[Resolved - K] The popup cause a lot of problem

  • 19 Replies
  • 6336 Views
*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
[Resolved - K] The popup cause a lot of problem
« on: January 27, 2014, 09:40:34 AM »
My computer is slow these days, and its getting slower because of avast popup about malware. Please help me. The slow is causing so much trouble

DDS log =>

DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by KohakuNushi at 10:00:24 on 2014-01-27
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.528 [GMT 7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Javavavava\bin\jqs.exe
D:\Process Lasso\processlasso.exe
D:\Process Lasso\processgovernor.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Internet Download Manager\IDMan.exe
D:\UniKey\UniKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://go.speedbit.com/?s=E1Nb
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = hxxp=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com
mWinlogon: SFCDisable = dword:-99
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - d:\internet download manager\IDMIECC.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: SearchNewTab: {41C2F36E-3AE0-7D36-3BE0-F2CB1FB6B5FD} - c:\documents and settings\all users\application data\searchnewtab\E9HJpsYZv2.dll
BHO: DoiwuNlaoad keeper: {5EA80CA8-4887-B5DC-1585-55206A35DAAA} - c:\documents and settings\all users\application data\doiwunlaoad keeper\uRawD.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\javavavava\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\javavavava\bin\jp2ssv.dll
BHO: SmileysWeLoveToolbar: {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - c:\program files\smileys we love toolbar for ie\adxloader.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: SmileysWeLove: {CF0F43AB-9C23-4D7B-8040-201B82844854} - c:\program files\smileys we love toolbar for ie\adxloader.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] d:\internet download manager\IDMan.exe /onboot
uRun: [UniKey] d:\unikey\UniKey.exe
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\documents and settings\kohakunushi\application data\newnext.me\nengine.dll",EntryPoint -m l
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [ProcessLassoManagementConsole] "d:\process lasso\processlasso.exe"
mRun: [ProcessGovernor] "d:\process lasso\processgovernor.exe"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all links with IDM - d:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\internet download manager\IEGetVL.htm
IE: Download with IDM - d:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Tra t? di?n Naver - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\idmmbc.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D8C1B57F-BCEF-4454-B3FF-08A99E3B4B69} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D8C1B57F-BCEF-4454-B3FF-08A99E3B4B69} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kohakunushi\application data\mozilla\firefox\profiles\93ddn55e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.speedbit.com/search.aspx?s=E1Nb&q=
FF - prefs.js: browser.search.selectedEngine - Speedbit Search
FF - prefs.js: browser.startup.homepage - hxxp://go.speedbit.com/?s=E1Nb
FF - prefs.js: keyword.URL - hxxp://go.speedbit.com/search.aspx?s=E1Nb&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: d:\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: d:\javavavava\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-3 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-3 175176]
R0 diskpt;diskpt;c:\windows\system32\drivers\diskpt.sys [2013-5-17 204384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-12 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-12 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-3 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-12 46808]
R2 SBUpd;SpeedBit Update;c:\program files\common files\speedbit\sbupdate\sbu.exe [2014-1-26 1749112]
R3 SBUpdd;SpeedBit UpdateD;c:\program files\common files\speedbit\sbupdate\sbw.sys [2014-1-26 31640]
S3 cpuz135;cpuz135;\??\c:\docume~1\kohaku~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\kohaku~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena plus\room\safedrv.sys --> d:\garena plus\room\safedrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-26 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2012-12-12 3567]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva401;XDva401;\??\c:\windows\system32\xdva401.sys --> c:\windows\system32\XDva401.sys [?]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
.
=============== Created Last 30 ================
.
2014-01-26 16:37:31   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-25 16:20:24   --------   d-----w-   c:\documents and settings\kohakunushi\application data\Malwarebytes
2014-01-25 16:20:08   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2014-01-25 16:20:03   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-25 10:17:11   --------   d-----w-   c:\documents and settings\kohakunushi\application data\Fapyuhem
2014-01-25 03:26:05   --------   d-----w-   c:\documents and settings\kohakunushi\application data\CocCoc
2014-01-25 03:26:03   --------   d-----w-   c:\documents and settings\kohakunushi\local settings\application data\CocCoc
2014-01-23 10:06:53   --------   d-----w-   c:\documents and settings\all users\application data\SpeedBit
2014-01-23 10:06:00   --------   d-----w-   c:\program files\common files\SpeedBit
2014-01-23 09:50:36   --------   d-sh--w-   C:\FOUND.000
2014-01-22 16:47:06   --------   d-----w-   c:\documents and settings\kohakunushi\.android
2014-01-22 16:46:46   --------   d-----w-   c:\documents and settings\kohakunushi\local settings\application data\cache
2014-01-22 16:46:38   --------   d-----w-   c:\documents and settings\kohakunushi\application data\newnext.me
2014-01-22 16:46:31   --------   d-----w-   c:\documents and settings\kohakunushi\local settings\application data\genienext
2014-01-22 16:46:29   --------   d-----w-   c:\documents and settings\kohakunushi\local settings\application data\Mobogenie
2014-01-22 16:44:43   --------   d-----w-   c:\program files\Mobogenie
2014-01-18 02:01:44   --------   d-sh--w-   C:\FOUND.065
2013-12-28 13:58:28   --------   d-sh--w-   C:\FOUND.064
.
==================== Find3M  ====================
.
2014-01-25 10:21:08   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-25 10:21:08   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-12-11 05:06:22   773968   ----a-w-   c:\windows\system32\msvcr100.dll
2013-12-11 05:06:22   421200   ----a-w-   c:\windows\system32\msvcp100.dll
.
============= FINISH: 10:01:27.09 ===============

Attach one =>

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2012 10:08:33 PM
System Uptime: 1/27/2014 9:55:34 AM (1 hours ago)
.
Motherboard:          |  | P4i65G
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | mPGA478 | 2796/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 20 GiB total, 1.944 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 1.003 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Ask Toolbar Updater
Auto Hide IP
avast! Free Antivirus
ButtonBeats Virtual Piano
C-Media WDM Audio Driver
Cheat Engine 6.2
Cheat Engine 6.3
CoreAVC Professional Edition (remove only)
Counter-strike
Desktop Toys
DoiwuNlaoad keeper
DriverIdentifier 4.2.3
FLV to MP3 Converter 2.2.2.0
FormatFactory 3.0.1
Foxit Reader
Free Pascal 2.6.2
GameRanger
GoforFiles
Google Chrome
Google Update Helper
Heavy Weapon Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Extreme Graphics 2 Driver
Java 7 Update 25
Java Auto Updater
K-Lite Codec Pack 9.6.0 (Full)
Kungfu Master
LibreOffice 4.1.4.2
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Melody Assistant
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Home and Student 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Minecraft1.5.1
Monopoly Free Trial
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
PhotoScape
Process Lasso
Realtek AC'97 Audio
Rock Legend
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB960715)
Shadow Defender
Smileys We Love Toolbar for IE
Ss-Helper 1.74
StepMania CVS 4.0 (remove only)
SuperCleaner
The KMPlayer (remove only)
UltraISO Premium V9.52
Uninstall
Update for Windows Internet Explorer 8 (KB2598845)
VIO Player version 1.0.1
WebFldrs XP
Windows Internet Explorer 8
WinRAR 4.20 (32-bit)
WWE RAW I - Ultimate Impact
Yahoo! Messenger
Youtube Downloader HD v. 2.9.9.11
.
==== Event Viewer Messages From Past Week ========
.
1/26/2014 2:03:04 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/24/2014 11:00:27 PM, error: Dhcp [1002]  - The IP address lease 0.0.0.0 for the Network Card with network address 001966433E55 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
1/24/2014 11:00:25 PM, error: Dhcp [1002]  - The IP address lease 10.86.152.157 for the Network Card with network address 001966433E55 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
1/24/2014 10:29:25 PM, error: Dhcp [1002]  - The IP address lease 10.86.152.157 for the Network Card with network address 001966433E55 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
1/23/2014 5:28:45 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
1/23/2014 5:28:29 PM, error: Service Control Manager [7034]  - The VideoAcceleratorService service terminated unexpectedly.  It has done this 2 time(s).
1/23/2014 5:19:44 PM, error: Service Control Manager [7034]  - The VideoAcceleratorService service terminated unexpectedly.  It has done this 1 time(s).
1/23/2014 5:08:18 PM, error: Service Control Manager [7034]  - The SpeedBit Update service terminated unexpectedly.  It has done this 1 time(s).
1/23/2014 4:52:52 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/23/2014 12:57:43 PM, error: Dhcp [1002]  - The IP address lease 27.2.131.231 for the Network Card with network address 001966433E55 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
1/23/2014 10:32:02 AM, error: Dhcp [1002]  - The IP address lease 192.168.100.2 for the Network Card with network address 001966433E55 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
1/22/2014 12:56:06 PM, error: Dhcp [1002]  - The IP address lease 27.2.131.56 for the Network Card with network address 001966433E55 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
1/21/2014 8:53:58 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================
« Last Edit: February 02, 2014, 03:41:01 AM by kevinf80 »
Appreciate for your help, dude ~

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] The popup cause a lot of problem
« Reply #1 on: January 27, 2014, 09:50:39 AM »
Hello kohakunushi2001 and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go here:  http://support.microsoft.com/kb/971759 and follow the instructions specific for your operating system.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Kevin....

*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #2 on: January 27, 2014, 08:49:58 PM »
Thanks! And BTW, since now is Lunar New Year, so Ill be kinda busy. So if I don't reply within 72h it means that I'm still busy, and I'll send you an email telling that.

