Removal of Win32.Agent.bb???
Hi, I'm new to all this sort of thing so you'll have to bear with me!
I have the Win32.Agent.bb TrojanC-05 and I am at a loss on how to get rid of it (even Spybot can't do it).
Thanking you in advance.
Below is the my DDS Notepad Log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mark Field at 17:38:58 on 2011-08-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1677 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SopCast\adv\SopAdver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [uTorrent] "c:\documents and settings\mark field\desktop\utorrent.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTA4OTM5NDkwLVQxMS1CQSsxLUtWMys3LVhMKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtTElDKzctRkwxMCsx"&"prod=90"&"ver=10.0.1204
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\markfi~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\usb wireless lan utility\RtWLan.exe
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258054982796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF5436AE-AF74-439B-B879-AF2176ED0DBF} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark field\application data\mozilla\firefox\profiles\szrqg7ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-8-15 38144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-17 2255464]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-5-24 444928]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-4-19 1050440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-8-18 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;\??\c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\lv532av.sys --> c:\windows\system32\drivers\LV532AV.SYS [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-3-13 20480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-20 06:20:27 -------- d-----w- c:\documents and settings\mark field\application data\NVIDIA
2011-08-20 06:14:17 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-20 06:14:17 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-20 06:13:38 -------- d-----w- C:\NVIDIA
2011-08-18 17:08:59 -------- d-----w- c:\program files\Bonjour
2011-08-18 09:05:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-08-18 09:04:53 342784 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
2011-08-18 09:04:53 270720 ----a-w- c:\windows\system\rtl8187B.sys
2011-08-18 08:38:00 -------- d-----w- C:\REGISTRY BACKUP
2011-08-17 14:11:10 388096 ----a-r- c:\documents and settings\mark field\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-17 14:11:07 -------- d-----w- c:\program files\Trend Micro
2011-08-17 06:34:27 -------- d--h--w- C:\$AVG
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-17 05:02:23 -------- d-----w- C:\New Folder
2011-08-16 05:40:33 -------- d-----w- c:\documents and settings\mark field\application data\Malwarebytes
2011-08-16 05:40:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-16 05:40:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 06:40:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 06:38:13 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-28 10:27:08 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
==================== Find3M ====================
.
2011-08-20 06:14:48 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-20 06:14:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-20 06:14:46 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-17 09:28:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 08:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 08:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 20:05:32 1530126 ----a-w- c:\program files\StreamTorrent10Build0077.exe
.
============= FINISH: 17:39:57.85 ===============
Removal of Win32.Agent.bb
Hi, km2357,
Thank you so much for your help, it is really appreciated.
Below is my DDS Notepad Log and attached are the DDS Attach Log and the Gmer Log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mark Field at 17:14:39 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1588 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [uTorrent] "c:\documents and settings\mark field\desktop\utorrent.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTA4OTM5NDkwLVQxMS1CQSsxLUtWMys3LVhMKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtTElDKzctRkwxMCsx"&"prod=90"&"ver=10.0.1204
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\markfi~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\usb wireless lan utility\RtWLan.exe
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258054982796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF5436AE-AF74-439B-B879-AF2176ED0DBF} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark field\application data\mozilla\firefox\profiles\szrqg7ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-8-15 38144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-17 2255464]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-5-24 444928]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-4-19 1050440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-8-18 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;\??\c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\lv532av.sys --> c:\windows\system32\drivers\LV532AV.SYS [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-3-13 20480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-23 15:28:39 -------- d-----w- c:\documents and settings\mark field\application data\uTorrent
2011-08-20 06:20:27 -------- d-----w- c:\documents and settings\mark field\application data\NVIDIA
2011-08-20 06:14:17 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-20 06:14:17 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-20 06:13:38 -------- d-----w- C:\NVIDIA
2011-08-18 17:08:59 -------- d-----w- c:\program files\Bonjour
2011-08-18 09:05:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-08-18 09:04:53 342784 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
2011-08-18 09:04:53 270720 ----a-w- c:\windows\system\rtl8187B.sys
2011-08-18 08:38:00 -------- d-----w- C:\REGISTRY BACKUP
2011-08-17 14:11:10 388096 ----a-r- c:\documents and settings\mark field\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-17 14:11:07 -------- d-----w- c:\program files\Trend Micro
2011-08-17 06:34:27 -------- d--h--w- C:\$AVG
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-17 05:02:23 -------- d-----w- C:\New Folder
2011-08-16 05:40:33 -------- d-----w- c:\documents and settings\mark field\application data\Malwarebytes
2011-08-16 05:40:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-16 05:40:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 06:40:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 06:38:13 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-28 10:27:08 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
==================== Find3M ====================
.
