Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my friend ran a program and someone is able to control her pc


  • This topic is locked This topic is locked
8 replies to this topic

#1 wizardery

wizardery

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 23 May 2014 - 03:20 AM

someone sent my friend a program and she opened it and this guy is able to control her computer whenever he wants 

 

I do not know how to remove it but i used eset online scanner on her pc and these are the logs 

 

C:\Documents and Settings\Administrator\Application Data\lsass.exe MSIL/Bladabindi.BH trojan
C:\Documents and Settings\Administrator\Local Settings\Temp\Temp\server.exe Win32/Farfli.KA trojan
C:\Documents and Settings\Administrator\???????\???\??\eb2616756abd64ab9dfe19ef49df3120.exe MSIL/Bladabindi.BH trojan
C:\Documents and Settings\All Users\Documents\My Videos\QQ1.exe Win32/Farfli.KA trojan
C:\WINDOWS\pss\eb2616756abd64ab9dfe19ef49df3120.exeStartup MSIL/Bladabindi.BH trojan
D:\20131121\PPControls\SSS.EXE MSIL/Bladabindi.BH trojan
D:\Kx3550\001.exe.vir Win32/Polip virus
D:\Users\Administrator\??\FaceBook Accelerate Browser.rar a variant of Win32/TrojanDropper.Agent.PIT trojan
D:\Users\Administrator\??\RaidCall Accelerate EXP.exe a variant of MSIL/PSW.Agent.OKY trojan
D:\Users\Administrator\??\FaceBook ???\FaceBook Accelerate Browser.exe a variant of Win32/TrojanDropper.Agent.PIT trojan
D:\Users\Administrator\??\?????\Rc?\Kx3550??.rar Win32/Polip virus
D:\Users\Administrator\??\?????\Rc?\yrlnru.rar VBS/TrojanDownloader.Psyme.NJL trojan
Operating memory multiple threats
 
 
Also i found something on the msconfig startup and its a .exe file , and sent it for virustotal scanning these were the results
2vxrv38.jpg
2qhzv5t.jpg
nd37eo.jpg
2zpusmu.jpg
 


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:13 AM

Posted 23 May 2014 - 04:42 AM

Hello -

My results from Virus Total were a bit worse than those results -

 

Please read and Copy / Paste the results from these scans, and then follow the removal tool at the bottom (if there is any remainders)

It always helps if we have some information.........

 

First -

Download Security Check by Screen317 from HERE or HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

A few details on the infection, and a few tools I would like you to run.

First -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Bladabindi.BH is a Trojan.

A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.
Read How To Temporarily Disable Your Anti-virus and then follow the following directions.
NOW : Please run Microsoft Windows Malicious Software Removal Tool.

Please post back any findings -

 

 

Please Update and run Malwarebytes Anti-Malware -

Malwarebytes Anti-Malware Free version 1.75.0.1300 has now been upgraded to Version 2.0.1

Please follow Free version removal methods. (link is to Malwarebytes site) if required -

 

 

* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
----------
** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
----------
** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply

 

 

Please include a report on your computer problems with your Logs -



#3 wizardery

wizardery
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 23 May 2014 - 05:10 AM

Results of screen317's Security Check version 0.99.83  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 [color=red][b]Out of date![/b][/color] 
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 [color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color] 
 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] 
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
  Adobe Flash Player  11.7.700.169 [b][color=red]Flash Player out of Date![/color][/b]  
 Adobe Reader XI  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
 Google Chrome plugins...  
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C::  
[b][u]````````````````````End of Log``````````````````````[/b][/u] 









MiniToolBox by Farbar  Version: 23-01-2014
Ran by Administrator (administrator) on 23-05-2014 at 17:55:55
Running from "D:\Users\Administrator\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************


========================= Flush DNS: ===================================




Windows IP Configuration






Could not flush the DNS Resolver Cache: 執行功能時失敗。








========================= IE Proxy Settings: ============================== 


Proxy is not enabled.
No Proxy Server is set.


"Reset IE Proxy Settings": IE Proxy Settings were reset.


