Inactive Explorer.exe keeps restarting and .dll errors

Elzinho Ammar · Feb 21, 2013

Hi,
OS : windows 7 32-bit
I have a problem with my explorer.exe. it keeps on restarting and the only way to stop it it to run task manager and stop process. then all I have is a blank wallpaper. Also once I log in alot of .dll errors start popping up. the only way I can navigate by opening up task manager and running control panel. From there I can go to all my folders or open any word, excel files but I can't run anything on administrator mode or any anti-virus softwares. Another thing is tt My internet connection is lost, it can detect my home wiFi but it can't connect to the internet.

Thanks,
Ammar

[LEFT][LEFT]Elzinho Ammar, Mond[/LEFT][/LEFT]

Jay Pfoutz · Feb 21, 2013

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Farbar Recovery Scan Tool x86

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to get the 32-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

Jay Pfoutz · Feb 23, 2013

How is this going so far?

Elzinho Ammar · Feb 26, 2013

Sorry been away. heres the logs.
can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2013 01
Ran by SYSTEM at 26-02-2013 22:29:47
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-15] (Panda Security)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1561768 2012-05-03] (Ask)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-16] ()
HKLM\...\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray [37152 2012-07-12] (Panda Security, S.L.)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296096 2012-10-21] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKU\elyaziedm\...\Run: [EPSON Stylus CX4100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /FU "C:\Windows\TEMP\E_SED9D.tmp" /EF "HKCU" [177664 2007-01-18] (SEIKO EPSON CORPORATION)
HKU\elyaziedm\...\Run: [Google Update] "C:\Users\elyaziedm\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2010-11-02] (Google Inc.)
HKU\elyaziedm\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-26] (Google Inc.)
HKU\elyaziedm\...\Run: [] [x]
HKU\elyaziedm\...\Run: [SRS WOW HD for ViewSonic] "C:\Program Files\SRS Labs\WOW HD for ViewSonic\SRSViewSonic_Win32.exe" /hideme [1908736 2008-11-12] (SRS Labs, Inc.)
HKU\elyaziedm\...\Run: [PCSpeedUp] C:\Program Files\PC Speed Up\PCSpeedUp.lnk [2403 2011-11-03] ()
Startup: C:\Users\elyaziedm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) ===================

3 Adobe Version Cue CS4; "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-14] (Adobe Systems Incorporated)
2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-02-14] (SurfRight B.V.)
2 NanoServiceMain; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140064 2012-07-12] (Panda Security, S.L.)
2 NSL; "C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe" /s "NSL" /m "C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.17\diMaster.dll" /prefetch:1 [303544 2011-10-11] (Symantec Corporation)
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-14] ()
2 PSUAService; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [36640 2012-07-12] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

1 ccSet_NST; C:\Windows\system32\drivers\NST\0200000.011\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-11-03] (DT Soft Ltd)
3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [67584 2007-01-31] (ENE Technology Inc.)
3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [46592 2007-01-31] (ENE Technology Inc.)
3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [61952 2007-01-31] (ENE Technology Inc.)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-22] (Windows (R) Win 7 DDK provider)
1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-26] (Panda Security, S.L.)
1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-26] (Panda Security, S.L.)
1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-26] (Panda Security, S.L.)
1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-26] (Panda Security, S.L.)
1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-26] (Panda Security, S.L.)
4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-26] (Panda Security, S.L.)
1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-26] (Panda Security, S.L.)
1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-26] (Panda Security, S.L.)
1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-26] (Panda Security, S.L.)
1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-26] (Panda Security, S.L.)
1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-11] (Panda Security, S.L.)
1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-26] (Panda Security, S.L.)
2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-12] (Panda Security, S.L.)
2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-12] (Panda Security, S.L.)
1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-12] (Panda Security, S.L.)
2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-12] (Panda Security, S.L.)
2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-12] (Panda Security, S.L.)
3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-02] (MCCI Corporation)
3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [15112 2007-04-02] (MCCI Corporation)
3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [108680 2007-04-02] (MCCI Corporation)
3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [23176 2007-04-02] (MCCI Corporation)
3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [99080 2007-04-02] (MCCI Corporation)
3 SRS_ViewSonic; C:\Windows\System32\drivers\srs_ViewSonic_i386.sys [37504 2008-03-23] ()
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-19] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-19] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-19] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-19] (Microsoft Corporation)
3 cpuz132; \??\C:\Users\ELYAZI~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-02-26 22:29 - 2013-02-26 22:29 - 00000000 ____D C:\FRST
2013-02-17 18:28 - 2013-02-17 16:44 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\elyaziedm\Desktop\explorer.exe
2013-02-17 16:35 - 2013-02-17 16:46 - 00000000 ____D C:\Users\elyaziedm\Desktop\CCE
2013-02-14 01:09 - 2013-02-14 01:09 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-02-14 01:09 - 2013-02-14 01:09 - 00000000 ____D C:\Program Files\HitmanPro
2013-02-14 01:08 - 2013-02-17 16:12 - 00000000 ____D C:\ProgramData\HitmanPro