2011-08-20 06:14:48 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-20 06:14:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-20 06:14:46 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-17 09:28:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 08:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 08:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 20:05:32 1530126 ----a-w- c:\program files\StreamTorrent10Build0077.exe
.
============= FINISH: 17:16:10.14 ===============
Removal of Win32.Agent.bb
Oops! Sorry.
This is all it said ...
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-24 19:52:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000079 SAMSUNG_HD160JJ rev.WU100-33
Running: gmer.exe; Driver: C:\DOCUME~1\MARKFI~1\LOCALS~1\Temp\kwliypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB7FF2738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB7FF27DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB7FF2878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB7FF2914]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xAC2383A0, 0x8A1A15, 0xE8000020]
? C:\DOCUME~1\MARKFI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Removal of Win32.Agent.bb
Hi, km2357,
Sorry, sorry - ignore the last post, it's just me being an idiot again! I double-clicked ComboFix but AVG Identity Theft was running - I didn't turn that off!!
I've finally done as you asked and here is the log:
ComboFix 11-08-26.04 - Mark Field 26/08/2011 17:40:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1919 [GMT 3:00]
Running from: c:\documents and settings\Mark Field\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mark Field\Application Data\inst.exe
c:\documents and settings\Mark Field\WINDOWS
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20100423150458_zhaopin100423jiao15s.gif
c:\favoritevideo\InvisibleFolder\20100610144608_ppliveshijiebei100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100610145021_pplivenvziwangqiu100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100624181647_nvziwangqiu100624zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100628181546_tengfei100628zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100810151259_taobao100811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100813174225_jingji100813zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100827103211_kubiwang100827zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100827103852_kubiwang100827zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100827173422_huiyuan100828zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100901182509_wanmei100902zantingjingzhi.jpg
c:\favoritevideo\InvisibleFolder\20100901182638_wanmei100902zantingqiaokeli.jpg
c:\favoritevideo\InvisibleFolder\20100902135544_wanmeichujdonggan100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140340_wanmeichujiwugu100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140719_wanmeitanlidanbaiA100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140939_wammeitanlidanbaiB100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902141214_wanmeigelishuang100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902152917_wanmeichujitanli100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902163248_jingji100902zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100906123518_wanmeiqiaokeli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906123648_wanmeijinzhitanli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906123846_wanmeichunjitanli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124028_wanmeichunjiwugu100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124232_wanmeichunjidonggan10906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124518_wanmeiggelishuang100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906191954_wanmeiqiaokeli100906zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100914094025_huiyuan100914zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100916190507_tianjinyiqi100916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100916190713_tianjinyiqi100916zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100916190835_tianjinyiqi100916cha15s.swf
c:\favoritevideo\InvisibleFolder\20100917173752_pinganchexian100901zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100930152150_pptv100930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101013220321_guangfayinghang101013zhu8s.swf
c:\favoritevideo\InvisibleFolder\20101014112623_beinasong101014zanting15smenhu.swf
c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf
c:\favoritevideo\InvisibleFolder\20101018182734_shoubiao101019zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101022101337_wanmei101022zhu15schunji.swf
c:\favoritevideo\InvisibleFolder\20101022101456_wanmei101022zhu15stanlidanbai.swf
c:\favoritevideo\InvisibleFolder\20101022101548_wanmei101022zhu15sgelishuangA.swf
c:\favoritevideo\InvisibleFolder\20101022101638_wanmei101022zhu15sgelishuangB.swf
c:\favoritevideo\InvisibleFolder\20101022101734_wanmei101022zhu15sjingzhitanli.swf
c:\favoritevideo\InvisibleFolder\20101022101820_wanmei101022zhu15sqiaokeli.swf
c:\favoritevideo\InvisibleFolder\20101022113051_wanmei101022jiaobiao.png
c:\favoritevideo\InvisibleFolder\20101028150745_sasa101028zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101028185158_shenhua101029zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101029112426_yuanda101029cha15s.swf
c:\favoritevideo\InvisibleFolder\20101029114223_sasa101029cha15s.swf
c:\favoritevideo\InvisibleFolder\20101029152333_tianyijue101030qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101029175115_biyadi101029zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101029180124_biyadi101029jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101029185627_tianxiaer101105zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101029185829_tianxiaer101104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101101103022_sanling101101zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101101104016_sanlingasx101101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101102093306_pinguo1102zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101103154932_pinganchexian101103cha15s.swf
c:\favoritevideo\InvisibleFolder\20101104115357_sasa101104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101104135837_shenghuojia101104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101104162807_uucall101104zhu151s.swf
c:\favoritevideo\InvisibleFolder\20101105155052_xixun101105zhu15s.wmv
c:\favoritevideo\InvisibleFolder\20101105180628_qianjunpo101106qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101105191047_tianxiaer101110zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101105191139_tianxiaer101112bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101108102123_haoya101108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101108102617_haoya101108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101108143557_3mxinxueli101122zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101108143711_3mxinxueli101122zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101109111431_biyadi101109cha15s.swf
c:\favoritevideo\InvisibleFolder\20101109111547_buyadi101109zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101110093136_sanxing101110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101110093317_sanxing101110zantong15s.swf