========================= Event log errors: ===============================


Application errors:
==================
Error: (05/23/2014 05:17:58 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 05:17:58 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {7B849a69-220F-451E-B3FE-2CB811AF94AE} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 05:08:26 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 05:08:26 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {7B849a69-220F-451E-B3FE-2CB811AF94AE} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 04:03:15 PM) (Source: Application Error) (User: )
Description: 失敗的應用程式 onlinescannerapp.exe,版本 1.0.0.1,失敗的模組 online~1.ocx,版本 1.0.0.6920,錯誤位址 0x00085a9e。
正在為 [onlinescannerapp.exe!ws!] 處理媒體相關的事件


Error: (05/23/2014 03:30:26 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 03:30:26 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {7B849a69-220F-451E-B3FE-2CB811AF94AE} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 03:24:58 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 03:24:58 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows 無法查詢 {7B849a69-220F-451E-B3FE-2CB811AF94AE} 的 DllName 登錄項目,無法載入延伸。可能是因為登錄錯誤。


Error: (05/23/2014 03:00:17 PM) (Source: Application Error) (User: )
Description: 失敗的應用程式 onlinescannerapp.exe,版本 1.0.0.1,失敗的模組 online~1.ocx,版本 1.0.0.6920,錯誤位址 0x00085a9e。
正在為 [onlinescannerapp.exe!ws!] 處理媒體相關的事件




System errors:
=============
Error: (05/23/2014 05:00:00 PM) (Source: Schedule) (User: )
Description: At738.job 命令無法啟動,錯誤原因: 
%%2147942432


Error: (05/23/2014 05:00:00 PM) (Source: Schedule) (User: )
Description: At714.job 命令無法啟動,錯誤原因: 
%%2147942432


Error: (05/23/2014 05:00:00 PM) (Source: Schedule) (User: )
Description: At594.job 命令無法啟動,錯誤原因: 
%%2147942403


Error: (05/23/2014 04:00:00 PM) (Source: Schedule) (User: )
Description: At737.job 命令無法啟動,錯誤原因: 
%%2147942432


Error: (05/23/2014 04:00:00 PM) (Source: Schedule) (User: )
Description: At713.job 命令無法啟動,錯誤原因: 
%%2147942432


Error: (05/23/2014 04:00:00 PM) (Source: Schedule) (User: )
Description: At593.job 命令無法啟動,錯誤原因: 
%%2147942403


Error: (05/23/2014 03:00:00 PM) (Source: Schedule) (User: )
Description: At736.job 命令無法啟動,錯誤原因: 
%%2147942432


Error: (05/23/2014 03:00:00 PM) (Source: Schedule) (User: )
Description: At712.job 命令無法啟動,錯誤原因: 
%%2147942432


Error: (05/23/2014 03:00:00 PM) (Source: Schedule) (User: )
Description: At592.job 命令無法啟動,錯誤原因: 
%%2147942403


Error: (05/23/2014 02:00:00 PM) (Source: Schedule) (User: )
Description: At735.job 命令無法啟動,錯誤原因: 
%%2147942432




Microsoft Office Sessions:
=========================
Error: (05/23/2014 05:17:58 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}


Error: (05/23/2014 05:17:58 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


Error: (05/23/2014 05:08:26 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}


Error: (05/23/2014 05:08:26 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


Error: (05/23/2014 04:03:15 PM) (Source: Application Error)(User: )
Description: onlinescannerapp.exe1.0.0.1online~1.ocx1.0.0.692000085a9e


Error: (05/23/2014 03:30:26 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}


Error: (05/23/2014 03:30:26 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


Error: (05/23/2014 03:24:58 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}


Error: (05/23/2014 03:24:58 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


Error: (05/23/2014 03:00:17 PM) (Source: Application Error)(User: )
Description: onlinescannerapp.exe1.0.0.1online~1.ocx1.0.0.692000085a9e