==================== One Month Modified Files and Folders ========

2013-02-26 22:29 - 2013-02-26 22:29 - 00000000 ____D C:\FRST
2013-02-18 12:14 - 2010-04-24 16:04 - 02042339 ____A C:\Windows\WindowsUpdate.log
2013-02-17 16:46 - 2013-02-17 16:35 - 00000000 ____D C:\Users\elyaziedm\Desktop\CCE
2013-02-17 16:44 - 2013-02-17 18:28 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\elyaziedm\Desktop\explorer.exe
2013-02-17 16:31 - 2010-04-24 01:17 - 00000000 ____D C:\users\elyaziedm
2013-02-17 16:29 - 2010-04-24 01:24 - 01984552 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-17 16:23 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-17 16:23 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-17 16:17 - 2012-06-18 04:57 - 00000000 ____D C:\Users\elyaziedm\AppData\Local\CrashDumps
2013-02-17 16:16 - 2009-07-13 20:53 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-17 16:16 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-17 16:16 - 2009-07-13 20:39 - 00101638 ____A C:\Windows\setupact.log
2013-02-17 16:12 - 2013-02-14 01:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-02-14 01:09 - 2013-02-14 01:09 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-02-14 01:09 - 2013-02-14 01:09 - 00000000 ____D C:\Program Files\HitmanPro

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2038.43 MB
Available physical RAM: 1638.66 MB
Total Pagefile: 2038.43 MB
Available Pagefile: 1636.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:118.7 GB) (Free:1.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:20.59 GB) (Free:15.97 GB) NTFS
4 Drive f: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 1901 MB 0 B

Partitions of Disk 0:
===============

Disk ID: E567D393

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 9 GB 31 KB
Partition 2 Primary 118 GB 9 GB
Partition 3 Primary 20 GB 128 GB

=========================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 NTFS Partition 9 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 118 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 20 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 47D51AB8

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1899 MB 1784 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1899 MB Healthy

=========================================================

Last Boot: 2012-11-14 08:45

==================== End Of Log ============================

Elzinho Ammar · Feb 26, 2013

Thanks for helping out. Appreciate it much.

Farbar Recovery Scan Tool (x86) Version: 23-02-2013 01
Ran by SYSTEM at 2013-02-26 22:32:17
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Elzinho Ammar · Feb 26, 2013

BUMP! in case you thought I was abandoning the forum

Jay Pfoutz · Feb 26, 2013

No need for that. I know you're around.

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\elyaziedm\...\Run: [PCSpeedUp] C:\Program Files\PC Speed Up\PCSpeedUp.lnk [2403 2011-11-03] ()
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went. Let me know how the computer is working so far...

Elzinho Ammar · Feb 27, 2013

Hi,
It still has the same problems, .dll errors and explorer.exe keeps restarting.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2013 01
Ran by SYSTEM at 2013-02-27 17:39:58 Run:1
Running from F:\

==============================================

HKEY_USERS\elyaziedm\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp Value deleted successfully.