c:\favoritevideo\InvisibleFolder\20101111180959_tuangou101111zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf
c:\favoritevideo\InvisibleFolder\20101112141416_sasa101112cha2.swf
c:\favoritevideo\InvisibleFolder\20101112155827_shinianyijina101113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112165425_tankedazhan101112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112184721_tianyijue101112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112184905_tianyijue101112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101112204102_qingyang101112zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101116183838_yigou101116zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101116184035_yigou101116zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101116214702_wanmeixianglongzhijian101117zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101117100050_pinganchexian101117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101117181551_hudongbaike101118zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101118161832_kuowang101118zhu5s.swf
c:\favoritevideo\InvisibleFolder\20101118173353_beilizi101119zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf
c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf
c:\favoritevideo\InvisibleFolder\20101122134022_xiangganglvyouju101118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101122152453_91wan101123zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101122155631_lining101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101122180436_wushen101123zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101123103414_kfc101123zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101123105214_huiyuan101123zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101123133709_KFC101123jiao15s.png
c:\favoritevideo\InvisibleFolder\20101123170208_lvsezhengtu101125zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101123170438_lvsezhengtu101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101123171854_lvsezhengtu101124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101123171947_lvsezhengtu101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124180524_zuoxuan101124zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101124180657_zuoxuan101124cha15s.swf
c:\favoritevideo\InvisibleFolder\20101124181958_shinianyijian101124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124183653_penglai101124zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101124183829_penglai101124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124192626_wanmeixianglongzhijian101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124192746_wanmeixianglongzhijian101127zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125101352_yimingsiwei101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125103517_wopai101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125105100_lumi101125zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125145655_hudongbaike101129zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101125164857_taobao101125zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125165045_taobao101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125165246_taobao101125cha15s.swf
c:\favoritevideo\InvisibleFolder\20101125165320_liyijiujiuwang101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125180142_wushen101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125182059_wushen101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125182742_lining101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125184548_wushen101126qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101125185140_zhengtu101126bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101125185227_zhengtu101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126103912_mojie101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126105026_mojie101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126114605_xiaochunzaixian101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126115015_xiaochunzaixian101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126172748_zhengtu2101127zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126173622_xiaogouwang101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126174343_zhongguoliantong101129zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126180350_huiyuan101126zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101126180436_huiyuan101126jiao15s.png
c:\favoritevideo\InvisibleFolder\20101126181441_shinianzhijian101127zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126181451_moshoushijie101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101129153908_aolunazuoxuan101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101129155727_taobao101129cha15s.swf
c:\favoritevideo\InvisibleFolder\20101129155840_taobao101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101129160012_taobao101129zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101129160824_xiaochun101129zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20101129161257_xiaochun101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101129170233_nvxing101130zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101130165041_moyu101201qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101130174759_yinheyingxiongzhuan101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101130183135_aixinbaoguo101201zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101130185116_taobao101201cha15s.swf
c:\favoritevideo\InvisibleFolder\20101130185234_taobao101201zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101130185557_taobao101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101130221143_shenmedalu101201zanting.swf
c:\favoritevideo\InvisibleFolder\20101201093719_sanling101201zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101201102842_lumi101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201141043_jujing101201yixingqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101201161659_shenmodalu101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201163955_xiaochun101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201171132_sanjieqiyuan101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201171440_sanjieqiyuan101202zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101201184224_hanmei101202zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202105303_lumi101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202105813_wanwangzhiwang101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202110144_wanwangzhiwang101202zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202110240_wanwangzhiwang101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202110318_wanwangzhiwang101204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202155137_sanjieqiyuan101204zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202155355_sanjieqiyuan101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202165626_yuandayiyuan101202cha15s.gif
c:\favoritevideo\InvisibleFolder\20101202175919_wushen101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202182934_lankou101203zhu15sgm.swf
c:\favoritevideo\InvisibleFolder\20101202183141_lankou101203zhu15sps.swf