=========================== Installed Programs ============================


ACDSee Pro 5 (Version: 5.3.177)
Adobe AIR (Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Reader XI (11.0.07) - Chinese Traditional (Version: 11.0.07)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Apple 應用程式支援 (Version: 3.0.1)
Calendar 0.02 (Only 264kBytes)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1116.1445.26409)
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1445.26409)
Catalyst Control Center InstallProxy (Version: 2012.1116.1445.26409)
Catalyst Control Center Localization All (Version: 2012.1116.1445.26409)
CCC Help Chinese Standard (Version: 2012.1116.1444.26409)
CCC Help Chinese Traditional (Version: 2012.1116.1444.26409)
CCC Help Czech (Version: 2012.1116.1444.26409)
CCC Help Danish (Version: 2012.1116.1444.26409)
CCC Help Dutch (Version: 2012.1116.1444.26409)
CCC Help English (Version: 2012.1116.1444.26409)
CCC Help Finnish (Version: 2012.1116.1444.26409)
CCC Help French (Version: 2012.1116.1444.26409)
CCC Help German (Version: 2012.1116.1444.26409)
CCC Help Greek (Version: 2012.1116.1444.26409)
CCC Help Hungarian (Version: 2012.1116.1444.26409)
CCC Help Italian (Version: 2012.1116.1444.26409)
CCC Help Japanese (Version: 2012.1116.1444.26409)
CCC Help Korean (Version: 2012.1116.1444.26409)
CCC Help Norwegian (Version: 2012.1116.1444.26409)
CCC Help Polish (Version: 2012.1116.1444.26409)
CCC Help Portuguese (Version: 2012.1116.1444.26409)
CCC Help Russian (Version: 2012.1116.1444.26409)
CCC Help Spanish (Version: 2012.1116.1444.26409)
CCC Help Swedish (Version: 2012.1116.1444.26409)
CCC Help Thai (Version: 2012.1116.1444.26409)
CCC Help Turkish (Version: 2012.1116.1444.26409)
ccc-utility (Version: 2012.1116.1445.26409)
CyberLink PowerDVD 9 (Version: 9.0.1501)
ESET Online Scanner v3
Extended Asian Language font pack for Adobe Reader XI (Version: 11.0.0)
Google Chrome (Version: 34.0.1847.116)
Google Update Helper (Version: 1.3.21.135)
Hao123厙硊絳瑤
Jager tickboxBeta(v22.4117)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CHT (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CHT (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - cht (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 3.5 語言套件 SP1 - 繁體中文
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (Version: 6.00.3883.15)
Nero 8 Micro 8.2.8.0 (Version: 8.2.8.0)
netapps NetworkBuild(2014-5-13 15:49:7)
NVIDIA Drivers (Version: 1.6)
Registry Winner 6.8 (Version: 6.8.3.12)
Skype(TM) 6.3 (Version: 6.3.105)
Smart Tools 2.18 (388kByte)
swMSM (Version: 12.0.0.1)
TeamViewer 9 (Version: 9.0.28223)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
UUSee Basic components (Version: 8.14.423.1)
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows XP 安全性更新 (KB923789)
六?房直播伴? (Version: 2.0.0.68)
六?房直播伴? 版本 1.1.0.31 (Version: 1.1.0.31)
史迪奇 站?主? (Version: 站?主?)
史迪奇主?包 (Version: V1.0)
百度音?2013 8.2.12.7 (Version: 8.2.12.7)
蚙弝眻畦 (Version: 8.14.423.1)
嗣粗族祧袤醱藝趙最唗 (Version: 1.0.4.0)
微軟新注音輸入法 2003 (Version: 6.5.0.6251)
微軟新倉頡輸入法 2003 (Version: 6.5.0.6251)
微軟輸入法整合器 2003 (Version: 6.5.0.6251)
新酷音輸入法 0.3.4.8 (Version: 0.3.4.8)
辦艘弝銡擬 V2.0 (Version: V2.0)
譎斕毞籵 3.0.0.3001 (Version: 3.0.0.3001)


========================= Memory info: ===================================


Percentage of memory in use: 79%
Total physical RAM: 2046.4 MB
Available physical RAM: 421.18 MB
Total Pagefile: 3938.74 MB
Available Pagefile: 1502.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1985.93 MB


========================= Partitions: =====================================


1 Drive c: () (Fixed) (Total:65 GB) (Free:44.59 GB) NTFS
2 Drive d: () (Fixed) (Total:84.04 GB) (Free:62.7 GB) NTFS
3 Drive e: (JET升降調USB音效卡 (+星) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS


========================= Users: ========================================


\\ 的使用者帳戶


Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         
命令執行完畢,但發生一或多個錯誤。




**** End of log ****

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html


Program started at: 05/23/2014 05:56:50 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3


Checking for Windows services to stop:


 * No malware services found to stop.