FRST log =>

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02
Ran by KohakuNushi (administrator) on SON on 28-01-2014 09:42:34
Running from C:\Documents and Settings\KohakuNushi\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(Bitsum Technologies) D:\Process Lasso\ProcessLasso.exe
(Bitsum Technologies) D:\Process Lasso\ProcessGovernor.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
(Oracle Corporation) D:\Javavavava\bin\jqs.exe
(Tonec Inc.) D:\Internet Download Manager\IDMan.exe
() D:\UniKey\UniKey.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [ProcessLassoManagementConsole] - D:\Process Lasso\processlasso.exe [957224 2013-01-16] (Bitsum Technologies)
HKLM\...\Run: [ProcessGovernor] - D:\Process Lasso\processgovernor.exe [642344 2013-01-16] (Bitsum Technologies)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [766656 2014-01-09] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [IDMan] - D:\Internet Download Manager\IDMan.exe [3118512 2012-02-06] (Tonec Inc.)
HKCU\...\Run: [UniKey] - D:\UniKey\UniKey.exe [208896 2006-04-19] ()
HKCU\...\Run: [NextLive] - C:\Documents and Settings\KohakuNushi\Application Data\newnext.me\nengine.dll [1283584 2014-01-06] (NewNextDotMe)
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default User\...\RunOnce: [_nltide_2] - regsvr32 /s /n /i:U shell32

==================== Internet (Whitelisted) ====================

ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com/?s=E1Nb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0201B528C51BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E1Nb&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E1Nb&q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E1Nb&q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E1Nb&q={searchTerms}
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: SearchNewTab - {41C2F36E-3AE0-7D36-3BE0-F2CB1FB6B5FD} - C:\Documents and Settings\All Users\Application Data\SearchNewTab\E9HJpsYZv2.dll ()
BHO: DoiwuNlaoad keeper - {5EA80CA8-4887-B5DC-1585-55206A35DAAA} - C:\Documents and Settings\All Users\Application Data\DoiwuNlaoad keeper\uRawD.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Javavavava\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Javavavava\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmileysWeLoveToolbar - {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll ()
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll ()
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 02 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 03 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 04 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 05 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 17 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Tcpip\Parameters: [DhcpNameServer] 112.197.5.3 208.67.222.222 203.119.36.106
Tcpip\..\Interfaces\{D8C1B57F-BCEF-4454-B3FF-08A99E3B4B69}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default
FF DefaultSearchEngine: Speedbit Search
FF SearchEngineOrder.1: Speedbit Search
FF SelectedSearchEngine: Speedbit Search
FF Homepage: hxxp://go.speedbit.com/?s=E1Nb
FF Keyword.URL: hxxp://go.speedbit.com/search.aspx?s=E1Nb&q=
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\Javavavava\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk - D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
FF SearchPlugin: C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\searchplugins\speedbit.xml
FF Extension: DoiwuNlaoad keeper - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\5q7nf@ieoauauoo.net [2013-11-19]
FF Extension: SearchNewTab - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\32l0k8y@w-jcdhl.com [2013-11-19]
FF Extension: Auto Hide IP - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\support@auto-hide-ip.com.xpi [2013-04-10]
FF Extension: AutoProxy - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\autoproxy@autoproxy.org.xpi [2013-04-04]
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2013-11-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\KohakuNushi\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\KohakuNushi\Application Data\IDM\idmmzcc3 [2012-12-11]
FF StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "sync" : {
      "dictionary" : false,
      "keep_everything_synced" : false,
      "preferences" : false,
      "priority_preferences" : false,
      "search_engines"
CHR DefaultSearchKeyword: google.com.vn
CHR DefaultNewTabURL:
CHR Extension: (NAVER Vietnam Toolbar for Chrome) - C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfgmhilhjkklfkcopoogicgkbpnocdoe [2013-10-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR Extension: (New Tab Launch) - C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbhplonhjleiopohgmppianogioknked [2014-01-23]
CHR HKLM\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [2013-12-26]
CHR HKLM\...\Chrome\Extension: [mfgmhilhjkklfkcopoogicgkbpnocdoe] - C:\Program Files\Naver\NaverChromeToolbar\naver_chrome_toolbar_vn_win.crx [2012-09-05]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 JavaQuickStarterService; D:\Javavavava\bin\jqs.exe [182184 2013-08-06] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1749112 2014-01-26] (Speedbit Ltd.)

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-08-23] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [175176 2013-08-23] ()
S3 ATWPKT2; C:\WINDOWS\system32\drivers\ATWPKT2.SYS [24368 2009-09-01] (America Online)
R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)
R0 diskpt; C:\WINDOWS\System32\drivers\diskpt.sys [204384 2011-03-31] (SHADOWDEFENDER.COM)
R1 ISODrive; D:\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-01-26] (Malwarebytes Corporation)
S3 PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-01-26] ()
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-01-04] (AnchorFree Inc)
S3 cpuz135; \??\C:\DOCUME~1\KOHAKU~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys

S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys

S3 wanatw; system32\DRIVERS\wanatw4.sys

S3 XDva401; \??\C:\WINDOWS\system32\XDva401.sys


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 09:42 - 2014-01-28 09:42 - 00000000 ____D C:\FRST
2014-01-27 10:01 - 2014-01-27 10:01 - 00010977 _____ C:\Documents and Settings\KohakuNushi\Desktop\dds.txt
2014-01-27 10:01 - 2014-01-27 10:01 - 00006569 _____ C:\Documents and Settings\KohakuNushi\Desktop\attach.txt
2014-01-26 23:37 - 2014-01-26 23:37 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-26 23:22 - 2014-01-26 23:25 - 00004166 _____ C:\Documents and Settings\KohakuNushi\Desktop\Rkill.txt
2014-01-25 23:20 - 2014-01-25 23:20 - 00000538 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\Malwarebytes
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-25 23:20 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-25 17:17 - 2014-01-25 17:17 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem
2014-01-25 10:26 - 2014-01-25 10:26 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\CocCoc
2014-01-25 10:26 - 2014-01-25 10:26 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\CocCoc
2014-01-24 20:48 - 2014-01-25 10:34 - 00005494 _____ C:\WINDOWS\setupapi.log
2014-01-23 17:06 - 2014-01-27 09:58 - 00000954 _____ C:\WINDOWS\Tasks\SBW_UpdateTask_Time_323236303431353836382d3437415a556c2a3223346c41.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000572 _____ C:\WINDOWS\Tasks\SBWUpdateTask_Time_1cceb348-001966433E55.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000572 _____ C:\WINDOWS\Tasks\SBWUpdateTask_Logon_1cceb348-001966433E55.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000000 ____D C:\Program Files\Common Files\SpeedBit
2014-01-23 17:06 - 2014-01-23 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedBit
2014-01-23 16:50 - 2014-01-23 16:50 - 00000000 __SHD C:\FOUND.000
2014-01-22 23:47 - 2014-01-22 23:47 - 00000000 ____D C:\Documents and Settings\KohakuNushi\.android
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\My Documents\Mobogenie
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Mobogenie
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\genienext
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\cache
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\newnext.me
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 _____ C:\Documents and Settings\KohakuNushi\daemonprocess.txt
2014-01-22 23:44 - 2014-01-22 23:44 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-19 22:38 - 2014-01-19 22:59 - 85966896 _____ C:\Documents and Settings\KohakuNushi\My Documents\12 step suite full - By Dream Theater._(360p).mp4
2014-01-18 23:17 - 2014-01-24 21:05 - 00002140 _____ C:\WINDOWS\wmsetup.log
2014-01-18 22:36 - 2014-01-18 22:36 - 00069816 _____ C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-18 12:20 - 2014-01-18 12:21 - 00261432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-18 11:17 - 2014-01-28 01:10 - 00040095 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-18 09:09 - 2014-01-18 09:09 - 00000120 _____ C:\WINDOWS\setupact.log
2014-01-18 09:09 - 2014-01-18 09:09 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-18 09:07 - 2014-01-18 09:07 - 00034996 _____ C:\Documents and Settings\KohakuNushi\My Documents\cc_20140118_090732.reg
2014-01-18 09:01 - 2014-01-18 09:01 - 00000000 __SHD C:\FOUND.065
2014-01-15 12:14 - 2014-01-15 12:14 - 00000000 _____ C:\unp303476962639793734.mdmp
2014-01-14 09:50 - 2014-01-14 09:50 - 00000000 ____D C:\Documents and Settings\All Users\Documents\sun
2014-01-14 09:48 - 2014-01-14 09:48 - 00000601 _____ C:\Documents and Settings\All Users\Desktop\LibreOffice 4.1.lnk
2014-01-14 09:48 - 2014-01-14 09:48 - 00000000 ___SD C:\Documents and Settings\All Users\Start Menu\Programs\LibreOffice 4.1
2014-01-12 16:04 - 2014-01-13 23:33 - 04372316 _____ C:\Documents and Settings\KohakuNushi\My Documents\tin.odp
2014-01-07 08:34 - 2014-01-07 08:34 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Desktop\Unused Desktop Shortcuts