c:\favoritevideo\InvisibleFolder\20101202203019_shenmodalu101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202203145_shenmodalu101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203094432_sanling101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203150904_lining101204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203153518_liyijiujiuwang101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203172801_qianjunpo101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203172908_taobao101204cha15s.swf
c:\favoritevideo\InvisibleFolder\20101203173535_shinianyijian101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203173703_taobao101204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203173813_taobao101204zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203173826_shinianyijian101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203174847_N8101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101206151424_sanjieqiyuan101206zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101206164437_wanmeishenmodalu101206zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101206174724_zuoxuan101206cha15s.swf
c:\favoritevideo\InvisibleFolder\20101206181841_shinianyijian101206zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101207093302_aidengwei101207zanting15s.gif
c:\favoritevideo\InvisibleFolder\20101207150603_yimeng101207zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101207150757_yimeng101207cha15s.swf
c:\favoritevideo\InvisibleFolder\20101207150928_yimeng101207zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101207162842_dahuawaizhuan101207zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101207173307_pinganchexian101207houtie.swf
c:\favoritevideo\InvisibleFolder\20101207175820_baidushinianyijian101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101207230205_fankong101208qipao.swf
c:\favoritevideo\InvisibleFolder\20101208093825_KFC101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208095116_wanzaimatou101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208102425_suningdianqi101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208113420_tianyuan101209qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101208123802_longze101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208141044_sanjieqiyuan101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208150318_KFC101208jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101208151716_lumi101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208154355_shijitiancheng101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208180208_xiaochun101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208180730_shinianyijian101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208180823_xiaochun101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208182717_taobao101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208182900_taobao101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208183030_taobao101208cha15s.swf
c:\favoritevideo\InvisibleFolder\20101208183236_wanmeishenguishijie101209zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208184307_yuanda101208cha15s.gif
c:\favoritevideo\InvisibleFolder\20101208191023_tianjinyiqi101209zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208191119_tianjinyiqi101209zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208191421_woyouwang101209zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209114035_airui101210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209152626_wanwangzhiwang101210zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209152734_wanwangzhiwang101210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209152822_wanwangzhiwang101211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209152911_wanwangzhiwang101212zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209172043_58tongcheng101209zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209172330_58tongcheng101209qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101209183943_shenmodalu101210zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209184825_hudongbaike101210zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101210104135_fengxinlongda101210zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101210110326_tianjinyiqi101213cha15s.swf
c:\favoritevideo\InvisibleFolder\20101210151459_91wan101212zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210154218_zhengtu2101211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210155106_taobao101213cha15s.swf
c:\favoritevideo\InvisibleFolder\20101210155228_taobao101213zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210155315_taobao101213zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101210163245_tianshu101212zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101210163351_tianshu101212zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210174901_shenmo101211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210174955_shenmo101211zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101213152848_tianya101213zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101214141308_lechi101221qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101214141935_zhoudafu101225zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101214142143_zhoudafu101215cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101214155441_shenguishijie101215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101214174235_tianxiaer101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101214181816_taobao101215cha15s.swf
c:\favoritevideo\InvisibleFolder\20101214181906_taobao101215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101214182014_taobao101215zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101215114522_wopaiwang101215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101215134752_lvsezhengtu101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101215134925_lvsezhengtu101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101215140338_KFC101215jiaobiao.jpg
c:\favoritevideo\InvisibleFolder\20101215235231_bianfeng101216zanting.swf
c:\favoritevideo\InvisibleFolder\20101215235342_bianfeng101219qipao.swf
c:\favoritevideo\InvisibleFolder\20101216000731_yingjia101216qipao.gif
c:\favoritevideo\InvisibleFolder\20101216104923_xinwang101216zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216142728_lvsezhengtu101218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216151634_lvsezhengtu101219zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216151819_lvsezhengtu101218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216151920_lvsezhengtu101219zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216163549_taobao101217cha15s.swf
c:\favoritevideo\InvisibleFolder\20101216164159_taobao101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216164404_taobao101217bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101216180507_wanmeishenmodalu101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216180658_wanmeishenmodalu101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217100327_xiangganglvyouju101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217112741_xiaogouwang101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217145022_tianxiaer101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217151035_taobao101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217153722_aoluna101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217163710_baidushinianyijian101218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217163844_baidushinianyijian101218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217165615_dafuni101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217165709_dafuni101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217183731_caixin101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220113143_KFC101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220113337_KFC101220jaiobiao15s.swf