==== End of Fixlog ====

Jay Pfoutz · Feb 27, 2013

ComboFix scan

Please download ComboFix

by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Elzinho Ammar · Feb 28, 2013

ComboFix 13-02-26.01 - elyaziedm 28/02/13 22:07:45.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1464 [GMT 8:00]
Running from: c:\users\elyaziedm\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20100827103852_kubiwang100827zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf
c:\favoritevideo\InvisibleFolder\20101104115357_sasa101104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101104135837_shenghuojia101104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101118161832_kuowang101118zhu5s.swf
c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf
c:\favoritevideo\InvisibleFolder\20101201141043_jujing101201yixingqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101202165626_yuandayiyuan101202cha15s.gif
c:\favoritevideo\InvisibleFolder\20101203172801_qianjunpo101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101207230205_fankong101208qipao.swf
c:\favoritevideo\InvisibleFolder\20101208184307_yuanda101208cha15s.gif
c:\favoritevideo\InvisibleFolder\20101214141935_zhoudafu101225zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101214142143_zhoudafu101215cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101216174545_shinianyijian101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217100327_xiangganglvyouju101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217112741_xiaogouwang101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217163844_baidushinianyijian101218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217165709_dafuni101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217183731_caixin101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220144744_biyadi101223zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220144923_biyadi101223cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220164804_vip101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220164848_vip101220zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220170858_pingan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220171122_pingan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220172306_pingan101220houtie.swf
c:\favoritevideo\InvisibleFolder\20101220174642_dongfengrichan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220174837_dongfengrichan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220190559_taobao101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220190717_taobao101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101220210403_shenguishijie101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101221174112_woyouwangluo101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101222094042_shijitiancheng101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222113452_zhengtu101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222164804_tianxiaer101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222174556_jianfengzhanji101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223092638_tianyijue101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223092851_tianyijue101223bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101223114801_tianyijue101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223152005_taobao101224cha15s.swf
c:\favoritevideo\InvisibleFolder\20101223152112_taobao101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223160139_wopaiwang101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101223181149_jianfengzhanji101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101223181313_jianfengzhanji101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224112404_woyouwangluo101224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224112522_woyouwangluo101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135126_wangwangzhiwang3101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135223_wangwangzhiwang3101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135317_wangwangzhiwang3101229zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224135437_wangwangzhiwang3101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224145732_wanmeishenmodalu101226zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224161707_woyouwangluo101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224162116_woyouwangluo101225bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101224165431_91wan101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224171826_taobao101225cha15s.swf
c:\favoritevideo\InvisibleFolder\20101224171910_taobao101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224171958_taobao101225zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101224175557_guangyuwendao101227zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101224181428_taobao101226cha15s.swf
c:\favoritevideo\InvisibleFolder\20101224181513_taobao101226zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101228211855_kfc101228jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101228212043_kfc101228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229171754_taobao101230cha15s.swf
c:\favoritevideo\InvisibleFolder\20101229171842_taobao101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101229175616_tianxiaer101230zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101230102637_tianxiaer110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230103922_tianyijue110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230110836_qinpeng101230zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230142434_zhoudafu101230zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101230142738_zhoudafu101230cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101231151726_pingan101231bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231152742_wopaiwang110103zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231165505_oppo110101zhu15s.MP4
c:\favoritevideo\InvisibleFolder\20101231180112_taobao110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20101231180204_taobao110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231180328_taobao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231192854_woyouwang110104bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231192955_woyouwang110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231194942_shengui110101zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231195034_ruishishoubiao110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231201102_woyouwang110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110104094550_wanglaoji110104zanting15sps.swf
c:\favoritevideo\InvisibleFolder\20110104095524_wanglaoji110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20110104095800_wanglaoji110104jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110104120724_wanglaoji110104zhu15sps.swf
c:\favoritevideo\InvisibleFolder\20110104165621_ruishishoubiao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110104175701_oulainuo110105qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110105145904_wanmeishenguishijie110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105150645_tianxiaer110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105161746_taobao110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105165459_juedifanji110105zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105170002_tianyijue110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105183141_juedifanji110105cha15s.swf
c:\favoritevideo\InvisibleFolder\20110105183309_juedifanji110105zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106152512_shinianyijian110106zaiting15s.swf
