Windows Diagnostic infection - Program Files shortcut problem

Exodyne · May 8, 2011

Hi all, I recently came across an infection (Windows Diagnostic) on my computer but with the help of the below thread I was able to remove it, and to my knowledge it should be completely removed from my computer. The problem was similar though not exactly the same as I just received the 'Hard Drive Failure' notice and nothing else.

http://www.computerforum.com/193048-my-hdd-failing-we-speak-urgent-help-required.html

I've also read that the infection causes some files on the computer to become hidden and this is where I'm having problems in returning my computer to its previous state. Below are methods I used to unhide my files and my current problem.

Methods attempted to unhide files:

Used the unhide.exe located at the site below, as well as the one posted in the aforementioned thread. This managed to retrieve some of my files.
http://www.pcrisk.com/removal-guides/6061-windows-diagnostic-removal
Went into folder options and selected 'Show hidden files and folders'. This did nothing I believe.
Typed 'attrib C: *.* /d /s -h' into the command prompt. This resulted in a lot of 'access denied' statements.

Current Problem:
When I go Start > All Programs, all the folders are all there but when I open them they display nothing. I can still access the programs if I open an associated file (ie. Opening a Microsoft Word document).

I was able to locate the program on my computer (C:\Program Files\Microsoft Office\Office12) which means the files aren't hidden but shortcuts are? I should be able to recreate a shortcut in 'All Programs', but doing this with all the programs I have will be difficult. Is there any other way to restore all the folders to display their respective files?

Also, the icons I had in the 'quick launch' toolbar and at least one of my shortcuts on the desktop are also missing, but these are minor problems compared to the above.

I was going to post this in the other thread however I'm not sure the problem is entirely related. Please move my post to the other thread if necessary.

Thank you.

JHM · May 8, 2011

This sounds very much like the "Windows Recovery" virus that Gloria got on her machine. Get Johnb35's advice, but I think you are going to have to run "Combofix" to sort out most of your problems. See the thread on the "Windows Recovery Virus" in this section. I posted pictures of a lot of the stuff I encountered cleaning it up. Will also post pictures of what you can do to make hidden files visible, (for WinXP - your system might vary a bit), though it is only a partial fix. i.e. it doesn't repair the problem, just circumvents it to some extent.

1) Click on "Tools" up at the top left of your open folder.

2) From the drop down menu select "Folder Options"

3) When the "Folder Options" window opens, click on "View".

4) When the "View" window opens :
a) Select "Show hidden files and folders"
b) Uncheck the checkbox for "Hide protected operating system fiules (Recommended)"

johnb35 · May 8, 2011

This group of malware that hides icons has turned into the most common one out there right now I believe. What procedures did you use to clean your infections? I would need to see logs of malwarebytes and hijackthis. Also would need you to run combofix if you haven't already done so. Here are the the links to the programs.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

http://www.bleepingcomputer.com/download/anti-virus/combofix
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

Exodyne · May 8, 2011

First I attempted to run Malwarebytes but it wouldn't begin scanning, so I downloaded Rkill.exe that you provided before I was able to make a scan. It found several infections and I removed them. I also tried running HiJackThis prior to using Rkill.exe but it also ended up freezing, and after Rkill.exe it ended up closing/removing the program by itself. I did not attempt to run it again afterwards. I also did an AVG scan this morning and found 2 viruses and removed them.

Malwarebytes log (at time of infection)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6526

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/05/2011 2:00:44 AM
mbam-log-2011-05-08 (02-00-44).txt

Scan type: Quick scan
Objects scanned: 183307
Time elapsed: 1 hour(s), 9 minute(s), 20 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
c:\programdata\nuhverxdmtu.exe (Trojan.FakeAlert) -> 5004 -> Unloaded process successfully.
c:\programdata\41737976.exe (Trojan.FakeAlert) -> 4600 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NuHveRXdmtu (Trojan.FakeAlert) -> Value: NuHveRXdmtu -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\Exodyne\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\nuhverxdmtu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\41737976.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\96368D1.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Local\Temp\-213E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Local\Temp\1363E8.tmp (Trojan.Agent) -> Delete on reboot.
c:\Users\Exodyne\AppData\Local\Temp\tmp61EE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Local\Temp\tmp982.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Exodyne\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Exodyne\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Malwarebytes log (current)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6526