Checking for processes to terminate:


 * C:\Documents and Settings\Administrator\Application Data\lsass.exe (PID: 4060) [SFI]
 * C:\Documents and Settings\Administrator\Application Data\lsass.exe (PID: 4060) [UP-HEUR]
 * C:\Documents and Settings\All Users\Application Data\WeatherRadar\winPm25Tips.exe (PID: 5596) [AU-HEUR]
 * C:\WINDOWS\system32\IME\Chewing\ChewingServer.exe (PID: 5192) [WD-HEUR]
 * C:\Documents and Settings\All Users\Application Data\gbs2014418\GameBox.exe (PID: 7464) [AU-HEUR]
 * C:\Documents and Settings\All Users\Application Data\gbs2014418\GameBox.exe (PID: 7876) [AU-HEUR]
 * C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temp\server.exe (PID: 10036) [SUP-HEUR]
 * C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temp\server.exe (PID: 10036) [T-HEUR]
 * C:\WINDOWS\10C8801E\svchsot.exe (PID: 3768) [WD-HEUR]


9 proccesses terminated!


Checking Registry for malware related settings:


 * No issues found in the Registry.


Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


Performing miscellaneous checks:


 * System Restore Disabled


   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001


 * Reparse Point/Junctions Found (Most likely legitimate)!


     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]


Checking Windows Service Integrity: 


 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic


 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic


 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic


 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual


 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic


 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic


 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic


Searching for Missing Digital Signatures: 


 * C:\WINDOWS\System32\UxTheme.dll : 216,576 : 06/04/2008 08:45 PM : 43f6ffe5d2777600c404f9dce9ba4cb3 [NoSig]


 * C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 07:51 PM : a29e1209f925a0e9b330e11da5fc7bab [NoSig]


Checking HOSTS File: 


 * HOSTS file entries found: 


  127.0.0.1       localhost
  127.0.0.1 ft.funshion.com 
  127.0.0.1 drmcmm.baidu.com
  127.0.0.1 adk.funshion.com
  127.0.0.1 vas.funshion.com


Program finished at: 05/23/2014 05:57:36 PM
Execution time: 0 hours(s), 0 minute(s), and 46 seconds(s)
 


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:13 AM

Posted 23 May 2014 - 06:50 AM

Hello -

Is this computer normally set to English (US or UK versions) ??

 

Please check Notepad and make sure that Notepad Format has no "Tick" beside beside Word Wrap, as this makes the logs hard to read.

Any Quotes or Word Wrap can distort the results .......

There are a few readings that will not show up if it is ticked.

 

It shows that Internet Explorer is I.E. 6 and should be I.E. 8

 

If you are posting in Normal Mode (not Safe Mode) then please run this program (it will not run in Safe Mode)

 

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the given link)



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:13 AM

Posted 23 May 2014 - 05:50 PM

Are you still with us ??

 

Do you have any active Antivirus program installed (Free or Paid versions) ??



#6 wizardery

wizardery
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 23 May 2014 - 10:02 PM

yea im still here ,cause im helping my friend do all these stuff and were from diff countries 

 

