Removal of Win32.Agent.bb???

**MarkyMark** · 2011-08-21, 16:44

Hi, I'm new to all this sort of thing so you'll have to bear with me!

I have the Win32.Agent.bb TrojanC-05 and I am at a loss on how to get rid of it (even Spybot can't do it).

Thanking you in advance.

Below is the my DDS Notepad Log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mark Field at 17:38:58 on 2011-08-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1677 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SopCast\adv\SopAdver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [uTorrent] "c:\documents and settings\mark field\desktop\utorrent.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTA4OTM5NDkwLVQxMS1CQSsxLUtWMys3LVhMKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtTElDKzctRkwxMCsx"&"prod=90"&"ver=10.0.1204
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\markfi~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\usb wireless lan utility\RtWLan.exe
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258054982796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF5436AE-AF74-439B-B879-AF2176ED0DBF} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark field\application data\mozilla\firefox\profiles\szrqg7ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-8-15 38144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-17 2255464]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-5-24 444928]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-4-19 1050440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-8-18 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;\??\c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\lv532av.sys --> c:\windows\system32\drivers\LV532AV.SYS [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-3-13 20480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-20 06:20:27 -------- d-----w- c:\documents and settings\mark field\application data\NVIDIA
2011-08-20 06:14:17 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-20 06:14:17 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-20 06:13:38 -------- d-----w- C:\NVIDIA
2011-08-18 17:08:59 -------- d-----w- c:\program files\Bonjour
2011-08-18 09:05:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-08-18 09:04:53 342784 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
2011-08-18 09:04:53 270720 ----a-w- c:\windows\system\rtl8187B.sys
2011-08-18 08:38:00 -------- d-----w- C:\REGISTRY BACKUP
2011-08-17 14:11:10 388096 ----a-r- c:\documents and settings\mark field\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-17 14:11:07 -------- d-----w- c:\program files\Trend Micro
2011-08-17 06:34:27 -------- d--h--w- C:\$AVG
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-17 05:02:23 -------- d-----w- C:\New Folder
2011-08-16 05:40:33 -------- d-----w- c:\documents and settings\mark field\application data\Malwarebytes
2011-08-16 05:40:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-16 05:40:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 06:40:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 06:38:13 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-28 10:27:08 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
==================== Find3M ====================
.
2011-08-20 06:14:48 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-20 06:14:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-20 06:14:46 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-17 09:28:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 08:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 08:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 20:05:32 1530126 ----a-w- c:\program files\StreamTorrent10Build0077.exe
.
============= FINISH: 17:39:57.85 ===============

**km2357** · 2011-08-23, 20:18

Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:

Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.

**MarkyMark** · 2011-08-24, 18:58

Hi, km2357,

Thank you so much for your help, it is really appreciated.

Below is my DDS Notepad Log and attached are the DDS Attach Log and the Gmer Log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mark Field at 17:14:39 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1588 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [uTorrent] "c:\documents and settings\mark field\desktop\utorrent.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTA4OTM5NDkwLVQxMS1CQSsxLUtWMys3LVhMKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtTElDKzctRkwxMCsx"&"prod=90"&"ver=10.0.1204
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\markfi~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\usb wireless lan utility\RtWLan.exe
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258054982796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF5436AE-AF74-439B-B879-AF2176ED0DBF} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark field\application data\mozilla\firefox\profiles\szrqg7ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-8-15 38144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-17 2255464]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-5-24 444928]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-4-19 1050440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-8-18 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;\??\c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\markfi~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\lv532av.sys --> c:\windows\system32\drivers\LV532AV.SYS [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-3-13 20480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-23 15:28:39 -------- d-----w- c:\documents and settings\mark field\application data\uTorrent
2011-08-20 06:20:27 -------- d-----w- c:\documents and settings\mark field\application data\NVIDIA
2011-08-20 06:14:17 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-20 06:14:17 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-20 06:13:38 -------- d-----w- C:\NVIDIA
2011-08-18 17:08:59 -------- d-----w- c:\program files\Bonjour
2011-08-18 09:05:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-08-18 09:04:53 342784 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
2011-08-18 09:04:53 270720 ----a-w- c:\windows\system\rtl8187B.sys
2011-08-18 08:38:00 -------- d-----w- C:\REGISTRY BACKUP
2011-08-17 14:11:10 388096 ----a-r- c:\documents and settings\mark field\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-17 14:11:07 -------- d-----w- c:\program files\Trend Micro
2011-08-17 06:34:27 -------- d--h--w- C:\$AVG
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-17 05:05:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-17 05:02:23 -------- d-----w- C:\New Folder
2011-08-16 05:40:33 -------- d-----w- c:\documents and settings\mark field\application data\Malwarebytes
2011-08-16 05:40:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-16 05:40:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 06:40:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 06:38:13 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-28 10:27:08 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
==================== Find3M ====================
.
2011-08-20 06:14:48 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-20 06:14:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-20 06:14:46 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-17 09:28:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 08:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 08:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 20:05:32 1530126 ----a-w- c:\program files\StreamTorrent10Build0077.exe
.
============= FINISH: 17:16:10.14 ===============