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/05/2011 11:42:59 PM
mbam-log-2011-05-08 (23-42-59).txt

Scan type: Quick scan
Objects scanned: 183070
Time elapsed: 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HiJackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:05 PM, on 8/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Exodyne\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13189 bytes

ComboFix log

ComboFix 11-05-07.02 - Exodyne 09/05/2011 0:31.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.903 [GMT 10:00]
Running from: c:\users\Exodyne\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Exodyne\AppData\Local\TempDIR
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 14:51 . 2011-05-08 14:52 -------- d-----w- c:\users\Exodyne\AppData\Local\temp
2011-05-08 14:51 . 2011-05-08 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 13:51 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-08 13:51 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-08 13:51 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-08 13:51 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-08 13:51 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-08 13:51 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-08 13:50 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-08 13:50 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-08 13:49 . 2011-05-08 13:49 -------- d-----w- c:\programdata\AVAST Software
2011-05-08 13:49 . 2011-05-08 13:49 -------- d-----w- c:\program files\AVAST Software
2011-05-07 15:14 . 2010-07-16 04:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-07 15:14 . 2010-07-16 04:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-07 15:13 . 2011-01-16 23:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-07 15:13 . 2010-12-15 22:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-05-07 15:13 . 2010-12-10 06:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-07 15:13 . 2010-12-10 03:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-07 15:12 . 2010-12-15 22:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-07 15:10 . 2011-05-07 15:12 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-07 15:10 . 2011-05-07 15:12 -------- d-----w- c:\programdata\PC Tools
2011-05-07 15:10 . 2011-05-07 17:53 -------- d-----w- c:\program files\PC Tools Security
2011-05-07 15:10 . 2011-05-07 15:10 -------- d-----w- c:\users\Exodyne\AppData\Roaming\PC Tools
2011-04-26 04:55 . 2011-03-03 12:09 2336384 ----a-w- c:\windows\system32\BootMan.exe
2011-04-26 04:55 . 2010-07-14 22:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-04-26 04:55 . 2010-07-14 22:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-04-26 04:55 . 2010-07-14 22:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2011-04-26 04:55 . 2010-07-14 22:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-04-26 04:55 . 2011-04-26 04:55 -------- d-----w- c:\program files\******
2011-04-26 04:19 . 2011-04-26 05:11 -------- d-----w- c:\users\Exodyne\AppData\Local\WBFSManager
2011-04-26 04:15 . 2011-05-07 17:39 -------- d-----w- c:\program files\WBFS
2011-04-23 01:29 . 2011-04-23 01:29 -------- d-----w- c:\program files\iPod
2011-04-23 01:29 . 2011-04-23 01:30 -------- d-----w- c:\program files\iTunes
2011-04-23 01:23 . 2011-04-23 01:23 -------- d-----w- c:\program files\Bonjour
2011-04-19 04:17 . 2011-04-23 15:51 -------- d-----w- c:\users\Exodyne\AppData\Local\Ocster Backup
2011-04-19 04:17 . 2011-04-23 15:51 -------- d-----w- c:\programdata\sysnfxo
2011-04-19 04:17 . 2011-04-19 04:17 -------- d-----w- c:\users\_ocster_backup_
2011-04-19 04:16 . 2011-04-19 04:16 -------- d-----w- c:\programdata\Ocster Backup
2011-04-13 06:36 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 06:36 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 06:36 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 06:36 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 06:36 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 06:36 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 06:36 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-11 06:49 . 2011-04-11 06:50 -------- d-----w- C:\OMF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-02-18 05:36 . 2011-02-18 05:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 05:36 . 2011-02-18 05:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-19 10:08 . 2009-11-19 10:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-19 10:08 . 2009-11-19 10:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
2010-02-25 04:48 . 2010-02-25 04:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2009-12-31 00:53 2349080 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-25 30192]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-07 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-22 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-14 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-14 8456]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-25 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-28 3407292]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 16472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Brofsxrtapdd;Brofsxrtapdd; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 13:43]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 13:43]
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{052D881E-1F75-46A6-BDBF-90AFA7BD8EA0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Exodyne\AppData\Roaming\Mozilla\Firefox\Profiles\8f828cuo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Read It Later: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: ALOT Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 00:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2402920769-3105643166-1956800451-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,d3,a9,14,c3,cf,85,48,cc,ae,cd,ea,a8,96,b4,cc,a4,ff,cb,90,1e,
fc,05,a3,91,a2,10,3b,f6,43,53,0a,aa,7f,b6,8d,18,9a,ee,8d,e4,0a,5e,f9,e4,db,\
"rkeysecu"=hex:32,b9,83,f5,60,48,c5,a3,34,71,9d,63,61,e7,82,1b
.
[HKEY_USERS\S-1-5-21-2402920769-3105643166-1956800451-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):18,dd,c1,9c,45,cd,24,67,40,63,2f,37,4c,9a,e6,b9,e6,99,80,5c,13,
e9,55,86,ef,29,2a,50,7d,47,56,c8,3f,3c,67,6c,64,bb,5e,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2402920769-3105643166-1956800451-1000_Classes\CLSID\{cbf58ea1-3f09-428f-a2a0-ebc2078bdb12}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000143
"Therad"=dword:00000020
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4216)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-05-09 01:00:59
ComboFix-quarantined-files.txt 2011-05-08 15:00
.
Pre-Run: 14,069,456,896 bytes free
Post-Run: 15,987,560,448 bytes free
.
- - End Of File - - E02C48ADFDBF17E5B34E9F0E1B65F773