no active antivirus at all

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014/5/24
Scan Time: 上午 10:46:37
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283843
Time Elapsed: 24 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 4
Backdoor.Farfli, C:\WINDOWS\10C8801E\svchsot.exe, 3644, , [939e401569123ff794fdfbfb23dde21e]
Trojan.MSIL, C:\Documents and Settings\Administrator\Application Data\lsass.exe, 3684, , [38f9490c0a71fd398ffd4dd8bc48ed13]
Backdoor.Farfli, C:\WINDOWS\05503D7D\svchsot.exe, 4012, , [9998460fb4c7e1554e4331c528d807f9]
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUSeeLUS.exe, 1296, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 29
PUP.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UUSEE_base, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SOFTWARE\CLASSES\CLSID\{D6B46C76-1A93-46E2-BDD5-E696E8C032AF}, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SOFTWARE\CLASSES\TYPELIB\{13884A7A-1EA1-4779-A15F-39EF88E4AE85}, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{11112E3B-4708-4AE8-BE64-6FF52C2C002C}, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAEF6520-D53C-4CC3-97BC-9BA433090AD0}, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SOFTWARE\CLASSES\STARTSERVICE.StartServiceCtrl.1, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SOFTWARE\CLASSES\CLSID\{E6D5BD28-C255-4B80-B059-401B06BB771A}, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UUSee Live Update Service, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UUSEE, , [82af4312d5a696a0414d9b135ca60ff1], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA}, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{5165BFF4-4E35-446F-B00E-EA4185B64F76}, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB}, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{456A8A65-6E0E-464B-80C6-A16E6528FADF}, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{A817E7A2-43FA-11D0-9E44-00AA00B6770A}, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\Fun.OnlineInstallCtrl.1, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\Fun.OnlineInstallCtrl, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{1CF25200-FD42-45F6-ABBD-6C0C9C89B77A}, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{A817E7A2-43FA-11D0-9E44-00AA00B6770A}, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{97DDF214-9B68-4caf-8F6F-4B4112912349}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{162CC9EB-F1CE-4CED-84CE-F80AA5DD8130}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\BhoPlugin.FunshionOnIE.1, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\BhoPlugin.FunshionOnIE, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKU\S-1-5-21-1275210071-2052111302-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKU\S-1-5-21-1275210071-2052111302-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}\INPROCSERVER32, , [d55cdf766d0ead89316a4f2502003fc1], 
 
Registry Values: 8
Backdoor.Farfli, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|10C8801E, C:\WINDOWS\10C8801E\svchsot.exe, , [939e401569123ff794fdfbfb23dde21e]
Trojan.MSIL, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|eb2616756abd64ab9dfe19ef49df3120, "C:\Documents and Settings\Administrator\Application Data\lsass.exe" .., , [38f9490c0a71fd398ffd4dd8bc48ed13]
Trojan.MSIL, HKU\S-1-5-21-1275210071-2052111302-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|eb2616756abd64ab9dfe19ef49df3120, "C:\Documents and Settings\Administrator\Application Data\lsass.exe" .., , [38f9490c0a71fd398ffd4dd8bc48ed13]
Backdoor.Farfli, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|05503D7D, C:\WINDOWS\05503D7D\svchsot.exe, , [9998460fb4c7e1554e4331c528d807f9]
PUP.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UUSeeMediaCenter, "C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe", , [61d0a9acbfbc4fe7a3e9feb0f50d31cf]
Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|03F4357C, C:\WINDOWS\03F4357C\svchsot.exe, , [fa3778ddf68584b2931a76eeda292cd4]
PUP.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UUSEE|URLInfoAbout, http://www.uusee.com, , [82af4312d5a696a0414d9b135ca60ff1]
PUP.ChinAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UUSEE_BASE|URLInfoAbout, http://www.uusee.com, , [3df46fe64239bb7bf09f921c25ddd927]
 
Registry Data: 4
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[4ee30f4624571d1958a3cb85e81c3ac6]
Hijack.StartPage.Gen, HKU\S-1-5-21-1275210071-2052111302-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.3600.com/?src=lm&ls=n153987e88f, Good: (http://www.google.com), Bad: (http://www.3600.com/?src=lm&ls=n153987e88f),,[969b6fe6710ab87ec198d97609fbca36]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1275210071-2052111302-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Good: (1), Bad: (0),,[5cd576df3f3c9e9883f2bc965ba9cf31]
PUM.Hijack.Help, HKU\S-1-5-21-1275210071-2052111302-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Good: (0), Bad: (1),,[59d82035d9a2f5419691a0b1e91b39c7]
 