**km2357** · 2011-08-24, 21:26

Hi.

You didn't attach/post the GMER Log, you zipped up GMER.exe and attached it.

Please run GMER again and post the log in your next post/reply.

Thanks.

**MarkyMark** · 2011-08-25, 16:42

Oops! Sorry.

This is all it said ...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-24 19:52:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000079 SAMSUNG_HD160JJ rev.WU100-33
Running: gmer.exe; Driver: C:\DOCUME~1\MARKFI~1\LOCALS~1\Temp\kwliypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB7FF2738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB7FF27DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB7FF2878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB7FF2914]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xAC2383A0, 0x8A1A15, 0xE8000020]
? C:\DOCUME~1\MARKFI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

**km2357** · 2011-08-25, 20:23

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 5.5.8

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.

**MarkyMark** · 2011-08-26, 16:19

Hi, km2357,

I did everything you asked: uninstalled Limewire (I didn't even know that was there, I hate it!), switched off all anti-virus and anti-malware programes and then ran ComboFix.exe.

It said that it has removed and quarantined some malicious programs but no log was saved anywhere, just a ComboFix folder containing what is on my computer.

I ran it again and it removed a couple of programs again but still no log anywhere! I've run a search and it's definitely not there.

Mark.

**MarkyMark** · 2011-08-26, 16:55

Hi, km2357,

Sorry, sorry - ignore the last post, it's just me being an idiot again! I double-clicked ComboFix but AVG Identity Theft was running - I didn't turn that off!!

I've finally done as you asked and here is the log:

ComboFix 11-08-26.04 - Mark Field 26/08/2011 17:40:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1919 [GMT 3:00]
Running from: c:\documents and settings\Mark Field\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mark Field\Application Data\inst.exe
c:\documents and settings\Mark Field\WINDOWS
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20100423150458_zhaopin100423jiao15s.gif
c:\favoritevideo\InvisibleFolder\20100610144608_ppliveshijiebei100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100610145021_pplivenvziwangqiu100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100624181647_nvziwangqiu100624zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100628181546_tengfei100628zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100810151259_taobao100811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100813174225_jingji100813zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100827103211_kubiwang100827zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100827103852_kubiwang100827zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100827173422_huiyuan100828zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100901182509_wanmei100902zantingjingzhi.jpg
c:\favoritevideo\InvisibleFolder\20100901182638_wanmei100902zantingqiaokeli.jpg
c:\favoritevideo\InvisibleFolder\20100902135544_wanmeichujdonggan100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140340_wanmeichujiwugu100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140719_wanmeitanlidanbaiA100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140939_wammeitanlidanbaiB100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902141214_wanmeigelishuang100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902152917_wanmeichujitanli100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902163248_jingji100902zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100906123518_wanmeiqiaokeli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906123648_wanmeijinzhitanli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906123846_wanmeichunjitanli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124028_wanmeichunjiwugu100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124232_wanmeichunjidonggan10906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124518_wanmeiggelishuang100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906191954_wanmeiqiaokeli100906zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100914094025_huiyuan100914zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100916190507_tianjinyiqi100916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100916190713_tianjinyiqi100916zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100916190835_tianjinyiqi100916cha15s.swf
c:\favoritevideo\InvisibleFolder\20100917173752_pinganchexian100901zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100930152150_pptv100930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101013220321_guangfayinghang101013zhu8s.swf
c:\favoritevideo\InvisibleFolder\20101014112623_beinasong101014zanting15smenhu.swf
c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf
c:\favoritevideo\InvisibleFolder\20101018182734_shoubiao101019zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101022101337_wanmei101022zhu15schunji.swf
c:\favoritevideo\InvisibleFolder\20101022101456_wanmei101022zhu15stanlidanbai.swf
c:\favoritevideo\InvisibleFolder\20101022101548_wanmei101022zhu15sgelishuangA.swf
c:\favoritevideo\InvisibleFolder\20101022101638_wanmei101022zhu15sgelishuangB.swf
c:\favoritevideo\InvisibleFolder\20101022101734_wanmei101022zhu15sjingzhitanli.swf
c:\favoritevideo\InvisibleFolder\20101022101820_wanmei101022zhu15sqiaokeli.swf
c:\favoritevideo\InvisibleFolder\20101022113051_wanmei101022jiaobiao.png
c:\favoritevideo\InvisibleFolder\20101028150745_sasa101028zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101028185158_shenhua101029zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101029112426_yuanda101029cha15s.swf
c:\favoritevideo\InvisibleFolder\20101029114223_sasa101029cha15s.swf
c:\favoritevideo\InvisibleFolder\20101029152333_tianyijue101030qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101029175115_biyadi101029zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101029180124_biyadi101029jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101029185627_tianxiaer101105zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101029185829_tianxiaer101104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101101103022_sanling101101zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101101104016_sanlingasx101101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101102093306_pinguo1102zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101103154932_pinganchexian101103cha15s.swf
c:\favoritevideo\InvisibleFolder\20101104115357_sasa101104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101104135837_shenghuojia101104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101104162807_uucall101104zhu151s.swf
c:\favoritevideo\InvisibleFolder\20101105155052_xixun101105zhu15s.wmv
c:\favoritevideo\InvisibleFolder\20101105180628_qianjunpo101106qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101105191047_tianxiaer101110zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101105191139_tianxiaer101112bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101108102123_haoya101108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101108102617_haoya101108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101108143557_3mxinxueli101122zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101108143711_3mxinxueli101122zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101109111431_biyadi101109cha15s.swf
c:\favoritevideo\InvisibleFolder\20101109111547_buyadi101109zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101110093136_sanxing101110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101110093317_sanxing101110zantong15s.swf
c:\favoritevideo\InvisibleFolder\20101111180959_tuangou101111zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf
c:\favoritevideo\InvisibleFolder\20101112141416_sasa101112cha2.swf
c:\favoritevideo\InvisibleFolder\20101112155827_shinianyijina101113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112165425_tankedazhan101112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112184721_tianyijue101112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112184905_tianyijue101112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101112204102_qingyang101112zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101116183838_yigou101116zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101116184035_yigou101116zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101116214702_wanmeixianglongzhijian101117zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101117100050_pinganchexian101117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101117181551_hudongbaike101118zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101118161832_kuowang101118zhu5s.swf
c:\favoritevideo\InvisibleFolder\20101118173353_beilizi101119zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf
c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf
c:\favoritevideo\InvisibleFolder\20101122134022_xiangganglvyouju101118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101122152453_91wan101123zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101122155631_lining101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101122180436_wushen101123zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101123103414_kfc101123zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101123105214_huiyuan101123zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101123133709_KFC101123jiao15s.png
c:\favoritevideo\InvisibleFolder\20101123170208_lvsezhengtu101125zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101123170438_lvsezhengtu101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101123171854_lvsezhengtu101124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101123171947_lvsezhengtu101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124180524_zuoxuan101124zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101124180657_zuoxuan101124cha15s.swf
c:\favoritevideo\InvisibleFolder\20101124181958_shinianyijian101124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124183653_penglai101124zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101124183829_penglai101124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124192626_wanmeixianglongzhijian101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101124192746_wanmeixianglongzhijian101127zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125101352_yimingsiwei101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125103517_wopai101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125105100_lumi101125zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125145655_hudongbaike101129zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101125164857_taobao101125zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125165045_taobao101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125165246_taobao101125cha15s.swf
c:\favoritevideo\InvisibleFolder\20101125165320_liyijiujiuwang101125zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125180142_wushen101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125182059_wushen101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125182742_lining101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101125184548_wushen101126qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101125185140_zhengtu101126bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101125185227_zhengtu101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126103912_mojie101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126105026_mojie101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126114605_xiaochunzaixian101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126115015_xiaochunzaixian101126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126172748_zhengtu2101127zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126173622_xiaogouwang101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126174343_zhongguoliantong101129zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126180350_huiyuan101126zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101126180436_huiyuan101126jiao15s.png
c:\favoritevideo\InvisibleFolder\20101126181441_shinianzhijian101127zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126181451_moshoushijie101126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101129153908_aolunazuoxuan101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101129155727_taobao101129cha15s.swf
c:\favoritevideo\InvisibleFolder\20101129155840_taobao101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101129160012_taobao101129zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101129160824_xiaochun101129zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20101129161257_xiaochun101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101129170233_nvxing101130zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101130165041_moyu101201qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101130174759_yinheyingxiongzhuan101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101130183135_aixinbaoguo101201zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101130185116_taobao101201cha15s.swf
c:\favoritevideo\InvisibleFolder\20101130185234_taobao101201zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101130185557_taobao101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101130221143_shenmedalu101201zanting.swf
c:\favoritevideo\InvisibleFolder\20101201093719_sanling101201zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101201102842_lumi101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201141043_jujing101201yixingqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101201161659_shenmodalu101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201163955_xiaochun101201zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201171132_sanjieqiyuan101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101201171440_sanjieqiyuan101202zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101201184224_hanmei101202zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202105303_lumi101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202105813_wanwangzhiwang101202zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202110144_wanwangzhiwang101202zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202110240_wanwangzhiwang101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202110318_wanwangzhiwang101204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202155137_sanjieqiyuan101204zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202155355_sanjieqiyuan101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202165626_yuandayiyuan101202cha15s.gif
c:\favoritevideo\InvisibleFolder\20101202175919_wushen101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101202182934_lankou101203zhu15sgm.swf
c:\favoritevideo\InvisibleFolder\20101202183141_lankou101203zhu15sps.swf
c:\favoritevideo\InvisibleFolder\20101202203019_shenmodalu101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101202203145_shenmodalu101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203094432_sanling101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203150904_lining101204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203153518_liyijiujiuwang101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203172801_qianjunpo101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203172908_taobao101204cha15s.swf
c:\favoritevideo\InvisibleFolder\20101203173535_shinianyijian101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203173703_taobao101204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203173813_taobao101204zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203173826_shinianyijian101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101203174847_N8101203zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101206151424_sanjieqiyuan101206zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101206164437_wanmeishenmodalu101206zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101206174724_zuoxuan101206cha15s.swf
c:\favoritevideo\InvisibleFolder\20101206181841_shinianyijian101206zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101207093302_aidengwei101207zanting15s.gif