==================== One Month Modified Files and Folders =======

2014-01-28 09:42 - 2014-01-28 09:42 - 00000000 ____D C:\FRST
2014-01-28 01:10 - 2014-01-18 11:17 - 00040095 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-28 01:10 - 2012-12-11 22:12 - 00000178 ___SH C:\Documents and Settings\KohakuNushi\ntuser.ini
2014-01-27 10:01 - 2014-01-27 10:01 - 00010977 _____ C:\Documents and Settings\KohakuNushi\Desktop\dds.txt
2014-01-27 10:01 - 2014-01-27 10:01 - 00006569 _____ C:\Documents and Settings\KohakuNushi\Desktop\attach.txt
2014-01-27 09:58 - 2014-01-23 17:06 - 00000954 _____ C:\WINDOWS\Tasks\SBW_UpdateTask_Time_323236303431353836382d3437415a556c2a3223346c41.job
2014-01-26 23:37 - 2014-01-26 23:37 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-26 23:25 - 2014-01-26 23:22 - 00004166 _____ C:\Documents and Settings\KohakuNushi\Desktop\Rkill.txt
2014-01-25 23:20 - 2014-01-25 23:20 - 00000538 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\Malwarebytes
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-25 17:21 - 2012-12-12 22:01 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-25 17:21 - 2012-12-12 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-25 17:17 - 2014-01-25 17:17 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem
2014-01-25 10:34 - 2014-01-24 20:48 - 00005494 _____ C:\WINDOWS\setupapi.log
2014-01-25 10:26 - 2014-01-25 10:26 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\CocCoc
2014-01-25 10:26 - 2014-01-25 10:26 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\CocCoc
2014-01-24 21:05 - 2014-01-18 23:17 - 00002140 _____ C:\WINDOWS\wmsetup.log
2014-01-23 17:06 - 2014-01-23 17:06 - 00000572 _____ C:\WINDOWS\Tasks\SBWUpdateTask_Time_1cceb348-001966433E55.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000572 _____ C:\WINDOWS\Tasks\SBWUpdateTask_Logon_1cceb348-001966433E55.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000000 ____D C:\Program Files\Common Files\SpeedBit
2014-01-23 17:06 - 2014-01-23 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedBit
2014-01-23 16:50 - 2014-01-23 16:50 - 00000000 __SHD C:\FOUND.000
2014-01-22 23:47 - 2014-01-22 23:47 - 00000000 ____D C:\Documents and Settings\KohakuNushi\.android
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\My Documents\Mobogenie
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Mobogenie
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\genienext
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\cache
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\newnext.me
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 _____ C:\Documents and Settings\KohakuNushi\daemonprocess.txt
2014-01-22 23:44 - 2014-01-22 23:44 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-22 23:38 - 2012-12-12 17:23 - 00000480 _____ C:\Documents and Settings\KohakuNushi\Desktop\PhotoScape.lnk
2014-01-19 22:59 - 2014-01-19 22:38 - 85966896 _____ C:\Documents and Settings\KohakuNushi\My Documents\12 step suite full - By Dream Theater._(360p).mp4
2014-01-18 22:36 - 2014-01-18 22:36 - 00069816 _____ C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-18 12:21 - 2014-01-18 12:20 - 00261432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-18 09:09 - 2014-01-18 09:09 - 00000120 _____ C:\WINDOWS\setupact.log
2014-01-18 09:09 - 2014-01-18 09:09 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-18 09:08 - 2013-11-28 08:12 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ceebd6e89cbb7c.job
2014-01-18 09:08 - 2013-05-22 23:02 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2014-01-18 09:08 - 2012-12-11 22:18 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 09:07 - 2014-01-18 09:07 - 00034996 _____ C:\Documents and Settings\KohakuNushi\My Documents\cc_20140118_090732.reg
2014-01-18 09:01 - 2014-01-18 09:01 - 00000000 __SHD C:\FOUND.065
2014-01-15 12:14 - 2014-01-15 12:14 - 00000000 _____ C:\unp303476962639793734.mdmp
2014-01-15 12:13 - 2013-01-26 23:52 - 00307578 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-14 09:50 - 2014-01-14 09:50 - 00000000 ____D C:\Documents and Settings\All Users\Documents\sun
2014-01-14 09:48 - 2014-01-14 09:48 - 00000601 _____ C:\Documents and Settings\All Users\Desktop\LibreOffice 4.1.lnk
2014-01-14 09:48 - 2014-01-14 09:48 - 00000000 ___SD C:\Documents and Settings\All Users\Start Menu\Programs\LibreOffice 4.1
2014-01-13 23:33 - 2014-01-12 16:04 - 04372316 _____ C:\Documents and Settings\KohakuNushi\My Documents\tin.odp
2014-01-07 12:00 - 2013-01-28 00:00 - 01543410 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1757981266-527237240-842925246-1003-0.dat
2014-01-07 08:34 - 2014-01-07 08:34 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Desktop\Unused Desktop Shortcuts

Files to move or delete:
====================
C:\Documents and Settings\KohakuNushi\Application Data\CamShapes.ini
C:\Documents and Settings\KohakuNushi\Application Data\CamLayout.ini
C:\Documents and Settings\All Users\mszucuyy.exe
C:\Documents and Settings\All Users\mstawi.exe
C:\Documents and Settings\All Users\msalon.exe


Some content of TEMP:
====================
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\Foxit Updater.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\VAUninstall.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\sres.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cshell.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cres.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cabex.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\VARemove.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\msi25057.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\unelevate.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateCheckerSetup.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\appshat-distribution.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\Installer.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateFlashPlayer_7089eab9.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateFlashPlayer_5fe526eb.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2009-01-08 19:07] - [2009-01-08 19:07] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

P/S: I've looked through the check and the log. And I have a few things. You can answer it or not, it doesn't matter much.

 + When the check was nearly finish, there was a part that wrote "Getting application errors". Is that mean that my computer has errors, or something else?
 + In the log "Addition" it says that my AV is disabled, when I still turn it on. What is this mean?

Thanks for your help!
Appreciate for your help, dude ~

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] The popup cause a lot of problem
« Reply #3 on: January 28, 2014, 04:19:40 AM »
If you are away for more than 72 hours is fine now that you`ve made me aware of your circumstances....

I`m not really sure of reasons for the two queries you mention at the end of your reply, if your AV is marked as turned off and you say it is on; maybe because of system glitch with security center service, that maybe same for your second query.

I strongly advise that the following programs are uninstalled A.S.A.P, although you may have installed these yourself they do come loaded with 3rd party unwanted extras that are not trustworthy.

Mobogenie
Ask Toolbar Updater
GoforFiles


Let me know if you do uninstall them...

Next,

Do you know of or recognize the following:

D:\UniKey\UniKey.exe

I do understand this is just a program to be able to type unicode for the vietnamese language, my concern is its location. Normally runs from the Program Files folder?

Next,

Upload a File to Virustotal
Go to http://www.virustotal.com/
  • Click the Choose file button
  • Navigate to the file C:\WINDOWS\explorer.exe or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Next,

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log..

Next,

Please download RogueKiller from here:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version
http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version
   
  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept


  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan


  • When the scan completes select Report, copy and paste that to your reply.


  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Let me see the logs in next reply,

Kevin

*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #4 on: January 28, 2014, 09:28:07 AM »
About those 3 you told me to uninstall, I remembered that I have already uninstalled Mobogenie, just wonder why it still there. The other 2 is fine, because I have uninstalled it.

About Unikey. I throw everything that is important to me in D. So everytime I have to use it, I go to D. And also because I don't want to redownload everything when my computer has trouble.

And now is the log. Took me nearly 3 hours for all of things.

Virustotal log: I just tried to paste, but I can't paste the tick sign, so I have to say: virustotal said that it is harmless. If you want further information, I can take screenshot and give it to you.

Fixlog.txt =>

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2014 03
Ran by KohakuNushi at 2014-01-28 20:05:49 Run:1
Running from C:\Documents and Settings\KohakuNushi\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Documents and Settings\KohakuNushi\Application Data\CamShapes.ini
C:\Documents and Settings\KohakuNushi\Application Data\CamLayout.ini
C:\Documents and Settings\All Users\mszucuyy.exe
C:\Documents and Settings\All Users\mstawi.exe
C:\Documents and Settings\All Users\msalon.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\Foxit Updater.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\VAUninstall.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\sres.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cshell.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cres.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cabex.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\VARemove.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\msi25057.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\unelevate.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateCheckerSetup.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\appshat-distribution.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\Installer.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateFlashPlayer_7089eab9.exe
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateFlashPlayer_5fe526eb.exe
End
*****************

C:\Documents and Settings\KohakuNushi\Application Data\CamShapes.ini => Moved successfully.
C:\Documents and Settings\KohakuNushi\Application Data\CamLayout.ini => Moved successfully.
C:\Documents and Settings\All Users\mszucuyy.exe => Moved successfully.
C:\Documents and Settings\All Users\mstawi.exe => Moved successfully.
C:\Documents and Settings\All Users\msalon.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\Foxit Updater.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\VAUninstall.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\htmlayout.dll => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\sres.dll => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cshell.dll => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cres.dll => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\cabex.dll => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\VARemove.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\msi25057.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\unelevate.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateCheckerSetup.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\appshat-distribution.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\Installer.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateFlashPlayer_7089eab9.exe => Moved successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\UpdateFlashPlayer_5fe526eb.exe => Moved successfully.

==== End of Fixlog ====

AdwCleaner =>

# AdwCleaner v3.017 - Report created 28/01/2014 at 22:10:12
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : KohakuNushi - SON
# Running from : C:\Documents and Settings\KohakuNushi\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\DoiwuNlaoad keeper
Folder Deleted : C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\KohakuNushi\Application Data\EZDownloader
Folder Deleted : C:\Documents and Settings\KohakuNushi\Application Data\iWin
Folder Deleted : C:\Documents and Settings\KohakuNushi\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\5q7nf@ieoauauoo.net
Folder Deleted : C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\32l0k8y@w-jcdhl.com
File Deleted : C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\invalidprefs.js
File Deleted : C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\searchplugins\speedbit.xml
File Deleted : C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\searchplugins\WebSearch.xml
File Deleted : C:\WINDOWS\Tasks\GoforFilesUpdate.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Speedbit Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://go.speedbit.com/search.aspx?s=E1Nb&q=");
Line Deleted : user_pref("browser.search.order.1", "Speedbit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Speedbit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://go.speedbit.com/?s=E1Nb");
Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://go.speedbit.com/?s=E1Nb");
Line Deleted : user_pref("keyword.URL", "hxxp://go.speedbit.com/search.aspx?s=E1Nb&q=");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5413 octets] - [28/01/2014 22:07:18]
AdwCleaner[S0].txt - [5376 octets] - [28/01/2014 22:10:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5436 octets] ##########

The reason I choose to clean all because all of those files I've checked through and they are all familiar to me.

MBAM log ->

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Database version: v2014.01.28.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
KohakuNushi :: SON [administrator]

1/28/2014 7:57:21 PM
mbam-log-2014-01-28 (19-57-21).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265032
Time elapsed: 2 hour(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Documents and Settings\KohakuNushi\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.