c:\favoritevideo\InvisibleFolder\20101220115046_sanling101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220141932_woyouwangluo101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220142055_woyouwangluo101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220144744_biyadi101223zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220144923_biyadi101223cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220153904_sanchuanqipai101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220154353_sanchuanqipai101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220163542_woyouwangluo101220bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101220164804_vip101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220164848_vip101220zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220164851_eastpak101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220165121_eastpak101220zanting15s.gif
c:\favoritevideo\InvisibleFolder\20101220165333_eastpak101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220170858_pingan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220171122_pingan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220172306_pingan101220houtie.swf
c:\favoritevideo\InvisibleFolder\20101220172513_xiangganglvyouju101221jiao15s.swf
c:\favoritevideo\InvisibleFolder\20101220174642_dongfengrichan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220174837_dongfengrichan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220190303_taobao101221cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220190358_taobao101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220190559_taobao101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220190717_taobao101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101220210403_shenguishijie101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220210510_shenguishijie101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221112902_KFC101221jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101221144017_taobao101222cha15s.swf
c:\favoritevideo\InvisibleFolder\20101221144242_taobao101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101221145618_taobao101222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221153622_zhengtu101222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221174112_woyouwangluo101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101222094001_shijitiancheng101222qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101222113452_zhengtu101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222120626_zhengtu101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222120709_zhengtu101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222133852_zhengtu101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101222164804_tianxiaer101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222164905_tianxiaer101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101222174513_jianfengzhanji101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222174556_jianfengzhanji101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223092638_tianyijue101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223092851_tianyijue101223bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101223114801_tianyijue101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223115104_woyouwangluo101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223115226_woyouwangluo101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223152005_taobao101224cha15s.swf
c:\favoritevideo\InvisibleFolder\20101223152112_taobao101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223152205_taobao101224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223160139_wopaiwang101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223181149_jianfengzhanji101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223181313_jianfengzhanji101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223181751_shijitiancheng101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224112404_woyouwangluo101224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224112522_woyouwangluo101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224113612_wanmeishenguishijie101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224113736_wanmeishenguishijie101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224135126_wangwangzhiwang3101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135223_wangwangzhiwang3101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135437_wangwangzhiwang3101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224145732_wanmeishenmodalu101226zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224161510_woyouwangluo101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224161707_woyouwangluo101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224162116_woyouwangluo101225bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101224165431_91wan101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224171910_taobao101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224171958_taobao101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224175557_guangyuwendao101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224181634_taobao101226zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224181857_taobao101228cha15s.swf
c:\favoritevideo\InvisibleFolder\20101224182006_taobao101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224183847_maoxiandao101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101227141839_shenguishijie101228zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101227162414_guangyuwendao101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101227185622_maoxiandao101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228120601_wanmeishenguishijie101229zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101228120647_wanmeishenguishijie101229zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228164355_guyu101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228170306_taobao101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228170816_taobao101228cha15s.swf
c:\favoritevideo\InvisibleFolder\20101228181517_yingjia101228qipao.gif
c:\favoritevideo\InvisibleFolder\20101228181608_yingjia101228zanting.swf
c:\favoritevideo\InvisibleFolder\20101228211855_kfc101228jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101228212043_kfc101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229111843_n8101229zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229162005_shenguishijie101229zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101229162533_shenguishijie101229minisitefumeiti.swf
c:\favoritevideo\InvisibleFolder\20101229171754_taobao101230cha15s.swf