c:\favoritevideo\InvisibleFolder\20101207150603_yimeng101207zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101207150757_yimeng101207cha15s.swf
c:\favoritevideo\InvisibleFolder\20101207150928_yimeng101207zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101207162842_dahuawaizhuan101207zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101207173307_pinganchexian101207houtie.swf
c:\favoritevideo\InvisibleFolder\20101207175820_baidushinianyijian101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101207230205_fankong101208qipao.swf
c:\favoritevideo\InvisibleFolder\20101208093825_KFC101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208095116_wanzaimatou101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208102425_suningdianqi101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208113420_tianyuan101209qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101208123802_longze101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208141044_sanjieqiyuan101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208150318_KFC101208jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101208151716_lumi101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208154355_shijitiancheng101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208180208_xiaochun101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208180730_shinianyijian101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208180823_xiaochun101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208182717_taobao101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208182900_taobao101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208183030_taobao101208cha15s.swf
c:\favoritevideo\InvisibleFolder\20101208183236_wanmeishenguishijie101209zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208184307_yuanda101208cha15s.gif
c:\favoritevideo\InvisibleFolder\20101208191023_tianjinyiqi101209zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208191119_tianjinyiqi101209zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208191421_woyouwang101209zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209114035_airui101210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209152626_wanwangzhiwang101210zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209152734_wanwangzhiwang101210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209152822_wanwangzhiwang101211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209152911_wanwangzhiwang101212zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209172043_58tongcheng101209zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209172330_58tongcheng101209qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101209183943_shenmodalu101210zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101209184825_hudongbaike101210zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101210104135_fengxinlongda101210zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101210110326_tianjinyiqi101213cha15s.swf
c:\favoritevideo\InvisibleFolder\20101210151459_91wan101212zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210154218_zhengtu2101211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210155106_taobao101213cha15s.swf
c:\favoritevideo\InvisibleFolder\20101210155228_taobao101213zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210155315_taobao101213zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101210163245_tianshu101212zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101210163351_tianshu101212zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210174901_shenmo101211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210174955_shenmo101211zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101213152848_tianya101213zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101214141308_lechi101221qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101214141935_zhoudafu101225zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101214142143_zhoudafu101215cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101214155441_shenguishijie101215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101214174235_tianxiaer101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101214181816_taobao101215cha15s.swf
c:\favoritevideo\InvisibleFolder\20101214181906_taobao101215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101214182014_taobao101215zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101215114522_wopaiwang101215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101215134752_lvsezhengtu101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101215134925_lvsezhengtu101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101215140338_KFC101215jiaobiao.jpg
c:\favoritevideo\InvisibleFolder\20101215235231_bianfeng101216zanting.swf
c:\favoritevideo\InvisibleFolder\20101215235342_bianfeng101219qipao.swf
c:\favoritevideo\InvisibleFolder\20101216000731_yingjia101216qipao.gif
c:\favoritevideo\InvisibleFolder\20101216104923_xinwang101216zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216142728_lvsezhengtu101218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216151634_lvsezhengtu101219zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216151819_lvsezhengtu101218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216151920_lvsezhengtu101219zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216163549_taobao101217cha15s.swf
c:\favoritevideo\InvisibleFolder\20101216164159_taobao101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216164404_taobao101217bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101216180507_wanmeishenmodalu101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216180658_wanmeishenmodalu101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217100327_xiangganglvyouju101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217112741_xiaogouwang101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217145022_tianxiaer101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217151035_taobao101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217153722_aoluna101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217163710_baidushinianyijian101218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217163844_baidushinianyijian101218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217165615_dafuni101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217165709_dafuni101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217183731_caixin101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220113143_KFC101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220113337_KFC101220jaiobiao15s.swf
c:\favoritevideo\InvisibleFolder\20101220115046_sanling101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220141932_woyouwangluo101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220142055_woyouwangluo101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220144744_biyadi101223zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220144923_biyadi101223cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220153904_sanchuanqipai101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220154353_sanchuanqipai101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220163542_woyouwangluo101220bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101220164804_vip101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220164848_vip101220zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220164851_eastpak101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220165121_eastpak101220zanting15s.gif