Registry Keys Detected: 15
HKCR\CLSID\{41C2F36E-3AE0-7D36-3BE0-F2CB1FB6B5FD} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41C2F36E-3AE0-7D36-3BE0-F2CB1FB6B5FD} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{41C2F36E-3AE0-7D36-3BE0-F2CB1FB6B5FD} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41C2F36E-3AE0-7D36-3BE0-F2CB1FB6B5FD} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{41C2F36E-3AE0-7D36-3BE0-F2CB1FB6B5FD} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCR\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKCR\SmileysWeLoveToolbar.IEModule (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKCR\SmileysWeLoveToolbar.SWLIEToolbar (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF0F43AB-9C23-4D7B-8040-201B82844854} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF0F43AB-9C23-4D7B-8040-201B82844854} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{CF0F43AB-9C23-4D7B-8040-201B82844854} (PUP.Optional.SmileysWeLove.A) -> Data: SmileysWeLoveToolbar.IEModule -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CF0F43AB-9C23-4D7B-8040-201B82844854} (PUP.Optional.SmileysWeLove.A) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\KohakuNushi\Application Data\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Program Files\Smileys We Love Toolbar for IE (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SmileysWeLove for IE (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SearchNewTab (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\OpenCandy\481D251B7D5B48AAAA299742B861A399 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\OpenCandy\3DA2D432647248D19E203ABB8AA1A4F0 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 50
C:\Documents and Settings\All Users\Application Data\SearchNewTab\E9HJpsYZv2.dll (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\GarenaMessenger\update\12154\bbtalk\BTalkLoader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\DoiwuNlaoad keeper\uRawD.dll (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\DoiwuNlaoad keeper\vhGXpS.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\hvsg1iAazgw.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\is142981151\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\is142981151\cor_ar_2013729172639_qvo6.exe (PUP.Optional.Elex) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\{17ABAFB7-84AE-4705-A5EE-CC8CCC488D41}\Addons\ext_setup.exe (PUP.Optional.BundleLoader.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\PhotoScape_V3-6-5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Bambi- A Life in the Woods.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Bambi- A Life in the Woods (1).exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\AMD64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\X86\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\FSCapture63\keygen.zip (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\FSCapture63\FastStone.Capture.v6.3.Incl.Keygen-ViRiLiTY\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Program Files\Ss-Helper\psupport.dll (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\Installer.exe (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\trzBD.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
D:\Garena Plus\bbtalk\update\temp\restore\10094\BTalkLoader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Garena Plus\bbtalk\update\temp\restore\10095\BTalkLoader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Home Sweet Home 2 Kitchens And Baths\Home Sweet Home 2.exe.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\SmileysWeLove.ico (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\AddinExpress.IE.tlb (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\SWLSettingsApp.exe (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\adxloader64.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\adxregistrator.exe (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\AddinExpress.IE.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\SWLSettingsApp.exe.config (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\SWLHelperLibrary.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\HtmlAgilityPack.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\SmileysWeLoveToolbar.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\Microsoft.mshtml.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\adxloader.dll.manifest (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\Interop.SHDocVw.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\System.Net.Json.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\SWLCustomInstaller.dll (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\adxloader.exe (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Program Files\Smileys We Love Toolbar for IE\SWLCustomInstaller.InstallState (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SmileysWeLove for IE\SmileysWeLove Settings for IE.lnk (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\E9HJpsYZv2.tlb (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\E9HJpsYZv2.dat (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\hvsg1iAazgw.dat (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\OpenCandy\481D251B7D5B48AAAA299742B861A399\SmileysWeLove_SetupS_cdn.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\OpenCandy\3DA2D432647248D19E203ABB8AA1A4F0\Mobogenie_Setup_2.1.37_507.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\KohakuNushi\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)
Appreciate for your help, dude ~

*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #5 on: January 28, 2014, 09:29:36 AM »
RK log ->

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : KohakuNushi [Admin rights]
Mode : Scan -- Date : 01/28/2014 22:18:54
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 4
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=; [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 1
[V1][SUSP PATH] SBW_UpdateTask_Time_323236303431353836382d3437415a556c2a3223346c41.job : C:\WINDOWS\system32\wscript.exe - //B "C:\Documents and Settings\All Users\Application Data\SpeedBit\sbhe.js" sbu.exe /invoke /f:check_services /l:0 [7][-]
  • -> FOUND


Startup Entries : 0

Web browsers : 0

Browser Addons : 0

Particular Files / Folders:

Driver : [LOADED]

External Hives:

Infection : 

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST340014A +++++
--- User ---
[MBR] 3273cc4b747accd6109d7b3df5ecd6f2
[BSP] d6f0c94f49739e31a910e1eb2ab784f8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 20010 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40981815 | Size: 18128 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01282014_221854.txt >>

That's all.
Appreciate for your help, dude ~

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] The popup cause a lot of problem
« Reply #6 on: January 28, 2014, 01:40:12 PM »
Thanks for logs and update, Re-run FRST again, make sure all boxes underneath "WhiteList" are checked, also "Addition.txt" is checked underneath "Optional scan"

Select the "Scan" tab, FRST will produce two logs again, copy/paste or attach to next reply....

Thank you,

Kevin...

*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #7 on: January 28, 2014, 08:18:01 PM »
You don't need to thank me. After all, it's me who have to thank you  :t

FRST log =>

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014
Ran by KohakuNushi (administrator) on SON on 29-01-2014 09:12:37
Running from C:\Documents and Settings\KohakuNushi\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(Oracle Corporation) D:\Javavavava\bin\jqs.exe
(Bitsum Technologies) D:\Process Lasso\ProcessLasso.exe
(Bitsum Technologies) D:\Process Lasso\ProcessGovernor.exe
(Tonec Inc.) D:\Internet Download Manager\IDMan.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
() D:\UniKey\UniKey.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [ProcessLassoManagementConsole] - D:\Process Lasso\processlasso.exe [957224 2013-01-16] (Bitsum Technologies)
HKLM\...\Run: [ProcessGovernor] - D:\Process Lasso\processgovernor.exe [642344 2013-01-16] (Bitsum Technologies)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [IDMan] - D:\Internet Download Manager\IDMan.exe [3118512 2012-02-06] (Tonec Inc.)
HKCU\...\Run: [UniKey] - D:\UniKey\UniKey.exe [208896 2006-04-19] ()
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default User\...\RunOnce: [_nltide_2] - regsvr32 /s /n /i:U shell32

==================== Internet (Whitelisted) ====================

ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0201B528C51BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Javavavava\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Javavavava\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 02 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 03 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 04 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 05 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Winsock: Catalog9 17 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Tcpip\Parameters: [DhcpNameServer] 112.197.5.3 208.67.222.222 203.119.36.106
Tcpip\..\Interfaces\{D8C1B57F-BCEF-4454-B3FF-08A99E3B4B69}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\Javavavava\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk - D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Auto Hide IP - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\support@auto-hide-ip.com.xpi [2013-04-10]
FF Extension: AutoProxy - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\autoproxy@autoproxy.org.xpi [2013-04-04]
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Documents and Settings\KohakuNushi\Application Data\Mozilla\Firefox\Profiles\93ddn55e.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2013-11-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\KohakuNushi\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\KohakuNushi\Application Data\IDM\idmmzcc3 [2012-12-11]
FF StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "sync" : {
      "dictionary" : false,
      "keep_everything_synced" : false,
      "preferences" : false,
      "priority_preferences" : false,
      "search_engines"
CHR DefaultSearchKeyword: google.com.vn
CHR DefaultNewTabURL:
CHR Extension: (NAVER Vietnam Toolbar for Chrome) - C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfgmhilhjkklfkcopoogicgkbpnocdoe [2013-10-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR Extension: (New Tab Launch) - C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbhplonhjleiopohgmppianogioknked [2014-01-23]
CHR HKLM\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [2013-12-26]
CHR HKLM\...\Chrome\Extension: [mfgmhilhjkklfkcopoogicgkbpnocdoe] - C:\Program Files\Naver\NaverChromeToolbar\naver_chrome_toolbar_vn_win.crx [2012-09-05]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 JavaQuickStarterService; D:\Javavavava\bin\jqs.exe [182184 2013-08-06] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1749112 2014-01-26] (Speedbit Ltd.)

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-08-23] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [175176 2013-08-23] ()
S3 ATWPKT2; C:\WINDOWS\system32\drivers\ATWPKT2.SYS [24368 2009-09-01] (America Online)
R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)
R0 diskpt; C:\WINDOWS\System32\drivers\diskpt.sys [204384 2011-03-31] (SHADOWDEFENDER.COM)
R1 ISODrive; D:\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-01-26] ()
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-01-04] (AnchorFree Inc)
S3 cpuz135; \??\C:\DOCUME~1\KOHAKU~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys

S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys

S3 wanatw; system32\DRIVERS\wanatw4.sys

S3 XDva401; \??\C:\WINDOWS\system32\XDva401.sys


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 22:18 - 2014-01-28 22:18 - 04122368 _____ C:\WINDOWS\system32\Drivers\alcxwdm.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 01373120 _____ C:\WINDOWS\system32\Drivers\cmuda.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 01302332 _____ C:\WINDOWS\system32\Drivers\ialmnt5.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00799744 _____ C:\WINDOWS\system32\Drivers\dmboot.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00576384 _____ C:\WINDOWS\system32\Drivers\ntfs.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00457856 _____ C:\WINDOWS\system32\Drivers\mrxsmb.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00384768 _____ C:\WINDOWS\system32\Drivers\update.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00361600 _____ C:\WINDOWS\system32\Drivers\tcpip.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00357888 _____ C:\WINDOWS\system32\Drivers\srv.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00352256 _____ C:\WINDOWS\system32\Drivers\atmuni.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00272128 _____ C:\WINDOWS\system32\Drivers\bthport.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00265728 _____ C:\WINDOWS\system32\Drivers\http.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00262528 _____ C:\WINDOWS\system32\Drivers\cinemst2.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00226880 _____ C:\WINDOWS\system32\Drivers\tcpip6.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00204384 _____ C:\WINDOWS\system32\Drivers\diskpt.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00203136 _____ C:\WINDOWS\system32\Drivers\RMCast.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00196224 _____ C:\WINDOWS\system32\Drivers\rdpdr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00187776 _____ C:\WINDOWS\system32\Drivers\acpi.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00182656 _____ C:\WINDOWS\system32\Drivers\ndis.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00179712 _____ C:\WINDOWS\system32\Drivers\mrxdav.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00174848 _____ C:\WINDOWS\system32\Drivers\rdbss.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00172416 _____ C:\WINDOWS\system32\Drivers\kmixer.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00163584 _____ C:\WINDOWS\system32\Drivers\nwrdr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00162816 _____ C:\WINDOWS\system32\Drivers\netbt.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00153344 _____ C:\WINDOWS\system32\Drivers\dmio.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00152832 _____ C:\WINDOWS\system32\Drivers\ipnat.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00146048 _____ C:\WINDOWS\system32\Drivers\portcls.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00144384 _____ C:\WINDOWS\system32\Drivers\hdaudbus.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00144128 _____ C:\WINDOWS\system32\Drivers\usbport.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00143744 _____ C:\WINDOWS\system32\Drivers\fastfat.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00142592 _____ C:\WINDOWS\system32\Drivers\aec.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00141056 _____ C:\WINDOWS\system32\Drivers\ks.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00139784 _____ C:\WINDOWS\system32\Drivers\rdpwd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00138496 _____ C:\WINDOWS\system32\Drivers\afd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00129792 _____ C:\WINDOWS\system32\Drivers\fltMgr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00125056 _____ C:\WINDOWS\system32\Drivers\ftdisk.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00120192 _____ C:\WINDOWS\system32\Drivers\pcmcia.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00105472 _____ C:\WINDOWS\system32\Drivers\mup.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00096512 _____ C:\WINDOWS\system32\Drivers\atapi.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00096384 _____ C:\WINDOWS\system32\Drivers\scsiport.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00092928 _____ C:\WINDOWS\system32\Drivers\ksecdd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00092544 _____ C:\WINDOWS\system32\Drivers\mqac.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00091520 _____ C:\WINDOWS\system32\Drivers\ndiswan.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00088320 _____ C:\WINDOWS\system32\Drivers\nwlnkipx.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00083072 _____ C:\WINDOWS\system32\Drivers\wdmaud.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00082944 _____ C:\WINDOWS\system32\Drivers\wudfrd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00081664 _____ C:\WINDOWS\system32\Drivers\videoprt.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00080128 _____ C:\WINDOWS\system32\Drivers\parport.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00079232 _____ C:\WINDOWS\system32\Drivers\sdbus.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00077568 _____ C:\WINDOWS\system32\Drivers\wudfpf.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00075264 _____ C:\WINDOWS\system32\Drivers\ipsec.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00073472 _____ C:\WINDOWS\system32\Drivers\sr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00071552 _____ C:\WINDOWS\system32\Drivers\bridge.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00071168 _____ C:\WINDOWS\system32\Drivers\dxg.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00069120 _____ C:\WINDOWS\system32\Drivers\psched.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00068224 _____ C:\WINDOWS\system32\Drivers\pci.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00066048 _____ C:\WINDOWS\system32\Drivers\udfs.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00064512 _____ C:\WINDOWS\system32\Drivers\serial.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00063744 _____ C:\WINDOWS\system32\Drivers\mf.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00063744 _____ C:\WINDOWS\system32\Drivers\cdfs.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00063232 _____ C:\WINDOWS\system32\Drivers\nwlnknb.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00062976 _____ C:\WINDOWS\system32\Drivers\cdrom.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00062848 _____ C:\WINDOWS\system32\Drivers\rspndr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00061824 _____ C:\WINDOWS\system32\Drivers\nic1394.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00060800 _____ C:\WINDOWS\system32\Drivers\sysaudio.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00060800 _____ C:\WINDOWS\system32\Drivers\arp1394.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00060160 _____ C:\WINDOWS\system32\Drivers\drmk.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00059904 _____ C:\WINDOWS\system32\Drivers\atmarpc.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00059520 _____ C:\WINDOWS\system32\Drivers\usbhub.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00058112 _____ C:\WINDOWS\system32\Drivers\vdmindvd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00057600 _____ C:\WINDOWS\system32\Drivers\redbook.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00056576 _____ C:\WINDOWS\system32\Drivers\swmidi.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00055936 _____ C:\WINDOWS\system32\Drivers\nwlnkspx.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00055808 _____ C:\WINDOWS\system32\Drivers\atmlane.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00052864 _____ C:\WINDOWS\system32\Drivers\DMusic.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00052480 _____ C:\WINDOWS\system32\Drivers\i8042prt.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00052352 _____ C:\WINDOWS\system32\Drivers\volsnap.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00051712 _____ C:\WINDOWS\system32\Drivers\tosdvd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00051328 _____ C:\WINDOWS\system32\Drivers\rasl2tp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00049536 _____ C:\WINDOWS\system32\Drivers\classpnp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00049408 _____ C:\WINDOWS\system32\Drivers\stream.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00048384 _____ C:\WINDOWS\system32\Drivers\raspptp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00044544 _____ C:\WINDOWS\system32\Drivers\fips.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00042752 _____ C:\WINDOWS\system32\Drivers\p3.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00042368 _____ C:\WINDOWS\system32\Drivers\mountmgr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00042112 _____ C:\WINDOWS\system32\Drivers\imapi.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00041472 _____ C:\WINDOWS\system32\Drivers\raspppoe.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00040960 _____ C:\WINDOWS\system32\Drivers\ndproxy.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00040840 _____ C:\WINDOWS\system32\Drivers\termdd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00040776 _____ C:\WINDOWS\system32\Drivers\mbamswissarmy.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00040320 _____ C:\WINDOWS\system32\Drivers\nmnt.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00038528 _____ C:\WINDOWS\system32\Drivers\wpdusb.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00037760 _____ C:\WINDOWS\system32\Drivers\amdk7.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00037376 _____ C:\WINDOWS\system32\Drivers\amdk6.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00037248 _____ C:\WINDOWS\system32\Drivers\isapnp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00036864 _____ C:\WINDOWS\system32\Drivers\hidclass.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00036736 _____ C:\WINDOWS\system32\Drivers\crusoe.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00036608 _____ C:\WINDOWS\system32\Drivers\ip6fw.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00036352 _____ C:\WINDOWS\system32\Drivers\intelppm.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00036352 _____ C:\WINDOWS\system32\Drivers\disk.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00035840 _____ C:\WINDOWS\system32\Drivers\processr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00035072 _____ C:\WINDOWS\system32\Drivers\msgpc.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00034688 _____ C:\WINDOWS\system32\Drivers\netbios.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00034560 _____ C:\WINDOWS\system32\Drivers\wanarp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00034432 _____ C:\WINDOWS\system32\Drivers\rawwan.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00033512 _____ C:\WINDOWS\system32\Drivers\taphss.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00033400 _____ C:\WINDOWS\system32\Drivers\atwpkt264.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00032896 _____ C:\WINDOWS\system32\Drivers\ipfltdrv.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00032512 _____ C:\WINDOWS\system32\Drivers\nwlnkfwd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00031360 _____ C:\WINDOWS\system32\Drivers\atmepvc.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00030848 _____ C:\WINDOWS\system32\Drivers\npfs.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00030592 _____ C:\WINDOWS\system32\Drivers\rndismp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00030336 _____ C:\WINDOWS\system32\Drivers\usbehci.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00030080 _____ C:\WINDOWS\system32\Drivers\modem.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00027392 _____ C:\WINDOWS\system32\Drivers\fdc.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00026368 _____ C:\WINDOWS\system32\Drivers\usbstor.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00025728 _____ C:\WINDOWS\system32\Drivers\usbcamd2.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00025600 _____ C:\WINDOWS\system32\Drivers\usbcamd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00025344 _____ C:\WINDOWS\system32\Drivers\sonydcam.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00024960 _____ C:\WINDOWS\system32\Drivers\pciidex.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00024960 _____ C:\WINDOWS\system32\Drivers\hidparse.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00024576 _____ C:\WINDOWS\system32\Drivers\kbdclass.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00024368 _____ C:\WINDOWS\system32\Drivers\atwpkt2.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00023040 _____ C:\WINDOWS\system32\Drivers\mouclass.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00022856 _____ C:\WINDOWS\system32\Drivers\mbam.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00021896 _____ C:\WINDOWS\system32\Drivers\tdtcp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00021376 _____ C:\WINDOWS\system32\Drivers\tsbvcap.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00020992 _____ C:\WINDOWS\system32\Drivers\vga.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00020992 _____ C:\WINDOWS\system32\Drivers\RTL8139.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00020864 _____ C:\WINDOWS\system32\Drivers\ipinip.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00020608 _____ C:\WINDOWS\system32\Drivers\usbuhci.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00020480 _____ C:\WINDOWS\system32\Drivers\secdrv.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00020480 _____ C:\WINDOWS\system32\Drivers\flpydisk.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00019712 _____ C:\WINDOWS\system32\Drivers\partmgr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00019072 _____ C:\WINDOWS\system32\Drivers\tdi.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00019072 _____ C:\WINDOWS\system32\Drivers\msfs.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00018688 _____ C:\WINDOWS\system32\Drivers\cdaudio.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00017792 _____ C:\WINDOWS\system32\Drivers\ptilink.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00016512 _____ C:\WINDOWS\system32\Drivers\raspti.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00015872 _____ C:\WINDOWS\system32\Drivers\usbintel.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00015744 _____ C:\WINDOWS\system32\Drivers\serenum.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00015488 _____ C:\WINDOWS\system32\Drivers\mssmbios.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00014976 _____ C:\WINDOWS\system32\Drivers\tape.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00014592 _____ C:\WINDOWS\system32\Drivers\smclib.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00014592 _____ C:\WINDOWS\system32\Drivers\ndisuio.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00014336 _____ C:\WINDOWS\system32\Drivers\asyncmac.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00014208 _____ C:\WINDOWS\system32\Drivers\diskdump.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00013952 _____ C:\WINDOWS\system32\Drivers\cbidf2k.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012800 _____ C:\WINDOWS\system32\Drivers\usb8023.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012416 _____ C:\WINDOWS\system32\Drivers\nwlnkflt.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012288 _____ C:\WINDOWS\system32\Drivers\tunmp.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012160 _____ C:\WINDOWS\system32\Drivers\mouhid.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012160 _____ C:\WINDOWS\system32\Drivers\fsvga.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012040 _____ C:\WINDOWS\system32\Drivers\tdpipe.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012032 _____ C:\WINDOWS\system32\Drivers\ws2ifsl.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012032 _____ C:\WINDOWS\system32\Drivers\riodrv.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012032 _____ C:\WINDOWS\system32\Drivers\rio8drv.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00012032 _____ C:\WINDOWS\system32\Drivers\nikedrv.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00011904 _____ C:\WINDOWS\system32\Drivers\sffdisk.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00011776 _____ C:\WINDOWS\system32\Drivers\cpqdap01.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00011648 _____ C:\WINDOWS\system32\Drivers\acpiec.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00011392 _____ C:\WINDOWS\system32\Drivers\sfloppy.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00011264 _____ C:\WINDOWS\system32\Drivers\irenum.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00011008 _____ C:\WINDOWS\system32\Drivers\sffp_sd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00010496 _____ C:\WINDOWS\system32\Drivers\ndistapi.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00010496 _____ C:\WINDOWS\system32\Drivers\dxapi.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00010368 _____ C:\WINDOWS\system32\Drivers\hidusb.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00010240 _____ C:\WINDOWS\system32\Drivers\sffp_mmc.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00008832 _____ C:\WINDOWS\system32\Drivers\rasacd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00007936 _____ C:\WINDOWS\system32\Drivers\fs_rec.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00007680 _____ C:\WINDOWS\system32\Drivers\mcd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00007552 _____ C:\WINDOWS\system32\Drivers\MSKSSRV.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00006784 _____ C:\WINDOWS\system32\Drivers\parvdm.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00006272 _____ C:\WINDOWS\system32\Drivers\splitter.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00005888 _____ C:\WINDOWS\system32\Drivers\rootmdm.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00005888 _____ C:\WINDOWS\system32\Drivers\dmload.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00005504 _____ C:\WINDOWS\system32\Drivers\intelide.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00005376 _____ C:\WINDOWS\system32\Drivers\MSPCLOCK.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00004992 _____ C:\WINDOWS\system32\Drivers\MSPQM.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00004736 _____ C:\WINDOWS\system32\Drivers\usbd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00004352 _____ C:\WINDOWS\system32\Drivers\wmilib.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00004352 _____ C:\WINDOWS\system32\Drivers\swenum.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00004224 _____ C:\WINDOWS\system32\Drivers\rdpcdd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00004224 _____ C:\WINDOWS\system32\Drivers\mnmdd.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00004224 _____ C:\WINDOWS\system32\Drivers\beep.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00003567 _____ C:\WINDOWS\system32\Drivers\PortTalk.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00003456 _____ C:\WINDOWS\system32\Drivers\oprghdlr.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00003328 _____ C:\WINDOWS\system32\Drivers\pciide.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00003328 _____ C:\WINDOWS\system32\Drivers\dxgthk.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00003072 _____ C:\WINDOWS\system32\Drivers\audstub.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00002944 _____ C:\WINDOWS\system32\Drivers\null.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00002944 _____ C:\WINDOWS\system32\Drivers\drmkaud.sys.dump
2014-01-28 22:18 - 2014-01-28 22:18 - 00001992 _____ C:\Documents and Settings\KohakuNushi\Desktop\RKreport[0]_S_01282014_221854.txt
2014-01-28 22:18 - 2014-01-28 22:18 - 00000000 ____D C:\WINDOWS\snack
2014-01-28 22:15 - 2014-01-28 22:15 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Desktop\RK_Quarantine
2014-01-28 22:07 - 2014-01-28 22:07 - 00000000 ____D C:\AdwCleaner
2014-01-28 19:35 - 2014-01-28 19:35 - 00000088 _____ C:\Documents and Settings\KohakuNushi\2145043179639519087.log
2014-01-28 09:42 - 2014-01-28 09:42 - 00000000 ____D C:\FRST
2014-01-27 10:01 - 2014-01-27 10:01 - 00010977 _____ C:\Documents and Settings\KohakuNushi\Desktop\dds.txt
2014-01-27 10:01 - 2014-01-27 10:01 - 00006569 _____ C:\Documents and Settings\KohakuNushi\Desktop\attach.txt
2014-01-26 23:22 - 2014-01-26 23:25 - 00004166 _____ C:\Documents and Settings\KohakuNushi\Desktop\Rkill.txt
2014-01-25 23:20 - 2014-01-25 23:20 - 00000538 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\Malwarebytes
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-25 23:20 - 2014-01-25 23:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-25 23:20 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-25 17:17 - 2014-01-25 17:17 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem
2014-01-25 10:26 - 2014-01-25 10:26 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\CocCoc
2014-01-25 10:26 - 2014-01-25 10:26 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Application Data\CocCoc
2014-01-24 20:48 - 2014-01-25 10:34 - 00005494 _____ C:\WINDOWS\setupapi.log
2014-01-23 17:06 - 2014-01-27 09:58 - 00000954 _____ C:\WINDOWS\Tasks\SBW_UpdateTask_Time_323236303431353836382d3437415a556c2a3223346c41.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000572 _____ C:\WINDOWS\Tasks\SBWUpdateTask_Time_1cceb348-001966433E55.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000572 _____ C:\WINDOWS\Tasks\SBWUpdateTask_Logon_1cceb348-001966433E55.job
2014-01-23 17:06 - 2014-01-23 17:06 - 00000000 ____D C:\Program Files\Common Files\SpeedBit
2014-01-23 17:06 - 2014-01-23 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedBit
2014-01-23 16:50 - 2014-01-23 16:50 - 00000000 __SHD C:\FOUND.000
2014-01-22 23:47 - 2014-01-22 23:47 - 00000000 ____D C:\Documents and Settings\KohakuNushi\.android
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\cache
2014-01-22 23:46 - 2014-01-22 23:46 - 00000000 _____ C:\Documents and Settings\KohakuNushi\daemonprocess.txt
2014-01-19 22:38 - 2014-01-19 22:59 - 85966896 _____ C:\Documents and Settings\KohakuNushi\My Documents\12 step suite full - By Dream Theater._(360p).mp4
2014-01-18 23:17 - 2014-01-24 21:05 - 00002140 _____ C:\WINDOWS\wmsetup.log
2014-01-18 22:36 - 2014-01-18 22:36 - 00069816 _____ C:\Documents and Settings\KohakuNushi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-18 12:20 - 2014-01-18 12:21 - 00261432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-18 11:17 - 2014-01-29 01:50 - 00045946 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-18 09:09 - 2014-01-18 09:09 - 00000120 _____ C:\WINDOWS\setupact.log
2014-01-18 09:09 - 2014-01-18 09:09 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-18 09:07 - 2014-01-18 09:07 - 00034996 _____ C:\Documents and Settings\KohakuNushi\My Documents\cc_20140118_090732.reg
2014-01-18 09:01 - 2014-01-18 09:01 - 00000000 __SHD C:\FOUND.065
2014-01-15 12:14 - 2014-01-15 12:14 - 00000000 _____ C:\unp303476962639793734.mdmp
2014-01-14 09:50 - 2014-01-14 09:50 - 00000000 ____D C:\Documents and Settings\All Users\Documents\sun
2014-01-14 09:48 - 2014-01-14 09:48 - 00000601 _____ C:\Documents and Settings\All Users\Desktop\LibreOffice 4.1.lnk
2014-01-14 09:48 - 2014-01-14 09:48 - 00000000 ___SD C:\Documents and Settings\All Users\Start Menu\Programs\LibreOffice 4.1
2014-01-12 16:04 - 2014-01-13 23:33 - 04372316 _____ C:\Documents and Settings\KohakuNushi\My Documents\tin.odp
2014-01-07 08:34 - 2014-01-07 08:34 - 00000000 ____D C:\Documents and Settings\KohakuNushi\Desktop\Unused Desktop Shortcuts
Appreciate for your help, dude ~