c:\favoritevideo\InvisibleFolder\20110106163101_yaotiaoshunv110106zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110106235116_fanrenxiuxian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107142444_fanrenxiuzhen110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107144725_shinianyijian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107151338_mengbasha110110jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110107152723_mengbasha110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107155910_moplongzhiren110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107155951_moplongzhiren110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107160835_moplongzhiren110109zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107161108_moplongzhiren110109zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107164044_guangyuwendao110108qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107170852_woyouwangluo110107bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107171232_woyouwangluo110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107181602_taobao110108cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107181653_taobao110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107181915_taobao110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107182656_taobao110110cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107182758_taobao110110zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107182904_taobao110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107184650_jingjishijie110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185314_nikang110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107185441_nikang110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185901_yimeng110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110110150804_fenghuangchuanshuo110112zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110110151203_fenghuangchuanshuo110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110110161433_guangyuwendao110115qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110110161527_guangyuwendao110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110174648_tianya110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110184927_chenggefengshang110111bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110110185008_woyouwangluo110111zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110110185329_chenggefengshang110111zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110110230157_wpyou110111bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110111105058_wopaiwang110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111152957_shenguishijia110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111161918_yimengcaopanshou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174507_juedifanji110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174706_juedifanji110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111174828_juedifanji110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112095745_fankong110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112151008_bianfeng110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112151128_bianfeng101112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112160227_ruishishoubiao110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112160420_xiaogou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112172412_tianxiaer110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112173519_anjisi110103zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112173712_anjisi110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112182830_taobao110113cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112182915_taobao110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112183023_taobao110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145421_sanguosha110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145618_sanguosha110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113152901_doufaxiuxian110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113153747_doufa110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113165903_qiantengwang110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114093829_taobao110114cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105016_taobao110115cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105142_taobao110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114105528_taobao110115zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20110114144843_ffanrenxiuxian110115zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114145026_fanrenxiuxian110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114164529_miaoxiandao110117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110114175916_baokuang.swf
c:\favoritevideo\InvisibleFolder\20110117111638_wopaiwang110117zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117170905_yimaishang110118zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110117171735_jinshan110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110117171818_jinshan110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117183157_juedifanji110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135104_shilijia110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135212_shilijia110118cha15s.swf
c:\favoritevideo\InvisibleFolder\20110118151616_guangyu110122qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110118152610_guangyuwendao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118173357_maoxiandao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119150345_shinianyijian110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110119151040_shinianyijian110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119171326_wanglaoji110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119172009_wanglaoji110120cha15s.swf
c:\favoritevideo\InvisibleFolder\20110119173551_wanglaoji110120jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110119174611_lumi110119zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110119222239_aiyaya110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110120120903_aiyaya110120jiaobiaob.png
c:\favoritevideo\InvisibleFolder\20110120175139_hanmei110121zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110121125809_aiyaya110121jiaobiao.png
c:\favoritevideo\InvisibleFolder\20110121130405_aiyay110121zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110124114904_aiyaya110124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110125092435_aiyaya110125jiaobiao1.JPG
c:\favoritevideo\InvisibleFolder\20110125153233_huiyuan110125zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110125223521_shijitiancheng110127zanting15a.swf
c:\favoritevideo\InvisibleFolder\20110126134515_hudongbaike110126zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110126140202_tianyayouxi110126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110126140419_tianyayouxi110126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110127115622_huiyuan110127zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110127135839_mengsanguo110128zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110127140610_mengsanguo110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110127191719_anjisi110128zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110127191826_anjisi110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128091826_tiandiyinigxiong110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128092246_tiandiyingxiong110128zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110128115751_moyu110204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128141758_aiyaya110128jiaobiao.JPG
c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110128193852_guangqi110201zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128194022_guangqi110201cha15s.swf
c:\favoritevideo\InvisibleFolder\20110129144448_wendao110131zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110131173248_huiyuan110201cha15sred.swf
c:\favoritevideo\InvisibleFolder\20110131173406_huiyuan110201cha15sor.swf
c:\favoritevideo\InvisibleFolder\20110131173528_huiyuan110201zanting15sred.swf
c:\favoritevideo\InvisibleFolder\20110131173635_huiyuan110201zanting15sor.swf
c:\favoritevideo\InvisibleFolder\20110131174053_huiyuan110201jiao15sred.swf
c:\favoritevideo\InvisibleFolder\20110131174155_huiyuan110201jiao15sor.swf
c:\favoritevideo\InvisibleFolder\20110209170756_wanglaoji110210jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110209170954_wanglaoji110210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110209171115_wanglaoji110210cha15s.swf
c:\favoritevideo\InvisibleFolder\20110210183244_honghuang110210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110211143720_tianxiaer110211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110211151921_480360.png
c:\favoritevideo\InvisibleFolder\20110211161119_400300.jpg