c:\favoritevideo\InvisibleFolder\20101229171842_taobao101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229173034_guyu101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229175616_tianxiaer101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101230102637_tianxiaer110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230103922_tianyijue110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230110836_qinpeng101230zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230111302_wanmeishenmodalu101230zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230142434_zhoudafu101230zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101230142738_zhoudafu101230cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101230161623_zhengtu2101231zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101230184802_shiqishidai101231zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231151726_pingan101231bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231165505_oppo110101zhu15s.MP4
c:\favoritevideo\InvisibleFolder\20101231174418_moplongzhiren110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231174551_moplongzhiren110101zhu15syouxi.swf
c:\favoritevideo\InvisibleFolder\20101231175100_moplongzhiren110101zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231175304_moplongzhiren110102zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231175415_moplongzhiren110102zhu15syouxi.swf
c:\favoritevideo\InvisibleFolder\20101231180112_taobao110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20101231180204_taobao110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231180328_taobao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231192854_woyouwang110104bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231192955_woyouwang110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231194942_shengui110101zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231195034_ruishishoubiao110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231201102_woyouwang110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110104094550_wanglaoji110104zanting15sps.swf
c:\favoritevideo\InvisibleFolder\20110104095524_wanglaoji110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20110104095800_wanglaoji110104jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110104120724_wanglaoji110104zhu15sps.swf
c:\favoritevideo\InvisibleFolder\20110104165621_ruishishoubiao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110104175701_oulainuo110105qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110105145904_wanmeishenguishijie110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105150645_tianxiaer110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105161556_taobao110106cha15s.swf
c:\favoritevideo\InvisibleFolder\20110105161646_taobao110106zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105161746_taobao110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105165459_juedifanji110105zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105170002_tianyijue110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105183141_juedifanji110105cha15s.swf
c:\favoritevideo\InvisibleFolder\20110105183309_juedifanji110105zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106152512_shinianyijian110106zaiting15s.swf
c:\favoritevideo\InvisibleFolder\20110106163101_yaotiaoshunv110106zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110106184633_oulainuo110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106235116_fanrenxiuxian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107113752_moptianshuqitan110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107113836_moptianshuqitan110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107115220_oulaiya110107zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110107142444_fanrenxiuzhen110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107144725_shinianyijian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107151338_mengbasha110110jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110107152723_mengbasha110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107155910_moplongzhiren110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107155951_moplongzhiren110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107160835_moplongzhiren110109zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107161108_moplongzhiren110109zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107164044_guangyuwendao110108qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107170852_woyouwangluo110107bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107171232_woyouwangluo110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107175703_jiguang110108zanting15s1.swf
c:\favoritevideo\InvisibleFolder\20110107181602_taobao110108cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107181653_taobao110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107181915_taobao110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107182656_taobao110110cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107182758_taobao110110zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107182904_taobao110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107184650_jingjishijie110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185314_nikang110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107185441_nikang110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185901_yimeng110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110110150804_fenghuangchuanshuo110112zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110110151203_fenghuangchuanshuo110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110110161433_guangyuwendao110115qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110110161527_guangyuwendao110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110174648_tianya110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110185008_woyouwangluo110111zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111105058_wopaiwang110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111152957_shenguishijia110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111161918_yimengcaopanshou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174507_juedifanji110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174706_juedifanji110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111174828_juedifanji110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112095745_fankong110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112151008_bianfeng110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112151128_bianfeng101112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112160227_ruishishoubiao110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112160420_xiaogou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112172412_tianxiaer110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112182830_taobao110113cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112182915_taobao110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112183023_taobao110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145421_sanguosha110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145618_sanguosha110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113152901_doufaxiuxian110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113153747_doufa110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113165903_qiantengwang110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114093829_taobao110114cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105016_taobao110115cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105142_taobao110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114105528_taobao110115zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20110114144843_ffanrenxiuxian110115zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114145026_fanrenxiuxian110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114164529_miaoxiandao110117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110114175916_baokuang.swf