Not sure if it matters but I installed Avast and uninstalled AVG in between the HiJackThis scan and ComboFix scan. ComboFix was unable to run whilst AVG was running, and there was no way to close AVG even from the task manager so only option was to uninstall. I thought I'd mention it just in case.

johnb35 · May 8, 2011

Yeah, combofix can't run with avg installed unfortunately, thats one of the reasons why I don't recommend AVG anymore. Did you run the avg removal tool?

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

Do you have the vista install cd? You can always try repairing the operating system. Or something I really don't recommend is to do a system restore back prior to being infected and then rescan your system.

Exodyne · May 8, 2011

I uninstalled AVG via 'Program & Features' on the Control Panel and it seems to have uninstalled without problems. Should I run the avg removal tool as well?

Unfortunately I was never given a vista install cd when I bought my laptop, so I don't have one I'm afraid. I even remember asking them directly for it but they said they didn't have it.

Would a system restore affect the computer negatively? Or is there a specific reason why you wouldn't recommend it?

johnb35 · May 8, 2011

AVG doesn't usually uninstall cleanly. Using the removal tool is always recommended. Well sometimes doing a system restore back prior to being infected may cause you to still be infected as malware will hide in system restore files. But sometimes its the only option for some people. If you do decide to do the system restore then I would go back a week prior to being infected and then rerun malwarebytes and your antivirus program. If everything seems to be working correctly then you should delete all restore points and create a fresh one at that time.

Exodyne · May 8, 2011

I ran the AVG removal tool. Thanks for the link.

Is that the only option left me? It sounds like I should avoid it if possible so I'd like to try any other options beforehand.

Does a system restore remove saved files/bookmarked sites/etc. made during that week as well? I've never used the system restore before so I'm unaware of what exactly happens or even how to go about it.

johnb35 · May 8, 2011

It doesn't touch any saved documents or programs only windows files/registry. If the unhide program didn't work maybe you can just reinstall the programs that aren't working correctly and recreate the shortcuts.

Exodyne · May 8, 2011

I think all the programs (based on the ones I've tried so far) are working properly and the unhide program did work to some extent. Right now it's not a problem of hidden files as it is just missing shortcuts that were linked to the previously hidden files. I guess I'll attempt to just recreate all the shortcuts for the time being and then try a system restore later on if a problem occurs.