*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #8 on: January 28, 2014, 08:22:19 PM »
Some content of TEMP:
====================
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\KohakuNushi\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2009-01-08 19:07] - [2009-01-08 19:07] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition log =>

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014
Ran by KohakuNushi at 2014-01-29 09:13:35
Running from C:\Documents and Settings\KohakuNushi\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Auto Hide IP (Version: 5.3.0.8 - )
avast! Free Antivirus (Version: 8.0.1489.0 - AVAST Software)
ButtonBeats Virtual Piano (Version: 6 - UNKNOWN)
ButtonBeats Virtual Piano (Version: 6 - UNKNOWN) Hidden
Cheat Engine 6.2 (Version:  - Dark Byte)
Cheat Engine 6.3 (Version:  - Cheat Engine)
C-Media WDM Audio Driver (Version:  - )
CoreAVC Professional Edition (remove only) (Version:  - )
Counter-strike (Version:  - )
Desktop Toys (Version:  - )
DriverIdentifier 4.2.3 (Version:  - DriverIdentifier)
FLV to MP3 Converter 2.2.2.0 (Version: 2.2.2.0 - AbyssMedia.com)
FormatFactory 3.0.1 (Version: 3.0.1 - Free Time)
Foxit Reader (Version: 5.4.5.114 - Foxit Corporation)
Free Pascal 2.6.2 (Version:  - Free Pascal Team)
GameRanger (HKCU Version:  - GameRanger Technologies)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Heavy Weapon Deluxe (Version:  - Home)
Intel(R) Extreme Graphics 2 Driver (Version: 6.14.10.4396 - )
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.6.0 (Full) (Version: 9.6.0 - )
Kungfu Master (Version:  - )
LibreOffice 4.1.4.2 (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.0.318.3 - McAfee, Inc.)
Melody Assistant (Version: 7.6.2m - Myriad SARL)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft1.5.1 (Version:  - )
Monopoly Free Trial (Version:  - GameHouse)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 20.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoScape (Version:  - )
Process Lasso (Version: 6.0.2.44 - Bitsum Technologies)
Realtek AC'97 Audio (Version: 5.36 - Realtek Semiconductor Corp.)
Rock Legend (Version:  - )
Shadow Defender (Version: 1.1.0.331 - ShadowDefender.com)
Smileys We Love Toolbar for IE (Version: 3.0.22 - SqueekyChocolate, LLC)
StepMania CVS 4.0 (remove only) (Version:  - )
SuperCleaner (Version:  - )
The KMPlayer (remove only) (Version: 3.4.0.59 - KMP Media co., Ltd)
UltraISO Premium V9.52 (Version:  - )
Uninstall (Version: 1.0 - [V-Z] Repack Team)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH)
WWE RAW I - Ultimate Impact (Version:  - )
Yahoo! Messenger (Version:  - Yahoo! Inc.)
Youtube Downloader HD v. 2.9.9.11 (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2001-08-23 11:00 - 2013-02-11 23:25 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F688D42-736E-4327-93EB-2F80C5003E85}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ceebd6e89cbb7c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SBWUpdateTask_Logon_1cceb348-001966433E55.job => ?
Task: C:\WINDOWS\Tasks\SBWUpdateTask_Time_1cceb348-001966433E55.job => ?
Task: C:\WINDOWS\Tasks\SBW_UpdateTask_Time_323236303431353836382d3437415a556c2a3223346c41.job => C:\Documents and Settings\All Users\Application Data\SpeedBit\sbhe.js" sbu.exe