c:\favoritevideo\InvisibleFolder\20110117111638_wopaiwang110117zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117170905_yimaishang110118zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110117171735_jinshan110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110117171818_jinshan110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117183157_juedifanji110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135104_shilijia110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135212_shilijia110118cha15s.swf
c:\favoritevideo\InvisibleFolder\20110118151616_guangyu110122qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110118152610_guangyuwendao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118173357_maoxiandao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\ckdll.dll
c:\favoritevideo\InvisibleFolder\externtab(1.0.0.5).zip.tpp
c:\favoritevideo\InvisibleFolder\peer(0).dll
c:\favoritevideo\InvisibleFolder\peer(1).dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pptvcodecsetup.exe.tpp
c:\favoritevideo\InvisibleFolder\pptvsetup_2.6.3.0007_s2.exe
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe
c:\favoritevideo\InvisibleFolder\TipsClient.dll
c:\program files\ymLevel2_Taste
c:\program files\ymLevel2_Taste\INSTALL.LOG
c:\program files\ymLevel2_Taste\L2Host.dat
c:\program files\ymLevel2_Taste\MFC71.dll
c:\program files\ymLevel2_Taste\msvcr71.dll
c:\program files\ymLevel2_Taste\offLogo.mht
c:\program files\ymLevel2_Taste\UNWISE.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-18 08:57 . 2011-08-18 08:57 -------- d-----w- c:\program files\ERUNT
2011-08-18 08:38 . 2011-08-21 14:47 -------- d-----w- C:\REGISTRY BACKUP
2011-08-17 14:11 . 2011-08-17 14:11 -------- d-----w- c:\program files\Trend Micro
2011-08-17 08:06 . 2011-08-17 08:06 -------- d-----w- c:\documents and settings\UpdatusUser
2011-08-17 08:06 . 2011-08-17 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-08-17 06:34 . 2011-08-17 06:34 -------- d-----w- C:\$AVG
2011-08-17 05:05 . 2011-08-17 05:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-17 05:02 . 2011-08-17 05:02 -------- d-----w- C:\New Folder
2011-08-16 06:25 . 2011-08-17 05:02 -------- d-s---w- c:\documents and settings\Administrator
2011-08-16 05:40 . 2011-08-16 05:40 -------- d-----w- c:\documents and settings\Mark Field\Application Data\Malwarebytes
2011-08-16 05:40 . 2011-08-16 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-16 05:40 . 2011-08-17 05:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 06:40 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 06:38 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-28 10:27 . 2011-07-28 10:27 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 09:28 . 2011-05-19 17:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:49 . 2011-02-22 22:33 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-02-22 22:33 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-02-22 22:33 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-02-22 22:33 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-02-22 22:33 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-02-22 22:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2010-01-12 10:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2010-01-12 10:03 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2010-01-12 10:03 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2009-03-27 21:03 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2008-09-17 20:55 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2006-03-03 06:07 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2006-03-03 06:07 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2006-03-03 06:07 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2006-03-03 06:07 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-07-15 13:29 . 2006-03-03 06:04 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 08:20 . 2011-07-12 08:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 08:20 . 2011-07-12 08:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2006-03-03 06:04 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-03-03 21:30 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-03 06:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-03-03 06:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-03-03 06:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-03-03 06:04 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-03-03 06:04 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2006-03-03 06:04 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 20:05 . 2011-02-27 15:37 1530126 ----a-w- c:\program files\StreamTorrent10Build0077.exe
2011-08-17 07:44 . 2011-05-24 16:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-28 5242488]
"uTorrent"="c:\documents and settings\Mark Field\Desktop\utorrent.exe" [2011-03-29 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTA4OTM5NDkwLVQxMS1CQSsxLUtWMys3LVhMKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtTElDKzctRkwxMCsx&prod=90&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mark Field\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK USB Wireless LAN Utility.lnk - c:\program files\REALTEK\USB Wireless LAN Utility\RtWLan.exe [2011-8-18 815104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\progra~1\MESSEN~1\msmsgs.exe" /background
"uTorrent"="c:\documents and settings\Mark Field\Desktop\utorrent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\UseNeXT\\UseNeXT.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Mark Field\\Desktop\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"119:TCP"= 119:TCP:UseNeXT
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19/01/2011 04:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/02/2011 07:54 297168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [15/08/2010 11:15 38144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [17/08/2011 11:06 2255464]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [24/05/2010 09:55 444928]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [19/04/2010 14:45 1050440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30/03/2011 17:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [18/08/2011 12:04 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS --> c:\windows\system32\DRIVERS\LV532AV.SYS [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [13/03/2010 08:32 20480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [03/03/2006 09:04 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mark Field\Application Data\Mozilla\Firefox\Profiles\szrqg7ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-26 17:50:42
ComboFix-quarantined-files.txt 2011-08-26 14:50
.
Pre-Run: 41,914,093,568 bytes free
Post-Run: 42,193,809,408 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=W2BRB6 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=W2BRB6-BAK
.
- - End Of File - - 0EA8078A9A87F084832A405619755994