c:\favoritevideo\InvisibleFolder\20101220165333_eastpak101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220170858_pingan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220171122_pingan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220172306_pingan101220houtie.swf
c:\favoritevideo\InvisibleFolder\20101220172513_xiangganglvyouju101221jiao15s.swf
c:\favoritevideo\InvisibleFolder\20101220174642_dongfengrichan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220174837_dongfengrichan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220190303_taobao101221cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220190358_taobao101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220190559_taobao101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220190717_taobao101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101220210403_shenguishijie101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220210510_shenguishijie101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221112902_KFC101221jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101221144017_taobao101222cha15s.swf
c:\favoritevideo\InvisibleFolder\20101221144242_taobao101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101221145618_taobao101222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221153622_zhengtu101222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221174112_woyouwangluo101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101222094001_shijitiancheng101222qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101222113452_zhengtu101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222120626_zhengtu101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222120709_zhengtu101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222133852_zhengtu101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101222164804_tianxiaer101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222164905_tianxiaer101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101222174513_jianfengzhanji101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222174556_jianfengzhanji101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223092638_tianyijue101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223092851_tianyijue101223bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101223114801_tianyijue101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223115104_woyouwangluo101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223115226_woyouwangluo101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223152005_taobao101224cha15s.swf
c:\favoritevideo\InvisibleFolder\20101223152112_taobao101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223152205_taobao101224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223160139_wopaiwang101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223181149_jianfengzhanji101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223181313_jianfengzhanji101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223181751_shijitiancheng101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224112404_woyouwangluo101224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224112522_woyouwangluo101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224113612_wanmeishenguishijie101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224113736_wanmeishenguishijie101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224135126_wangwangzhiwang3101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135223_wangwangzhiwang3101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135437_wangwangzhiwang3101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224145732_wanmeishenmodalu101226zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224161510_woyouwangluo101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224161707_woyouwangluo101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224162116_woyouwangluo101225bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101224165431_91wan101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224171910_taobao101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224171958_taobao101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224175557_guangyuwendao101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224181634_taobao101226zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224181857_taobao101228cha15s.swf
c:\favoritevideo\InvisibleFolder\20101224182006_taobao101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224183847_maoxiandao101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101227141839_shenguishijie101228zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101227162414_guangyuwendao101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101227185622_maoxiandao101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228120601_wanmeishenguishijie101229zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101228120647_wanmeishenguishijie101229zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228164355_guyu101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228170306_taobao101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228170816_taobao101228cha15s.swf
c:\favoritevideo\InvisibleFolder\20101228181517_yingjia101228qipao.gif
c:\favoritevideo\InvisibleFolder\20101228181608_yingjia101228zanting.swf
c:\favoritevideo\InvisibleFolder\20101228211855_kfc101228jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101228212043_kfc101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229111843_n8101229zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229162005_shenguishijie101229zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101229162533_shenguishijie101229minisitefumeiti.swf
c:\favoritevideo\InvisibleFolder\20101229171754_taobao101230cha15s.swf
c:\favoritevideo\InvisibleFolder\20101229171842_taobao101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229173034_guyu101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229175616_tianxiaer101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101230102637_tianxiaer110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230103922_tianyijue110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230110836_qinpeng101230zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230111302_wanmeishenmodalu101230zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230142434_zhoudafu101230zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101230142738_zhoudafu101230cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101230161623_zhengtu2101231zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101230184802_shiqishidai101231zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231151726_pingan101231bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231165505_oppo110101zhu15s.MP4
c:\favoritevideo\InvisibleFolder\20101231174418_moplongzhiren110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231174551_moplongzhiren110101zhu15syouxi.swf