==================== Loaded Modules (whitelisted) =============

2014-01-29 09:11 - 2014-01-29 00:02 - 02258432 _____ () C:\Program Files\AVAST Software\Avast\defs\14012801\algo.dll
2006-04-19 06:53 - 2006-04-19 06:53 - 00188416 _____ () D:\UniKey\UKHook40.dll
2013-04-20 23:27 - 2011-10-28 11:37 - 00166912 ____C () D:\FLV to MP3 Converter\flvtomp3.dll
2014-01-26 19:22 - 2014-01-26 19:22 - 01011320 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll
2014-01-17 09:21 - 2014-01-11 17:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 09:22 - 2014-01-11 17:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 09:21 - 2014-01-11 17:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2014 08:51:29 PM) (Source: Application Error) (User: )
Description: Faulting application autohideip.exe, version 5.3.0.8, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [autohideip.exe!ws!]

Error: (01/24/2014 08:51:29 PM) (Source: Application Error) (User: )
Description: Faulting application autohideip.exe, version 5.3.0.8, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [autohideip.exe!ws!]

Error: (01/24/2014 08:51:29 PM) (Source: Application Error) (User: )
Description: Faulting application autohideip.exe, version 5.3.0.8, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [autohideip.exe!ws!]

Error: (01/24/2014 08:51:29 PM) (Source: Application Error) (User: )
Description: Faulting application autohideip.exe, version 5.3.0.8, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [autohideip.exe!ws!]

Error: (01/23/2014 05:08:13 PM) (Source: Application Error) (User: )
Description: Faulting application sbu.exe, version 2.1.0.41, faulting module ole32.dll, version 5.1.2600.6168, fault address 0x0004c8cd.
Processing media-specific event for [sbu.exe!ws!]

Error: (01/18/2014 11:03:05 AM) (Source: Application Error) (User: )
Description: Faulting application risksa.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000109d8.
Processing media-specific event for [risksa.exe!ws!]

Error: (01/07/2014 11:27:25 AM) (Source: Application Error) (User: )
Description: Faulting application gta-vc.exe, version 0.0.0.0, faulting module gta-vc.exe, version 0.0.0.0, fault address 0x00049bad.
Processing media-specific event for [gta-vc.exe!ws!]

Error: (11/30/2013 09:39:35 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/15/2013 09:17:29 AM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 30.0.1599.69, faulting module chrome.dll, version 30.0.1599.69, fault address 0x00775435.
Processing media-specific event for [chrome.exe!ws!]

Error: (09/22/2013 11:19:58 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]


System errors:
=============
Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2014 09:09:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1014.8 MB
Available physical RAM: 532.04 MB
Total Pagefile: 1321.64 MB
Available Pagefile: 859.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:1.86 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive d: (AUTO) (Fixed) (Total:17.7 GB) (Free:1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 17471747)
Partition 1: (Active) - (Size=20 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=18 GB) - (Type=OF Extended)

==================== End Of Log ============================

And sorry. It keeps telling that I reach 5k characters. And one more question from the annoyer  :w2 why do you tell me to run FRST again? Is there something new?
Appreciate for your help, dude ~

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] The popup cause a lot of problem
« Reply #9 on: January 29, 2014, 01:51:08 AM »
The Forum does have a character limit on replies, if the reply exceeds that limit an alert is generated.

I ask for a second set of FRST logs to double check system after changes have been made....

Ok we continue:

Download TFC  to your desktop, from either of the following links
http://oldtimer.geekstogo.com/TFC.exe
http://itxassociates.com/OT-Tools/TFC.exe
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
Click Start
  • When asked, allow the add/on to be installed
Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report in next reply

Let me see that log, also give an update on any remaining issues or concerns.....

Kevin.... :t

*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #10 on: January 30, 2014, 06:17:34 AM »
Just let ESET and Avast to do its thing, everything is fine, until...I have to say: HOLY ****! After about 3 months of not doing virus checking, I have 400 infected files! Oh gawd! This is s***! Sorry for censoring.

ESET log =>

C:\Documents and Settings\All Users\Application Data\InstallMate\{9D36A189-D970-4A07-A8EC-915246D5837F}\Custom.dll   Win32/InstalleRex.L application   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\youtube_downloader_hd_setup.exe   Win32/OpenCandy application   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\CheatEngine63.exe   multiple threats   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Compressed\[Dytoshar]AutoHideIP 5.3.0.8\AutoHideIP-5.3.0.8.Setup.exe   a variant of Win32/Bundled.Toolbar.Ask application   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Programs\CheatEngine62.exe   multiple threats   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Programs\cbsidlm-cbsi145-Songs_of_Araiah-ORG-10909816.exe   a variant of Win32/CNETInstaller.B application   
C:\Documents and Settings\KohakuNushi\Application Data\satoolbar.exe   Win32/Toolbar.SearchAmong.A application   
C:\Documents and Settings\KohakuNushi\Application Data\vioplayer_d1983274.exe   a variant of Win32/InstallIQ.A application   
C:\Documents and Settings\KohakuNushi\Application Data\IDM\DwnlData\KohakuNushi\AutoHideIP-5.2.3.2.Setup_246\AutoHideIP-5.2.3.2.Setup.exe   a variant of Win32/Bundled.Toolbar.Ask application   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4ED.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz500.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz501.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz502.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz503.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz504.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz505.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz506.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz507.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz508.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz509.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz511.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz512.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz513.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz514.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz515.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz516.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz517.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz518.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz520.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz521.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz522.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz524.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz525.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz526.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz527.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz528.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz529.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz530.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz531.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz532.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz533.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz534.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz535.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz536.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz537.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz538.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz539.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz540.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz541.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz542.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz543.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz544.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz545.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz546.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz547.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz549.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz550.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz551.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz552.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz553.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz554.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz555.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz556.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz557.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz558.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz559.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz560.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz561.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz562.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz563.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz565.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz566.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz568.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz569.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz570.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz571.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz572.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz573.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz574.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz575.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz576.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz577.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz578.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz579.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz580.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz581.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz582.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz583.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz584.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz585.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz586.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz587.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz588.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz589.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz590.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz591.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz592.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz593.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz594.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz595.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz596.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz597.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz598.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz599.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E2.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EC.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5ED.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F0.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F1.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F3.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F4.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F5.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F6.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F7.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F8.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F9.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FA.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FB.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FD.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FF.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz600.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz601.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz602.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz603.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz604.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz605.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz606.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz607.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz608.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz609.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz610.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz611.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz612.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz613.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz614.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz615.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz616.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz617.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz618.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz619.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz620.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz621.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz622.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz623.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz624.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz625.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz626.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz627.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz628.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz629.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz630.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz631.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz632.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz633.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz634.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz635.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz636.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz637.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz639.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63A.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63E.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63F.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz640.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz641.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz642.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz643.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz644.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz645.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz646.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz648.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz649.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64B.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64C.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64D.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi32.exe   a variant of Win32/SBWatchman.A application   
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll   a variant of Win32/SBWatchman.A application   
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll   a variant of Win32/SBWatchman.A application   
C:\FRST\Quarantine\trzB9.tmp   a variant of Win32/Injector.Autoit.ABF trojan   
C:\FRST\Quarantine\trzBA.tmp   a variant of Win32/Injector.Autoit.ABF trojan   
C:\FRST\Quarantine\trzBB.tmp   a variant of Win32/Injector.Autoit.ABF trojan   
C:\FRST\Quarantine\trzBE.tmp   a variant of Win32/Kryptik.BTPO trojan   
C:\AdwCleaner\Quarantine\C\Documents and Settings\KohakuNushi\Local Settings\Application Data\genienext\nengine.dll.vir   Win32/NextLive.A application   
D:\Cheat Engine 6.2\cheatengine-i386.exe   a variant of Win32/HackTool.CheatEngine.AB application   
D:\Cheat Engine 6.2\standalonephase1.dat   a variant of Win32/HackTool.CheatEngine.AF application   
D:\Cheat Engine 6.3\cheatengine-i386.exe   a variant of Win32/HackTool.CheatEngine.AB application   
D:\Cheat Engine 6.3\standalonephase1.dat   a variant of Win32/HackTool.CheatEngine.AF application   

Yes you may notice there are a lot of CE files. I use CE for hacking some games. And if there are something weird that you haven't seen, tell me, and I'll look through and give you the answer. Oh and BTW, by the time I wrote this, after 5 hours more, is Lunar New Year!  :p
Appreciate for your help, dude ~

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] The popup cause a lot of problem
« Reply #11 on: January 30, 2014, 07:14:05 AM »
Hope enjoy your celebrations for Lunar Near Year....

We continue....