Folders: 27
PUP.ChinAd, C:\Program Files\Common Files\uusee, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\temp, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUSEETemp, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUSEETemp\UUPlayer_2014_update, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\control, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\Baiduflash, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\Baiduflash\subflash, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flash, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashStamp, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\playhome, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\textlink, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\funshiontools, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\historyTorrent, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\ini, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\serv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Shortcut, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.ChinAd, C:\Documents and Settings\All Users\Application Data\UUSee, , [2f02d87d2655af87e0e6ff753ac8da26], 
PUP.Optional.ChinAd, C:\Documents and Settings\All Users\Application Data\UUSee\Pic, , [2f02d87d2655af87e0e6ff753ac8da26], 
PUP.Optional.ChinAd, C:\Documents and Settings\All Users\Application Data\UUSee\update, , [2f02d87d2655af87e0e6ff753ac8da26], 
 
Files: 336
Backdoor.Farfli, C:\WINDOWS\10C8801E\svchsot.exe, , [939e401569123ff794fdfbfb23dde21e], 
Trojan.MSIL, C:\Documents and Settings\Administrator\Application Data\lsass.exe, , [38f9490c0a71fd398ffd4dd8bc48ed13], 
Backdoor.Farfli, C:\WINDOWS\05503D7D\svchsot.exe, , [9998460fb4c7e1554e4331c528d807f9], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Temp\FunshionInstall_C174955.exe, , [d35eed687efde056e7f44e1f1ce4b749], 
PUP.BundleInstaller.DW, C:\Documents and Settings\All Users\Application Data\Temp\setup_qd222.exe, , [e948c98c433873c3d45f48fcd1305aa6], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\FunTesting.dll, , [e64b30255b20d660e7f487e69c647888], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\gma.dll, , [a78a7bda314a7abcc417bbb2a060dc24], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\Raptor.dll, , [41f0ada8502bff370ccfce9fad538a76], 
Trojan.Dropper, D:\Users\Administrator\a!?e?\FaceBook Accelerate Browser.rar, , [d16086cf1764f541fa86b45b7292c33d], 
Trojan.MSIL.GenX, C:\Documents and Settings\Administrator\a?e??a§?a?a??e??e!‥\c‥?a??e??\a??a??\eb2616756abd64ab9dfe19ef49df3120.exe, , [151cb4a15e1d11258dbb97656997817f], 
Backdoor.Farfli, C:\Documents and Settings\Administrator\Local Settings\Temp\Temp\server.exe, , [75bc5cf9a9d2c67097fa8a6c669a50b0], 
PUP.ChinAd, C:\WINDOWS\Tasks\uuseeupdatetask.job, , [5ed312434c2f1620e2a6e8c6c240738d], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUUpgrade.ini, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\uninst.exe, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\flvads.xml, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\flvads.xml.dat, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\in_net.dll, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\LocalInfo.ini, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\Localserver.dll, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\MediaCenter.ini, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\npstartservicep.dll, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\StartService.ocx, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\trafficlight.dll, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\Update_Data.ini, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUNet.dll, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUPlayer_2011_path.ini, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUSeeLUS.exe, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUSeeMediaCenter.dmp, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUSeeMediaCenter.dmz, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.ChinAd, C:\Program Files\Common Files\uusee\UUUpgrade.exe, , [61d0a9acbfbc4fe7a3e9feb0f50d31cf], 
PUP.Funshion, C:\WINDOWS\system32\funshion.ini, , [4ce5ed68fd7e0432723e614fd03252ae], 
PUP.Funshion, C:\Documents and Settings\Administrator\funshion.ini, , [c36eb4a137441125753f228e54ae9d63], 
Backdoor.Bifrose, C:\WINDOWS\system32\explorer\explorer.exe, , [ca67bf96f586a98d3bc53bb73cc6f10f], 
Trojan.Dropper, C:\Documents and Settings\Administrator\update.exe, , [9c9562f30c6f68ce7f43d82b05fe50b0], 
Backdoor.Agent.DC, D:\Users\Administrator\My Documents\MSDCSC\msdcsc.exe, , [8fa2d87dfb805cda9cdd382b7c877888], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\funoictl.dll, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\FunShion.ini, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\FunshionGame2.ico, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\Funshop4.ico, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\AbnormalPopWndCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\AddListFile.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\AddMore.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\AdPackUpBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\AdTimer.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpCleanFile.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpClearDisk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpError.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpError_IE.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpPlayBarTip.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpQuestion.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpTimerClose.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpYellowQuestion.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\btn_normal.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\btn_normalEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Buffering.gif, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\CaptionText.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\CaptionTextEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\CheckBox_Box.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\CheckBox_Check.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\CheckBox_Check.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\checkSkin.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ClearFile.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\cycle.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Default.fskin, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\DelListFile.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\DiskWarnning.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\DownloadJsonClose.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Family.fskin, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\IErrorReshBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\IErrorWndBk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgCleanFileBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgCloseMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgFullViewMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgMinViewMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgNonTopViewMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgNormalViewMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgStandardMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgStandardMiniEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgTopViewMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgVolCtrlBarThumb.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgVolCtrlBarThumbSel.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\imgVolCtrlBarThumbSel.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\KuWo.fskin, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\logo.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\LogoMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\LogoMiniEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionBtnArrow.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionBtnBk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionBtnDownArrow.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionBtnUpArrow.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionSplidBarHead.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionSplidBarTrail.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\bmpPrompt.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\CheckBox_Box.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\list_expend.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionSplideBarBkgnd.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnFullView.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnTop.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayTrackBarThumbSel.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlIcon.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\RpcStartDlgBk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerBkgnd.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ShowPlayInfoBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskListStatSelIcon.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TopRightCornor.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionSplideBarThumb.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionText.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\OptionTextEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PauseAdCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PauseFlickerBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNext.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNextMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNonTop.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnNormal.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPause.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPauseMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPlay.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPlayList.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPlayMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPre.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnPreMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnSimple.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnSimpleEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnStop.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnStopMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnVolMute.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnVolume.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarBtnVolumeMini.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerBarOpenFile.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayerTipCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayInfoCurPlay.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayList.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayListEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayTrackBar.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PlayTrackBarThumb.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Popular.fskin, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlBtnSplitter.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlCheckBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlCheckBtnCheck.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlCloseBtn.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlCloseBtnAbnormal.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlMiniBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlMiniBtn.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\PopUrlSetBtn.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\RadioBtnBox.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\RadioBtnPt.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\RpcLoading.gif, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Scroll.gif, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarDownArrow.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarDownArrowOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarUpArrow.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarUpArrowOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerBkgndOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetBkgnd.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetBkgndOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetHead.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetHeadOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetMid.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetMidOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetTrail.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollBarVerWidgetTrailOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\ScrollLinkBkgnd.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\selected.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\small.zip, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\smallerror.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\smallerror.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\switchToLibrary.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\switchToPlayer.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskDelete.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskDownLoad.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskList.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskListEn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskListStatIcons.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskManagerCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskManagerCloseTxtBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TaskPaused.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TextBtnBk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TipTopArrow.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TopLeftCornor.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\TrayWndclose.png, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateBtmBkgnd.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateBtmCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateBtmIgoreBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateBtmUpdateBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateCapBkgnd.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateCaption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateIconFail.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateIconInit.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\UpdateIconSuc.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\VolumeMute.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\VolumeNoMute.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\WebCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\WebCloseBtnRgn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\WndCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\funshionmark.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\question.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\BmpDetect.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpdetection.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpexception.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpNormal.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\bmpOK.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\CaptionCloseBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\CaptionMinBtn.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\feedbackbtnbk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\forumhelpbtnbk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\gifChecking.gif, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\gifRepairing.gif, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\gifScanning.gif, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ignorebtnbk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ProblemHelpBtnBk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\problemtabbk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ProgressBarBK.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ProgressBarFG.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\recheck.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\repairBtnBk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ReRepairBtnBk.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\RestoreBtnBK.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarDownArrowOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarUpArrowOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerBkgndOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Program Files\Funshion Online\2.8.6.51\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmp, , [9a977cd9a9d263d3a7f12d47729046ba], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\bbinfo.txt, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\favorites.fav, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\platFormGuid.txt, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20131220174814-14111190.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140102132323-17169695.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140207180622-15119986.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140224135845-7080483.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140227151005-436487.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140228101532-18269319.date1396315973.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140303155353-6830692.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140303161307-9031339.date1396315974.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140305133416-16873657.date1396315974.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140311164632-13949291.date1395537763.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140312164411-14719919.