c:\favoritevideo\InvisibleFolder\20101231175100_moplongzhiren110101zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231175304_moplongzhiren110102zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231175415_moplongzhiren110102zhu15syouxi.swf
c:\favoritevideo\InvisibleFolder\20101231180112_taobao110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20101231180204_taobao110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231180328_taobao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231192854_woyouwang110104bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231192955_woyouwang110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231194942_shengui110101zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231195034_ruishishoubiao110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231201102_woyouwang110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110104094550_wanglaoji110104zanting15sps.swf
c:\favoritevideo\InvisibleFolder\20110104095524_wanglaoji110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20110104095800_wanglaoji110104jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110104120724_wanglaoji110104zhu15sps.swf
c:\favoritevideo\InvisibleFolder\20110104165621_ruishishoubiao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110104175701_oulainuo110105qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110105145904_wanmeishenguishijie110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105150645_tianxiaer110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105161556_taobao110106cha15s.swf
c:\favoritevideo\InvisibleFolder\20110105161646_taobao110106zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105161746_taobao110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105165459_juedifanji110105zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105170002_tianyijue110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105183141_juedifanji110105cha15s.swf
c:\favoritevideo\InvisibleFolder\20110105183309_juedifanji110105zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106152512_shinianyijian110106zaiting15s.swf
c:\favoritevideo\InvisibleFolder\20110106163101_yaotiaoshunv110106zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110106184633_oulainuo110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106235116_fanrenxiuxian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107113752_moptianshuqitan110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107113836_moptianshuqitan110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107115220_oulaiya110107zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110107142444_fanrenxiuzhen110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107144725_shinianyijian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107151338_mengbasha110110jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110107152723_mengbasha110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107155910_moplongzhiren110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107155951_moplongzhiren110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107160835_moplongzhiren110109zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107161108_moplongzhiren110109zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107164044_guangyuwendao110108qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107170852_woyouwangluo110107bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107171232_woyouwangluo110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107175703_jiguang110108zanting15s1.swf
c:\favoritevideo\InvisibleFolder\20110107181602_taobao110108cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107181653_taobao110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107181915_taobao110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107182656_taobao110110cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107182758_taobao110110zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107182904_taobao110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107184650_jingjishijie110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185314_nikang110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107185441_nikang110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185901_yimeng110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110110150804_fenghuangchuanshuo110112zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110110151203_fenghuangchuanshuo110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110110161433_guangyuwendao110115qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110110161527_guangyuwendao110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110174648_tianya110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110185008_woyouwangluo110111zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111105058_wopaiwang110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111152957_shenguishijia110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111161918_yimengcaopanshou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174507_juedifanji110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174706_juedifanji110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111174828_juedifanji110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112095745_fankong110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112151008_bianfeng110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112151128_bianfeng101112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112160227_ruishishoubiao110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112160420_xiaogou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112172412_tianxiaer110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112182830_taobao110113cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112182915_taobao110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112183023_taobao110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145421_sanguosha110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145618_sanguosha110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113152901_doufaxiuxian110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113153747_doufa110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113165903_qiantengwang110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114093829_taobao110114cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105016_taobao110115cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105142_taobao110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114105528_taobao110115zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20110114144843_ffanrenxiuxian110115zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114145026_fanrenxiuxian110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114164529_miaoxiandao110117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110114175916_baokuang.swf
c:\favoritevideo\InvisibleFolder\20110117111638_wopaiwang110117zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117170905_yimaishang110118zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110117171735_jinshan110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110117171818_jinshan110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117183157_juedifanji110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135104_shilijia110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135212_shilijia110118cha15s.swf