Elzinho Ammar · Feb 28, 2013

c:\favoritevideo\InvisibleFolder\20110212182422_wanzaimatou110213zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110212212316_tianxiaer110214zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215153818_maoxiandao110216qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110215164620_xiaochunzaixian110215zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110215165250_xiaochunzaixian110215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215171948_wendao110215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215172629_zuoxuan110215zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110215172746_zuoxuan110215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215172900_zuoxuan110215qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110215213657_shijitiancheng110218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110216101103_jinsheng110216jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110216101617_zainaer110216jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110217102848_fanrenxiuzhen110217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110217104419_fanrenxiuzhen110217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217115936_51job110217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217121204_51job110301zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217153032_ganjiwang110217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217153640_ganjiwang110217bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110217182439_zhengtu2110217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110218171601_zhengtu2110219zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110218171735_zhengtu2110219qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110218173456_yanhuangyouxi110219zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110218182706_maiwang110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110218185055_yimeng110218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110221162855_taobao110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110221163330_taobao110221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110221163558_taobao110221cha15s.swf
c:\favoritevideo\InvisibleFolder\20110221185002_lvshou110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110222160721_zhengtumianfei110224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110222160855_zhengtumianfei110225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110222161225_zhengtumianfei110224qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110222180543_xiaochunzaixiang110222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110222180855_xiaochunzaixian110222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110223084615_hongghuang110222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224101138_haoya110224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224101426_suning110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110224112519_pinju110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110224145001_haolemai110224cha15s.swf
c:\favoritevideo\InvisibleFolder\20110224145756_haolemai110224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224164100_hudongbaike110225zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110224180735_aotuma110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110225130901_aotuma110225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110225185138_kaixintuan110225yixingqipao.jpg
c:\favoritevideo\InvisibleFolder\20110225193446_kaixinwang110228qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110228135210_diguowenming110228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110228180846_lanmiu110301cha15s.swf
c:\favoritevideo\InvisibleFolder\20110228181112_lanmiu110301zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110228181432_lanmiu110301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301100228_diguowenming110301zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110301104224_gaopeng110301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301141520_taohuawang110301bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110301142105_taohuawang110301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301184330_guangyu110302zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301214329_aojian110302zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110302131501_jiarenmeizhuang110302zt.jpg
c:\favoritevideo\InvisibleFolder\20110302155337_maiwang110303bkqipao.swf
c:\favoritevideo\InvisibleFolder\20110302160427_maiwang110303zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110302161027_maiwang110303zhanting15s.swf
c:\favoritevideo\InvisibleFolder\20110302161314_maiwang110303zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110303155639_n8110303zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110303170427_letaoqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110303170728_letao110304cha15s.swf
c:\favoritevideo\InvisibleFolder\20110303170943_letao110304zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110303181200_maibaobao110304zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110303182716_zhengtu2110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304165815_xianyu110307zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304172051_zhengtu110305zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304173215_xiaochunzaixian110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304173904_xiaochunzaixian110304zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304175623_caipiao110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304180136_yimeng110305zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304180331_yimeng110305zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304181859_lanmiu110305zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304182301_lanmiu110305cha15s.swf
c:\favoritevideo\InvisibleFolder\20110304183352_letao110305zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304183526_letao110305cha15s.swf
c:\favoritevideo\InvisibleFolder\20110304183724_letao110305qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110304184535_rexueshijie110307zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110304194245_baomashouji110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110305114814_jianeng100307zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110305123327_jianeng110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110306131502_tiandiyingxiong110306zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307111147_jianeng110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307165408_tianya110308zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307170537_maiwang110308zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110307170949_maiwang110308zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307171135_maiwang110308cha15s.swf