Thanks for all the help John (assuming that's your name, haha) . I really appreciate it.

Timgringo · May 13, 2011

Same problem 4173796.exe

The exact same thing has happened to me. I have McAffee running on my Vista PC wish identified the virus exactly as mentioned earlier, with the 41737976.exe.

It has elevated my CPU temperature to 83 degrees, loses 1/3 of my hard disk and activates four instances of the attrib.exe processes and other bad stuff.

I too am not sure where this comes from and how to get rid of it. I desperately need help.

johnb35 · May 13, 2011

Timgringo said:
The exact same thing has happened to me. I have McAffee running on my Vista PC wish identified the virus exactly as mentioned earlier, with the 41737976.exe.

It has elevated my CPU temperature to 83 degrees, loses 1/3 of my hard disk and activates four instances of the attrib.exe processes and other bad stuff.

I too am not sure where this comes from and how to get rid of it. I desperately need help.

Please do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

Timgringo · May 14, 2011

It works (apparently)

I installed malwarebytes, did a quick scan. It immediately identified the trojan "FakeAlert!qrb" (Question: what hacker would deliberately name his program "Fake Alert????!!!!) I then deleted it and it seems that all is running normally except for the fact, it hid many of my files. I just need to go in and manually unhide them I guess.

Is there anything else I should be doing?

Regardless, thanks. Your advice really helped.

Timgringo

johnb35 · May 14, 2011

Please download and run Unhide.exe, this should restore most of your hidden icons/files.

http://download.bleepingcomputer.com/grinler/unhide.exe

Let me know if it doesn't.

Also, please post the logs requested so we can make sure you are infection free.

CHLIU · May 20, 2011

johnb35 said:
Please download and run Unhide.exe, this should restore most of your hidden icons/files.

http://download.bleepingcomputer.com/grinler/unhide.exe

Let me know if it doesn't.

Also, please post the logs requested so we can make sure you are infection free.

I also encountered the same question.
Below are the logs.

AVG results:

"Scan ""Whole computer scan"" completed."
"Infections";"10";"10";"0"
"Warnings";"2";"2";"0"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"2011年5月20日, 上午 12:26:30"
"Scan finished:";"2011年5月20日, 上午 04:50:09 (4 hour(s) 23 minute(s) 38 second(s))"
"Total object scanned:";"4316328"
"User who launched the scan:";"LIU"

"Infections"
"";"File";"Infection";"Result"
"";"E:\program\Acronis Disk Director Suite 10 build 2160\crack\Keygen.exe";"Trojan horse Downloader.Generic7.AEYM";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Sent Items\127E0035-00000135.eml:\crack.rar:\Keygen.exe";"Trojan horse Downloader.Generic7.AEYM";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Sent Items\127E0035-00000135.eml:\crack.rar";"Trojan horse Downloader.Generic7.AEYM";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Sent Items\127E0035-00000135.eml";"Trojan horse Downloader.Generic7.AEYM";"Healed"
"";"E:\data\Mail_vista\Local Folders\Junk E-mail\59016A7D-00000321.eml:\貨物款式.zip:\貨物款式.lnk";"Virus identified Worm/AutoRun.IC";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Junk E-mail\59016A7D-00000321.eml:\貨物款式.zip";"Virus identified Worm/AutoRun.IC";"Moved to Virus Vault"
"";"E:\data\Mail_vista\Local Folders\Junk E-mail\59016A7D-00000321.eml";"Virus identified Worm/AutoRun.IC";"Healed"
"";"C:\ProgramData\ieswqMPFEaliD.exe (3344)";"Virus found Win32/Heur";"Moved to Virus Vault"
"";"C:\ProgramData\ieswqMPFEaliD.exe";"Virus found Win32/Heur";"Reboot is required to finish the action"
"";"C:\ProgramData\ieswqMPFEaliD.exe";"Virus found Win32/Heur";"Reboot is required to finish the action"