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140312164526-17719715.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140313101732-444546.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140314151055-9377628.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140314175313-14317847.date1395537763.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140317151916-15131536.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140319154525-16446141.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140320142005-18076314.date1395682676.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140320151541-3154906.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140320172704-680254.date1396315974.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140320175607-16279606.date1395496057.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140320180539-9076891.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140321101336-6995909.date1395966449.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140321115058-2064879.date1395537763.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140321174342-10403577.date1395825565.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324111949-4678450.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324113905-18517595.date1396315974.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324170624-10296018.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324171337-8236282.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324173146-2054621.date1395732962.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324182121-7087539.date1395940368.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324182136-3178705.date1395966450.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140325133527-8337103.date1395825565.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140325182459-1101050.date1396022375.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140326172319-19235519.date1396022375.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140327095538-1408450.date1396022375.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140327113029-18170990.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140327164335-1664600.date1396022375.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140327164931-10565801.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140328100725-4889361.date1396022376.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140328194421-4494578.date1396315975.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140331111035-11138263.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140401112727-7474578.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140401150126-13400733.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140403133851-4568781.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140410114716-360469.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140410142601-8436620.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140411144446-17950903.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140411171347-11950021.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140414151423-8199453.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140414183213-9526351.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140416160955-11991361.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140319165145-15968996.date1395682676.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140324182103-9481407.date1395825565.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140331173242-8129302.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140416165741-3169559.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140416172435-18046878.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140416172844-2914019.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140417163058-18991205.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140417172834-11956776.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140418115958-9481470.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140422185209-19592471.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140422185338-15256973.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140424145116-17639154.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140424150423-9302320.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140425104403-12133253.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140425110849-17795263.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140425171058-19994290.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140425174343-18412785.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140428143338-10433167.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140428151718-12584544.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140428154008-193374.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140429173517-12474437.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140429191549-18109325.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140430115215-3203426.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140430122140-12004790.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140430171722-5882431.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140504182129-3518968.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140505180646-3221031.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140506114052-5444903.flv, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\20140507103524-5678536.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\279156.date1395496057.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\34409421.date1395825565.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\49887187.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\64772953.date1395496057.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\flashNew\92580062.swf, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\textlink\textAdLink.xml, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Cache\textlink\textMiniAdLink.xml, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\funshiontools\1399486026.bklist, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\funshiontools\1399486027.funshion, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\funshiontools\FunshionHelper.dll, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\funshiontools\gma.dll, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\funshiontools\LoadIE.log, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\funshiontools\npFunshion.dll, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\ini\httpfile.ini, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\ini\temp_config.ini, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\Shortcut\FunShortcut.ini, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\adConfig.xml, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\adConfig.xml.bak, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\adMaterialsTable1.xml, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\minisite.json, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\popwind.json, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\textAdLink.xml, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\textMiniAdLink.xml, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.Funshion, C:\Documents and Settings\Administrator\funshion\update\updatexmlfile.txt, , [d55cdf766d0ead89316a4f2502003fc1], 
PUP.Optional.ChinAd, C:\Documents and Settings\All Users\Application Data\UUSee\data.xml, , [2f02d87d2655af87e0e6ff753ac8da26], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by wizardery, 23 May 2014 - 10:15 PM.


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:13 AM

Posted 23 May 2014 - 11:52 PM

Hello -

2 things -

First you always NEED an Antivirus program when you are online.

There are many Free (and 1 to 3 month Trial) versions that you can use at any time, anywhere in the world.

 

Second -

This system is very badly infected, and needs attention by the Experts (all is Free). You will never be able to remove all of the backdoor infections and other Malware on this computer without help.

 

Please follow the instructions in this Preparation Guide starting at Step #6.

NOTE - If you cannot complete a step, skip it and continue.

 

 Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs area -

 

They can use many other tools to find and fix the problem that we can not use in this area.

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Tell me when you post the new topic so we can close this one and only let the Experts try to fix your problem.



#8 wizardery

wizardery
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 24 May 2014 - 07:42 AM

alright posted thanks



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:13 PM

Posted 24 May 2014 - 06:15 PM

MRL topic:  http://www.bleepingcomputer.com/forums/t/535386/infected-with-trojansbackdoor-etc/ .

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users