c:\favoritevideo\InvisibleFolder\20110307171614_xiaochunzaixian110307zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110307171753_xiaochuzaixian110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307175225_DNF110307zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110307175358_dnf110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307182419_zuoxuan110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110308141033_chuangshixiyou110313zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110308141136_chuangshixiyou110309bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110308141230_chuangshixiyou110312zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110308142604_huanxiangshidai110309zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110309171955_huhawang110309zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110309172753_diguowenming110309zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110309182540_jiguang110310zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110310142427_maiwang110311zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110310142655_maiwang110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110310143056_maiwang110311cha15s.swf
c:\favoritevideo\InvisibleFolder\20110310213303_xiyou110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311134216_yaodian100110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311134354_yaodian100110311cha15s.swf
c:\favoritevideo\InvisibleFolder\20110311163707_shoubiao110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311175903_qigou1103111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311180214_qiangxianwang110313zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311180615_huanxiangshidaixiyou110312zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311181215_chuangshixiyou110313zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110311181259_chuangshixiyou110312zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311181537_bmw110311zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110311211857_tankeshijie110314qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110311212019_tankeshijie110313zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110312010240_vip110312zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110314163707_lanmiu110315zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110314163957_lanmiu110315zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314164254_lanmiu110315cha15s.swf
c:\favoritevideo\InvisibleFolder\20110314165927_sasa110314zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314170021_sasa110314cha15s.swf
c:\favoritevideo\InvisibleFolder\20110314173630_shoubiao110314zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314195115_honghuangshidai110315zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314211816_fanren110315zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110314212226_tanke110315zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110315094634_honghuang110315bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110315125550_bmw110315zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110315152058_yaodian110316cha15s.swf
c:\favoritevideo\InvisibleFolder\20110315152309_yaodian110316zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110315172101_changyou110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110315215843_fanren110316zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316172119_ouluna110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316181043_fanrenxiuxian110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316182151_tankeshijie110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316195754_wushen110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316215945_alibaba110317zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110316220050_alibaba110317cha15s.swf
c:\favoritevideo\InvisibleFolder\20110316220239_alibaba110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316221211_caipiao110316zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316221307_caipiao110316bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110317141854_yichuanmei110317qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110317145935_tianlongbabu110318zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110317150024_tianlongbabu110318qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110317154339_maibaobao110318zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110317163607_shenhua110318zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110317170617_yimeng110318zhu15s.MP4
c:\favoritevideo\InvisibleFolder\20110317175626_chuangshixiyou110318bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110317191220_fanrenxiuxian110318zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110317221838_tanke110318zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110318162734_chuangshixiyou110319zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110318163306_fanrenxiuxian110320zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110318172126_airui110318zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110318180416_wushen110319zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110318195523_tiandiyinxiong110318bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110318195654_tiandiyixiong110318zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110318202532_tankeshijie110318zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110318202819_tankeshijie110318zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110319002002_xiyou110320zanting.swf
c:\favoritevideo\InvisibleFolder\20110319002157_xiyou110320zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110319002325_xiyou110320qipao.swf
c:\favoritevideo\InvisibleFolder\20110319234532_xingji110320zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110319234821_xingji110320zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110321142207_hudongbaike110321zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110321170527_duleisi110322zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110321171021_duleisi110322cha15s.swf
c:\favoritevideo\InvisibleFolder\20110321172147_duleisi110322jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110322164832_maiwang110323zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110322170523_maiwang110323bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110322171242_maiwang110323zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110322171445_maiwang110323cha15s.swf
c:\favoritevideo\InvisibleFolder\20110322175616_kongzhongwang110323zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110322181850_wushen110323zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110322183850_pinganchexian110322houtie.swf
c:\favoritevideo\InvisibleFolder\20110322184056_pinganchexian110322qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110322190849_hejian110322zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110322191408_chuangshixiyou110322zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110323093057_pptv110322morenzhu15s.swf