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

Code: [Select]
:Files
C:\Documents and Settings\All Users\Application Data\InstallMate\{9D36A189-D970-4A07-A8EC-915246D5837F}\Custom.dll   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\youtube_downloader_hd_setup.exe     
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\CheatEngine63.exe   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Compressed\[Dytoshar]AutoHideIP 5.3.0.8\AutoHideIP-5.3.0.8.Setup.exe   
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Programs\CheatEngine62.exe     
C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Programs\cbsidlm-cbsi145-Songs_of_Araiah-ORG-10909816.exe
C:\Documents and Settings\KohakuNushi\Application Data\satoolbar.exe   
C:\Documents and Settings\KohakuNushi\Application Data\vioplayer_d1983274.exe     
C:\Documents and Settings\KohakuNushi\Application Data\IDM\DwnlData\KohakuNushi\AutoHideIP-5.2.3.2.Setup_246\AutoHideIP-5.2.3.2.Setup.exe   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C1.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C2.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C6.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CB.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CD.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CF.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D1.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D3.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D6.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DB.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DD.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DF.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E0.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E1.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E3.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E6.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EB.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4ED.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EF.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F3.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F6.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F7.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FB.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FD.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FF.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz500.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz501.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz502.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz503.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz504.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz505.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz506.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz507.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz508.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz509.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz511.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz512.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz513.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz514.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz515.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz516.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz517.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz518.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51A.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51B.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz520.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz521.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz522.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz524.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz525.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz526.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz527.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz528.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz529.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52B.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52C.tmp 
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz530.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz531.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz532.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz533.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz534.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz535.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz536.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz537.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz538.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz539.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53F.tmp 
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz540.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz541.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz542.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz543.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz544.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz545.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz546.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz547.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz549.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54A.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz550.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz551.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz552.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz553.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz554.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz555.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz556.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz557.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz558.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz559.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz560.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz561.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz562.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz563.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz565.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz566.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz568.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz569.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56C.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz570.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz571.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz572.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz573.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz574.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz575.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz576.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz577.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz578.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz579.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57A.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57B.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57C.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz580.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz581.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz582.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz583.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz584.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz585.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz586.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz587.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz588.tmp
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz589.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58B.tmp 
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz590.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz591.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz592.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz593.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz594.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz595.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz596.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz597.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz598.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz599.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59A.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59B.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59C.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59D.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A1.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A5.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A6.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A9.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AB.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AD.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AF.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B1.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B3.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B6.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BB.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BD.tmp 
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BE.tmp 
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BF.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C1.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C3.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C6.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CB.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CD.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CF.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D1.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D3.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D6.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D8.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DB.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DC.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DD.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DE.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DF.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E1.tmp 
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E2.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E3.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E5.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E6.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E8.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E9.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EA.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EB.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EC.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5ED.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EF.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F0.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F1.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F3.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F4.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F5.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F6.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F7.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F8.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F9.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FA.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FB.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FD.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FE.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FF.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz600.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz601.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz602.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz603.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz604.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz605.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz606.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz607.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz608.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz609.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60E.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz610.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz611.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz612.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz613.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz614.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz615.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz616.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz617.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz618.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz619.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61E.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61F.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz620.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz621.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz622.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz623.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz624.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz625.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz626.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz627.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz628.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz629.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62D.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62E.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62F.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz630.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz631.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz632.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz633.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz634.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz635.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz636.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz637.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz639.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63A.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63E.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63F.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz640.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz641.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz642.tmp   
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz643.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz644.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz645.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz646.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz648.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz649.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64B.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64C.tmp     
C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64D.tmp     
C:\Program Files\Common Files\SpeedBit
C:\FRST\Quarantine\trzB9.tmp   
C:\FRST\Quarantine\trzBA.tmp   
C:\FRST\Quarantine\trzBB.tmp   
C:\FRST\Quarantine\trzBE.tmp   
C:\AdwCleaner\Quarantine\C\Documents and Settings\KohakuNushi\Local Settings\Application Data\genienext\nengine.dll.vir   
D:\Cheat Engine 6.2\cheatengine-i386.exe 
D:\Cheat Engine 6.2\standalonephase1.dat   
D:\Cheat Engine 6.3\cheatengine-i386.exe
D:\Cheat Engine 6.3\standalonephase1.dat
:Commands
[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those logs, also give an update on any remaining issues or concerns...

Kevin....

*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #12 on: January 30, 2014, 08:33:32 PM »
Thanks! So after all those things, I can see that my computer is gaining speed, better now, but I don't see the popup. It can be because I turned the popup off or my computer doesn't have any malware now.

OTM log =>

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Application Data\InstallMate\{9D36A189-D970-4A07-A8EC-915246D5837F}\Custom.dll not found.
File/Folder C:\Documents and Settings\KohakuNushi\My Documents\Downloads\youtube_downloader_hd_setup.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\My Documents\Downloads\CheatEngine63.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Compressed\[Dytoshar]AutoHideIP 5.3.0.8\AutoHideIP-5.3.0.8.Setup.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Programs\CheatEngine62.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\My Documents\Downloads\Programs\cbsidlm-cbsi145-Songs_of_Araiah-ORG-10909816.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\satoolbar.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\vioplayer_d1983274.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\IDM\DwnlData\KohakuNushi\AutoHideIP-5.2.3.2.Setup_246\AutoHideIP-5.2.3.2.Setup.exe not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4C9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4CF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4D9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4DF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4E9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4ED.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4EF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4F9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz4FF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz500.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz501.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz502.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz503.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz504.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz505.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz506.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz507.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz508.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz509.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz50F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz511.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz512.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz513.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz514.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz515.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz516.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz517.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz518.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz51F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz520.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz521.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz522.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz524.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz525.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz526.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz527.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz528.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz529.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz52F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz530.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz531.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz532.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz533.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz534.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz535.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz536.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz537.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz538.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz539.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz53F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz540.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz541.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz542.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz543.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz544.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz545.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz546.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz547.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz549.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz54F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz550.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz551.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz552.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz553.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz554.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz555.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz556.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz557.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz558.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz559.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz55F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz560.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz561.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz562.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz563.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz565.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz566.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz568.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz569.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz56F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz570.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz571.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz572.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz573.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz574.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz575.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz576.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz577.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz578.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz579.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz57F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz580.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz581.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz582.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz583.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz584.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz585.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz586.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz587.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz588.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz589.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz58F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz590.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz591.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz592.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz593.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz594.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz595.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz596.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz597.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz598.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz599.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz59F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5A9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5AF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5B9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5BF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5C9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5CF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5D9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5DF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E2.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5E9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EC.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5ED.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5EF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F0.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F1.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F3.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F4.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F5.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F6.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F7.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F8.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5F9.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FA.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FB.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FD.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FE.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz5FF.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz600.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz601.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz602.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz603.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz604.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz605.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz606.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz607.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz608.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz609.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz60F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz610.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz611.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz612.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz613.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz614.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz615.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz616.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz617.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz618.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz619.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz61F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz620.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz621.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz622.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz623.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz624.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz625.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz626.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz627.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz628.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz629.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62D.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz62F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz630.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz631.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz632.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz633.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz634.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz635.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz636.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz637.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz639.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63A.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63E.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz63F.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz640.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz641.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz642.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz643.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz644.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz645.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz646.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz648.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz649.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64B.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64C.tmp not found.
File/Folder C:\Documents and Settings\KohakuNushi\Application Data\Fapyuhem\trz64D.tmp not found.
C:\Program Files\Common Files\SpeedBit\SBUpdate folder moved successfully.
C:\Program Files\Common Files\SpeedBit folder moved successfully.
File/Folder C:\FRST\Quarantine\trzB9.tmp not found.
File/Folder C:\FRST\Quarantine\trzBA.tmp not found.
File/Folder C:\FRST\Quarantine\trzBB.tmp not found.
File/Folder C:\FRST\Quarantine\trzBE.tmp not found.
C:\AdwCleaner\Quarantine\C\Documents and Settings\KohakuNushi\Local Settings\Application Data\genienext\nengine.dll.vir moved successfully.
File/Folder D:\Cheat Engine 6.2\cheatengine-i386.exe not found.
File/Folder D:\Cheat Engine 6.2\standalonephase1.dat not found.
D:\Cheat Engine 6.3\cheatengine-i386.exe moved successfully.
D:\Cheat Engine 6.3\standalonephase1.dat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: KohakuNushi
->Temp folder emptied: 22047108 bytes
->Temporary Internet Files folder emptied: 6551294 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 115055841 bytes
->Flash cache emptied: 906 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 985797 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 138.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01312014_091142

Files moved on Reboot...
File C:\Documents and Settings\KohakuNushi\Local Settings\Temporary Internet Files\Content.IE5\RKNXTHOZ\}
 not found!
File C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

Security Check log =>

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86 (UAC is disabled!) 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 SuperCleaner     
 Java 7 Update 25 
 Java version out of Date!
 Adobe Flash Player    12.0.0.43 
 Mozilla Firefox 20.0.1 Firefox out of Date! 
 Google Chrome 32.0.1700.76 
 Google Chrome 32.0.1700.102 
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

Ihave a question: in the OTM log, it just keep saying not found. Is that the file's location or the moving's destination? And Windows XP SP3 has UAC? I thought that is for Windows 7 and 8.

Oh and BTW, Happy Lunar New Year!!!  :p
Appreciate for your help, dude ~

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] The popup cause a lot of problem
« Reply #13 on: January 31, 2014, 06:14:05 AM »
UAC is not available for XP, Security Check just sees it as disabled if not there or is actually disabled.

The files listed by OTM as not found, do mean the file was not found at the navigational address posted.

If no more issues we can clean up....

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:
 
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
 
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,
 
Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Next,

  • Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
  • Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  • It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

Next,

Download "Delfix by Xplode" and save it to your desktop.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

  • Remove disinfection tools
  • Purge System Restore

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Next,

If RogueKiller or its folder RK_Quarantine still remain just delete them....

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if any remaining issues or concerns, if none are we ok to close out...

Thanks and Happy Lunar New Year to you.....

Kevin...




*

Offline kohakunushi2001

  • Bronze Member
  • 11
  • Computer noob
Re: [Resolved - K] The popup cause a lot of problem
« Reply #14 on: January 31, 2014, 08:43:34 PM »
Thanks! Wait where is fixlist? I can't see anything in your attachment  :sd
Appreciate for your help, dude ~