 . 2011-05-21 07:39	15564800              c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88bac13525e6fbcbd5764b3706d64e82\mscorlib.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20	15825920              c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\f515e3512aede720d1c9749eceb12382\ehshell.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2bc8bc432d91919ea0bbb2b803a4b6af\System.Windows.Forms.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:54	11804672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b49ce1a910673d3e96965817e5c0535c\System.Web.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55	17404416              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\9fcd0c2cb56e8317633a8c11e2fbe2c8\System.ServiceModel.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8269de7b5d0f6f37cb5349088db5fc2d\System.Design.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	14328832              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6508f77b1fb9d5161f11a14d46a7957b\PresentationFramework.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45	12216832              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\267585069dce3fd61bd67943953a6d04\PresentationCore.ni.dll
+ 2011-05-21 07:44 . 2011-05-21 07:44	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b2a5854682691830b9f62ec351c8b54e\mscorlib.ni.dll
.
-- 快照技術重新設置 --
.
(((((((((((((((((((((((((((((((((((((   重要登入點   (critical/important login points)))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17	1487240	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TopmostClock"="c:\program files (x86)\Topmost Clock\TopMostClock.exe" [2002-09-07 540672]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]
"PPS Accelerator"="c:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 49152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-16 126976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\LIU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_20.05.2011_08-09.lnk - c:\users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe [2011-5-20 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 GPU-Z;GPU-Z;c:\users\LIU\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
 ‘計劃任務’ 文件夾 裡的內容
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF8964.cfxxe" [X]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: UseFlashGet - d:\downloads\FlashGet\ComDlls\Bholink.htm
IE: UseFlashGetDownloadAllLink - d:\downloads\FlashGet\ComDlls\Bhoall.htm
IE: 使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bholink.htm
IE: 使用迅雷下載全部連結 - c:\program files (x86)\Thunder Network\Thunder\Program\getallurl.htm
IE: 全部使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bhoall.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: 妏蚚WEB捃濘狟婥 - c:\program files (x86)\Thunder Network\WebThunder\GetUrl.htm
IE: 妏蚚WEB捃濘狟婥窒蟈諉 - c:\program files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
IE: 轉換為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換連結目標到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換連結目標為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換選定的連結到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: 轉換選定的連結為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: 轉換選擇內容到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換選擇內容為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 附加至現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0062C9BD-B349-40DE-91A0-755F37ACD559}
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE: {{95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58
IE: {{95B3F550-91C4-4627-BCC4-521288C52979} - c:\program files (x86)\PPLive\PPVA\PPLiveVA.exe
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: ecpa.cpa.gov.tw
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: webscache.com
Trusted Zone: gogobox.com.tw
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
FF - ProfilePath - c:\users\LIU\AppData\Roaming\Mozilla\Firefox\Profiles\cd323wjo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd5f95d&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=zh-TW&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*1*_*b*y*_*灼\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*5*
0\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比！除了執行速度快、穩定且容易使用之外，它還內建防護機制，讓您安心瀏覽網頁，無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ 其他運行進程 (other in process)------------------------
.
c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
c:\program files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
完成時間: 2011-05-21  17:53:47 - 電腦已重新啟動 (the computer has been restarted)
ComboFix-quarantined-files.txt  2011-05-21 22:53
ComboFix2.txt  2011-05-21 03:24
.
Pre-Run: 2,791,911,424 位元組可用
Post-Run: 2,399,875,072 位元組可用
.
- - End Of File - - 24A9A4B9F9323A0A0CDD23DDBA4CBC09


Uninstall List:

 Update for Microsoft Office 2007 (KB2508958)
「Google 地球」
Acronis?Disk Director Suite
ActivePerl 5.8.8 Build 822
Adobe Acrobat 8.2.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3 - Chinese Traditional
Adobe Shockwave Player 11.5
AI Suite
Alipay security plugin 1.3.0.2
Apple Application Support
Apple Software Update
Ask Toolbar
ASUS Gamer OSD
ASUS Smart Doctor
ASUS VideoSecurity Online
Avira AntiVir Personal - Free Antivirus
Catalyst Control Center - Branding
cwtex-basic
D3DX10
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DjVu Solo 3.1
EVEREST Ultimate Edition v4.20
FoxTab FLV Player (remove only)
GAMS Distribution 23.2
GOGOBOX
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential
HP Product Assistant
HP Update
HPSSupply
iPhone Configuration Utility
Java(TM) 6 Update 25
Junk Mail filter update
K-Lite Codec Pack 6.8.0 (Full)
MacX DVD Ripper Pro For Windows 6.0.2
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help 更新程式 (KB963678)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Powerpoint 2007 Help 更新程式 (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word 2007 Help 更新程式 (KB963665)
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MiKTeX 2.5
MiKTeX 2.7
Mozilla Firefox 4.0.1 (x86 zh-TW)
MSI Afterburner 1.5.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NXPlayer 壹電視播放軟體(測試版)
Open PCMan Combo 2007
PPreview
PPStream V2.7.0.1246 Final
PPS蚔牁 V1.0.1.298
Pronunciation Power 2
QuickTime
QuickTime Alternative 1.47
REvolution  3.2 Win32
Safari
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype Toolbars
Skype? 5.3
Smart Defrag
SopCast 2.0.4
SoundMAX
Stata 10
The Weather Channel Desktop 6
The Weather Channel Screensaver
The Weather Channel Toolbar
Topmost Clock
Total Commander (Remove or Repair)
TVUPlayer 2.5.3.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Outlook 2007 Junk Email Filter (KB2536413)
USB PC Camera-168
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.17
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 程式集
Windows Media Player Firefox Plugin
WinEdt
WinRATS Pro 7.00
XviD MPEG-4 Video Codec
快車(FlashGet)2.0-繁體中文
嘸蝦米多國語言版 6.0版


----------



## johnb35

I'm not familiar with a lot of the software you have installed.  If you don't use it or its not genuine software(pirated) please uninstall it.  

Adobe 8 is outdated software and if not used please uninstall it.  I notice its the professional version so if you didn't get it illegally then you had to pay for it.  It has security risks with it being outdated software.

However, please uninstall the following programs.

Ask Toolbar
Search Toolbar

GOGOBOX

If I'm not mistaken gogobox is p2p file sharing software and is used to download illegal software, music, movies.  You may have been infected by using this software.  

After uninstalling the software please rerun hijackthis and place checks next to the following entries.

O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466 .dll (file missing)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)

Then click on fix checked.  You should never have anything in your trusted zone as its the quickest way to get infected these days.


----------



## CHLIU

johnb35 said:


> I'm not familiar with a lot of the software you have installed.  If you don't use it or its not genuine software(pirated) please uninstall it.
> 
> Adobe 8 is outdated software and if not used please uninstall it.  I notice its the professional version so if you didn't get it illegally then you had to pay for it.  It has security risks with it being outdated software.
> 
> However, please uninstall the following programs.
> 
> Ask Toolbar
> Search Toolbar
> 
> GOGOBOX
> 
> If I'm not mistaken gogobox is p2p file sharing software and is used to download illegal software, music, movies.  You may have been infected by using this software.
> 
> After uninstalling the software please rerun hijackthis and place checks next to the following entries.
> 
> O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
> O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
> O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466 .dll (file missing)
> O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
> O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
> O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
> O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
> O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
> O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
> O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
> O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
> O15 - Trusted Zone: http://*.alipay.com
> O15 - Trusted Zone: http://*.alisoft.com
> O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
> O15 - Trusted Zone: http://*.pps.tv
> O15 - Trusted Zone: http://*.ppstream.com
> O15 - Trusted Zone: http://*.taobao.com
> O15 - Trusted Zone: http://*.webscache.com
> O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
> O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
> O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
> O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
> O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
> O15 - Trusted Zone: http://video_1.qq.com (HKLM)
> O15 - ESC Trusted Zone: http://*.update.microsoft.com
> O15 - ESC Trusted Zone: http://*.pps.tv
> O15 - ESC Trusted Zone: http://*.ppstream.com
> O15 - ESC Trusted Zone: http://*.webscache.com
> O18 - Protocol: KuGoo - (no CLSID) - (no file)
> O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
> 
> Then click on fix checked.  You should never have anything in your trusted zone as its the quickest way to get infected these days.



Thank you, John. I have removed lots of programs that I seldom used them, and have checked what you have suggested.
I do not know how make sure my computer right now is in good condition, but it seems to work well now.


----------