"Warnings"
"";"File";"Infection";"Result"
"";"HKU\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ieswqMPFEaliD";"Found registry key with reference to infected file C:\ProgramData\ieswqMPFEaliD.exe";"Moved to Virus Vault"
"";"C:\Users\LIU\AppData\Local\Temp\360Inst-uusee.exe";"Corrupted executable file";"Moved to Virus Vault"

hijackthis results:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 上午 05:58:15, on 2011/5/20
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\FlashGet Network\Flashget\FlashGet.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.exe
C:\PPS.tv\PPStream\PPSAP.exe
C:\PPS.tv\PPStream\PPStream.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID 登入協助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Baidu Toolbar - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: PPS.lnk = C:\PPS.tv\PPStream\PPStream.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O8 - Extra context menu item: UseFlashGet - D:\Downloads\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - D:\Downloads\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: 使用迅雷下載全部連結 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥 - C:\Program Files (x86)\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra 'Tools' menuitem: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra 'Tools' menuitem: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra button: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lib-ezproxy.tamu.edu:2048/lib/tamu/support/plugins/ebraryRdr.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} (KrbClient Class) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} (AresPKIAtx.AtxClient) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\SoDAHK.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18747 bytes

I also used the unhide.exe, and it works.

johnb35 · May 20, 2011

Please do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

Please post the malwarebytes log along with a fresh hijackthis log.

CHLIU · May 20, 2011

johnb35 said:
Please do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to

Update Malwarebytes' Anti-Malware

and Launch Malwarebytes' Anti-Malware

then click Finish.

If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

Please post the malwarebytes log along with a fresh hijackthis log.

Hi, John,

I have followed your instruction above, and the logs are shown above (in my first post).
The problem seems to be fixed. Thank you so much.

johnb35 · May 20, 2011

CHLIU said:
Hi, John,

I have followed your instruction above, and the logs are shown above (in my first post).
The problem seems to be fixed. Thank you so much.

You posted the avg log not the malwarebytes log. Please repost the hijackthis log after running malwarebytes. The hijackthis log that is showing is still showing infections.

CHLIU · May 21, 2011

johnb35 said:
You posted the avg log not the malwarebytes log. Please repost the hijackthis log after running malwarebytes. The hijackthis log that is showing is still showing infections.

Sorry, I seems to misunderstand what you are saying.

malwarebytes logs:

Scan type: Quick scan
Objects scanned: 197666
Time elapsed: 19 minute(s), 48 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 9
Registry Keys Infected: 41
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 17
Files Infected: 699

Memory Processes Infected:
c:\program files (x86)\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> 4140 -> Unloaded process successfully.
c:\program files (x86)\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> 5988 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files (x86)\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\Encrypt.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Delete on reboot.
c:\program files (x86)\funshion online\Funshion\quality.dll (Adware.Funshion) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2923508C-9425-4A61-B9CE-A98239055916} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BarBroker.BDBroker.1 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BarBroker.BDBroker (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.BandIE.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.BandIE (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBar.Tool.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBar.Tool (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.ToolBand.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarX.ToolBand (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.5 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{201E93EA-C7E1-4849-9985-0D2207A3F528} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1F4FE513-E22F-4F1F-BB77-B1ED95E434CF} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5478D59A-B281-4F58-AD2E-103474434377} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4A2B9AD8-5540-46A3-BBB4-8DED5FB09DE8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\thunder (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

CHLIU · May 21, 2011

Continuing:

Folders Infected:
c:\program files (x86)\funshion online (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashstamp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\LIU\AppData\Local\Temp\0.4619063860145921.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Local\Temp\uuseedownload.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Local\Temp\nsc30AE.tmp\picturewindow.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\LIU\local settings\temporary internet files\Content.IE5\NJ1WOZ06\windows-update-sp3-kb97873-setup[1].exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Roaming\microsoft\internet explorer\quick launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Roaming\microsoft\internet explorer\quick launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\AppData\Roaming\Adobe\plugs\mmc139.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\CoreAAC.ax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\coreavc.ax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\crashreport.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Dump.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\fpsrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\fptassrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshiongame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionservice.diagnose (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionservice.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\funshionupgrade.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\getmacaddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\langresenamerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\nicdescr.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\routersetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305600407_434208cfd4ec3a1.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305600407_6634280_1290649463_962.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305600407_6634280_1290649463_962.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305601795_6634280_1290649464_159.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305601795_6634280_1290649464_159.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305610154_6634280_1290649464_419.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305610154_6634280_1290649464_419.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305611667_6634280_1290649465_92.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305611667_6634280_1290649465_92.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305613049_6634280_1290649465_427.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305613049_6634280_1290649465_427.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305614562_6634280_1290649465_753.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305614562_6634280_1290649465_753.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305674960_6634280_1290649466_964.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305674960_6634280_1290649466_964.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305676758_6634280_1290649468_117.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305676758_6634280_1290649468_117.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305678387_6634280_1290649469_743.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305678387_6634280_1290649469_743.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305695545_6634280_1290649469_46.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305695545_6634280_1290649469_46.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305697079_6634280_1290649472_628.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305697079_6634280_1290649472_628.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305698511_6634280_1290649477_548.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305698511_6634280_1290649477_548.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305702574_6634280_1290649478_26.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305702574_6634280_1290649478_26.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305704734_6634280_1290649483_445.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305704734_6634280_1290649483_445.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305706237_6634280_1290649483_502.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305706237_6634280_1290649483_502.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305714429_6634280_1290649484_858.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305714429_6634280_1290649484_858.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305717742_6634280_1290649484_528.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305717742_6634280_1290649484_528.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305719163_6634280_1290649485_78.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305719163_6634280_1290649485_78.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305751478_6634280_1290649485_309.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305751478_6634280_1290649485_309.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305752991_6634280_1290649488_495.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305752991_6634280_1290649488_495.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305758120_6634280_1290649488_511.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305758120_6634280_1290649488_511.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305759633_6634280_1290649489_242.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305759633_6634280_1290649489_242.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305761146_6634280_1290649489_814.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305761146_6634280_1290649489_814.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305762615_6634280_1290649490_537.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305762615_6634280_1290649490_537.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305764129_6634280_1290649490_233.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305764129_6634280_1290649490_233.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305765643_6634280_1290649491_504.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305765643_6634280_1290649491_504.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305767157_6634280_1290649491_837.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305767157_6634280_1290649491_837.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305770206_6634280_1290649492_264.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305770206_6634280_1290649492_264.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305771721_6634280_1290649492_122.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305771721_6634280_1290649492_122.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305773206_6634280_1290649493_412.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305773206_6634280_1290649493_412.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305777187_6634280_1290649493_870.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305777187_6634280_1290649493_870.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305784706_6634280_1290649499_571.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305784706_6634280_1290649499_571.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305786174_6634280_1290649499_67.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305786174_6634280_1290649499_67.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305787623_6634280_1290649505_985.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305787623_6634280_1290649505_985.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305791682_6634280_1290649505_532.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305791682_6634280_1290649505_532.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305792944_6634280_1290649505_748.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305792944_6634280_1290649505_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305793585_6634280_1290649506_68.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305793585_6634280_1290649506_68.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305794987_6634280_1290649506_169.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305794987_6634280_1290649506_169.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305804219_6634280_1290649507_360.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305804219_6634280_1290649507_360.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305805786_6634280_1290649507_730.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305805786_6634280_1290649507_730.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305807689_6634280_1290649508_516.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305807689_6634280_1290649508_516.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305809204_6634280_1290649508_777.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305809204_6634280_1290649508_777.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305810666_6634280_1290649508_83.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305810666_6634280_1290649508_83.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305811912_6634280_1290649511_592.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305811912_6634280_1290649511_592.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305839520_6634280_1290649512_151.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305839520_6634280_1290649512_151.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305841541_6634280_1290649515_43.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305841541_6634280_1290649515_43.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843224_6634280_1290649515_782.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843224_6634280_1290649515_782.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843261_6634280_1290649516_916.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305843261_6634280_1290649516_916.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305844834_6634280_1290649516_317.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305844834_6634280_1290649516_317.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305846347_6634280_1290649517_243.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305846347_6634280_1290649517_243.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305847792_6634280_1290649517_751.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305847792_6634280_1290649517_751.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305849201_6634280_1290649518_449.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305849201_6634280_1290649518_449.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305853070_6634280_1290649518_673.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305853070_6634280_1290649518_673.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305854583_6634280_1290649519_748.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305854583_6634280_1290649519_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305939358_6634280_1290649522_804.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\control\1305939358_6634280_1290649522_804.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\0.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\1.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\2.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\3.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\4.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\5.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\6.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\7.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\8.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\9.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpcleardisk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpError.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpplaybartip.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpprompt.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmpquestion.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\bmptimerclose.