c:\favoritevideo\InvisibleFolder\20110323093215_pptv110323zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110323112144_honghuangshenhua110323zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110323112731_honghuangshenhua110323bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110323115505_shenmozhixue110324zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110323172824_wushen110324zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110323182213_91wan110324qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110323182237_baihe110324zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110323182421_kunxun110324zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110323182653_tuniu110324zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110323182950_baihe110324zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110323183141_kuxun110324zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110323183319_tuniu110324zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110324135557_tankeshijie110325zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110324172544_huifeng110325zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110324172621_qijia110324zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110324172735_huifeng110324zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110324172822_qijiawang110324zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110324182304_sohuweibo110325qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110324182452_sohuweibo110325zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110324195619_xingji110325zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110324195743_xingji110325zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110325165136_airui110325zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110325174213_91wan110326qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110325214938_hudongbaike110328zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110325220727_xingji2110328qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110325224420_xunyou110329zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110326222627_furenguo110327zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110326222724_furenguo110327zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110326222819_furenguo110327bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110328161753_xunyou110329zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110328162329_xunyou110330zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110328171921_xialv110329zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110328172154_xialv110329zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110328224519_xingji2110329qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110328224652_xingji2110329zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110328230519_xingji2110329zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110329112247_xunyou110329zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110330135620_maiwang110330zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110330135907_maiwang110330bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110330140053_maimang110330zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110330140254_maiwang110330cha15s.swf
c:\favoritevideo\InvisibleFolder\20110331115028_91wan110331qipao.swf
c:\favoritevideo\InvisibleFolder\20110331144802_vasshinianyijian110401zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110331144844_vasshinianyijian110401bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110331165855_guangfayinhang110401zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110331165954_guangfayinhang110401zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110331173637_tianxiguangzhimaoxian110401zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110331173737_tianxiguangzhimaoxian110401zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110331191123_91wan110401qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110331204249_24quan110401cha15s.swf
c:\favoritevideo\InvisibleFolder\20110401142134_zhenaiwang110401zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110401155313_shuanyingshan110403zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110401155430_guanyingshan110403zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110401170348_maibaobao110401zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110401171825_jurenzhengtu110402zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110401171934_jurenzhengtu110402qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110401172217_jurenzhengtu110403zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110401181006_jiaoyou110401zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110401183802_aifangwang110406jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110401193045_gaopeng110402zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110401194647_gaopeng110402zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110402112559_pinganchexian110402zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110402112907_pingan110402qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110402135620_lanmiu110403zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110402135808_lanmiu110403zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110402135945_lanmiu110403cha15s.swf
c:\favoritevideo\InvisibleFolder\20110402150348_xingji110406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110402150655_xingji2110406zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110402155610_feixue110405zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110402160741_feixue110405zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110402161315_91wan110403qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110402163147_xiamenyoujiashushanshenhua110406qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110402180421_shushanshenhua110406qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110402231225_gaopeng110403zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110402231324_gaopeng110403zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110403000627_zhengtu110405qipao.swf
c:\favoritevideo\InvisibleFolder\20110403000804_zhengtu110407qipao.swf
c:\favoritevideo\InvisibleFolder\20110403001032_zhengtu110405zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110403001137_zhengtu110407zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110403205605_caipiao110403zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110403205903_caipiao110403bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110403210916_doufaxiuxian110404zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110403211409_doufaxiuxian110404bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110406165908_zhengtu110407zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110406170039_zhengtu110407qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110406171510_shushanshenhua110407zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110406171727_shushanshenhua110407zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110406171925_shushanshenhua110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110406174309_xiaochunzaixian110406bkqipao15s.swf