c:\favoritevideo\InvisibleFolder\20110118151616_guangyu110122qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110118152610_guangyuwendao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118173357_maoxiandao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\ckdll.dll
c:\favoritevideo\InvisibleFolder\externtab(1.0.0.5).zip.tpp
c:\favoritevideo\InvisibleFolder\peer(0).dll
c:\favoritevideo\InvisibleFolder\peer(1).dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pptvcodecsetup.exe.tpp
c:\favoritevideo\InvisibleFolder\pptvsetup_2.6.3.0007_s2.exe
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe
c:\favoritevideo\InvisibleFolder\TipsClient.dll
c:\program files\ymLevel2_Taste
c:\program files\ymLevel2_Taste\INSTALL.LOG
c:\program files\ymLevel2_Taste\L2Host.dat
c:\program files\ymLevel2_Taste\MFC71.dll
c:\program files\ymLevel2_Taste\msvcr71.dll
c:\program files\ymLevel2_Taste\offLogo.mht
c:\program files\ymLevel2_Taste\UNWISE.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-18 08:57 . 2011-08-18 08:57 -------- d-----w- c:\program files\ERUNT
2011-08-18 08:38 . 2011-08-21 14:47 -------- d-----w- C:\REGISTRY BACKUP
2011-08-17 14:11 . 2011-08-17 14:11 -------- d-----w- c:\program files\Trend Micro
2011-08-17 08:06 . 2011-08-17 08:06 -------- d-----w- c:\documents and settings\UpdatusUser
2011-08-17 08:06 . 2011-08-17 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-08-17 06:34 . 2011-08-17 06:34 -------- d-----w- C:\$AVG
2011-08-17 05:05 . 2011-08-17 05:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-17 05:02 . 2011-08-17 05:02 -------- d-----w- C:\New Folder
2011-08-16 06:25 . 2011-08-17 05:02 -------- d-s---w- c:\documents and settings\Administrator
2011-08-16 05:40 . 2011-08-16 05:40 -------- d-----w- c:\documents and settings\Mark Field\Application Data\Malwarebytes
2011-08-16 05:40 . 2011-08-16 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-16 05:40 . 2011-08-17 05:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 06:40 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 06:38 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-28 10:27 . 2011-07-28 10:27 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 09:28 . 2011-05-19 17:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:49 . 2011-02-22 22:33 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-02-22 22:33 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-02-22 22:33 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-02-22 22:33 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-02-22 22:33 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-02-22 22:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2010-01-12 10:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2010-01-12 10:03 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2010-01-12 10:03 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2009-03-27 21:03 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2008-09-17 20:55 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2006-03-03 06:07 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2006-03-03 06:07 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2006-03-03 06:07 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2006-03-03 06:07 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-07-15 13:29 . 2006-03-03 06:04 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 08:20 . 2011-07-12 08:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 08:20 . 2011-07-12 08:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2006-03-03 06:04 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-03-03 21:30 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-03 06:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-03-03 06:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-03-03 06:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-03-03 06:04 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-03-03 06:04 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2006-03-03 06:04 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 20:05 . 2011-02-27 15:37 1530126 ----a-w- c:\program files\StreamTorrent10Build0077.exe
2011-08-17 07:44 . 2011-05-24 16:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-28 5242488]
"uTorrent"="c:\documents and settings\Mark Field\Desktop\utorrent.exe" [2011-03-29 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTA4OTM5NDkwLVQxMS1CQSsxLUtWMys3LVhMKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtTElDKzctRkwxMCsx&prod=90&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mark Field\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK USB Wireless LAN Utility.lnk - c:\program files\REALTEK\USB Wireless LAN Utility\RtWLan.exe [2011-8-18 815104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\progra~1\MESSEN~1\msmsgs.exe" /background
"uTorrent"="c:\documents and settings\Mark Field\Desktop\utorrent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\UseNeXT\\UseNeXT.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Mark Field\\Desktop\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"119:TCP"= 119:TCP:UseNeXT
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19/01/2011 04:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/02/2011 07:54 297168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [15/08/2010 11:15 38144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [17/08/2011 11:06 2255464]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [24/05/2010 09:55 444928]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [19/04/2010 14:45 1050440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30/03/2011 17:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [18/08/2011 12:04 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS --> c:\windows\system32\DRIVERS\LV532AV.SYS [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [13/03/2010 08:32 20480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [03/03/2006 09:04 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mark Field\Application Data\Mozilla\Firefox\Profiles\szrqg7ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-26 17:50:42
ComboFix-quarantined-files.txt 2011-08-26 14:50
.
Pre-Run: 41,914,093,568 bytes free
Post-Run: 42,193,809,408 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=W2BRB6 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=W2BRB6-BAK
.
- - End Of File - - 0EA8078A9A87F084832A405619755994

**km2357** · 2011-08-26, 20:29

A question before we continue.

Did you set up your own proxy server?

uInternet Settings,ProxyServer = 127.0.0.1:8118

**MarkyMark** · 2011-08-27, 13:02

Not to my knowledge! I bought an Emtec Movie Cube a few months ago and had trouble trying to connect it with my PC via the modem and messed around with IP addresses but I didn't set anything on my PC specifically, as far as I know.

I also have a couple of extenders but I set those up on a laptop.

Mark.

Thread: Removal of Win32.Agent.bb???

Thread Tools

Display

Removal of Win32.Agent.bb???

Removal of Win32.Agent.bb

Removal of Win32.Agent.bb

Removal of Win32.Agent.bb

Posting Permissions