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\buffering.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmaxbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenubtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenubtnen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenuf.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionmenufen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionminbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captionnormalbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captiontext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\captiontexten.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\changemodebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\checkbox_box.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\checkbox_check.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\diskwarnning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\dragcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\hideplayinfobtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ierrorreshbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ierrorwarning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ierrorwndbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarback.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarbacken.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarforward.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarforwarden.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarhomepage.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarhomepageen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarrefresh.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\ietoolbarrefreshen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\intergratemodebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\L.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\listheaderbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\listheadersplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\list_expend.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\loadingfunshion.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframebtm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframeleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframeright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncframetop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncleftbtmcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainnclefttopcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncrightbtmcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\mainncrighttopcorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionbtnarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionbtnbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidbarhead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidbartrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidebarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optionsplidebarthumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optiontext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\optiontexten.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\p.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\pauseadclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\pauseflickerbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarsplidrgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgndright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgndrightsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarbkgndsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarthumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbarvolumebarthumbsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbufferinfowndbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbufferinfowndleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playbufferinfowndright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnfullview.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnmute.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnmutesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnextsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnontop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnnormal.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpause.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpausesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnplay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnplaylist.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnplaysmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpre.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnpresmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnsetting.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnsimple.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnstop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnstopsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtntop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnvolume.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarbtnvolumesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarleftbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarrightbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerbarsplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerhidebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerhidebtnen.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playerhidebtnrgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playertipclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playflickerbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobkgndsel.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobtmbar.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfobtnmenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfocurplay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfoheaderbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playinfotitlebk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistaddbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistremove.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistversplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playlistversplidmark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbefore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbeforesmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarbkgndsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbardownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbardownloadsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarhead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarheadsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarthumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbarthumbsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbartrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\playsplidbartrailsmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\R.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\radiobtnbox.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\radiobtnpt.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\rpcloading.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\rpcstartdlgbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbardownarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbardownarrowl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbardownarrowround.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbaruparrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbaruparrowl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbaruparrowround.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverbkgndl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetbkgndhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetbkgndl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgethead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetheadhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetheadl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetmid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetmidhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgetmidl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgettrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgettrailhover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrollbarverwidgettraill.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrolllinkbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\scrolllinkfrm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\settingdlgicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\showplayinfobtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\splidbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\splidbarmark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\statusbarsplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tabmodebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnmenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnopenlcl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbarbtnshowplayer.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskbartipdownarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistbtnhide.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistbtnshow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistreplaybtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasklistrightline.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskliststaticons.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskliststatselicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmanagerclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmanagerclosetxtbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbaritem.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarlist.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarlscrollbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgnbarrscrollbtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgntitlebkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgntitleleft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmgntitleright.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskmngbtnicon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktabbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\TaskText.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktexten.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbardelete.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbardownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarplay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarrestore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tasktoolbarstop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\textbtnbk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tipbottomarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tiprightarrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\tiptoparrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmigorebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatebtmupdatebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatecapbkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatecapclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updatecaption.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updateiconfail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updateiconinit.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\updateiconsuc.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodPlay.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodplayen.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodWeb.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\vodWebEn.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\webclosebtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\webclosebtnrgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\funshion online\Funshion\skin\x.bmp (Adware.Funshion) -> Quarantined and deleted successfully.

Windows Diagnostic infection - Program Files shortcut problem

New Member

banned

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

New Member