Elzinho Ammar · Feb 28, 2013

c:\favoritevideo\InvisibleFolder\20110406175558_fanke110406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110407134910_zhengtu110408qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110407135114_zhengtu110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110407154107_maiwang110408bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110407154302_maiwang110408zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110407154517_maiwang110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110407154823_maiwang110408cha15s.swf
c:\favoritevideo\InvisibleFolder\20110407171717_91wan110408qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110407213719_tiandiyingxiong110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408132526_jjshijie110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408133619_jjshijie110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408133827_guangben110408zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408134107_guangben110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408134253_guangben110411cha15s.swf
c:\favoritevideo\InvisibleFolder\20110408143626_zhengtu2110409qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408143721_zhengtu2110410qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408143834_zhengtu2110409zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408160141_menggongchangxiayishijie110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408160235_menggongchangxiayishijie110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408170526_maibaobao110409zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408174809_souhuweibo110409qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408183110_4inlook110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408183250_4inlook110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408183429_4inlook110413cha15s.swf
c:\favoritevideo\InvisibleFolder\20110408183601_fanke110408zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408214743_dell110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408230627_pangu110409zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408230814_jiangxin110410zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408231004_pangu110409zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408231144_jiangxin110410zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110409090633_zhengtu110409qipao2.swf
c:\favoritevideo\InvisibleFolder\20110409090943_zhengtu110409zanting2.swf
c:\favoritevideo\InvisibleFolder\20110409160542_zhengtu110410zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110409160658_zhengtu110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\condisp.dll
c:\favoritevideo\InvisibleFolder\peer(0).dll.tpp
c:\favoritevideo\InvisibleFolder\peer(1).dll
c:\favoritevideo\InvisibleFolder\peer(2).dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0032_s.exe.tpp
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0036_s.exe.tpp
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0038_s.exe
c:\favoritevideo\InvisibleFolder\TipsClient.dll
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011011020110110225500.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011011020110110230246.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110109.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110114.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110120.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110125.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110130.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110204.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110207.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110212.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110217.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110218.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110223.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110228.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110305.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110315.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110320.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110321.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110324.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110329.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110403.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110406.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2011010920110110.zip
c:\program files\I Want This
c:\program files\I Want This\I Want This.ico
c:\program files\I Want This\I Want This.ini
c:\program files\I Want This\I Want ThisInstaller.log
c:\program files\I Want This\Uninstall.exe
c:\users\elyaziedm\AppData\Local\I Want This
c:\users\elyaziedm\AppData\Local\I Want This\Chrome\I Want This.crx
c:\users\elyaziedm\Documents\~WRL0001.tmp
c:\users\elyaziedm\Documents\~WRL1224.tmp
c:\windows\inf\gsiata.inf
c:\windows\inf\gsiata.sys
c:\windows\system32\Config.ini
c:\windows\wininit.ini
.
c:\windows\system32\mswsock.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
.
.
2013-02-28 14:23 . 2011-03-10 10:0446280----a-w-c:\windows\system32\drivers\PSKMAD.sys
2013-02-28 14:21 . 2013-02-28 14:32--------d-----w-c:\users\elyaziedm\AppData\Local\temp
2013-02-28 14:21 . 2013-02-28 14:21--------d-----w-c:\users\Default\AppData\Local\temp
2013-02-28 14:12 . 2013-02-28 14:1260872----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{5824B8D8-7D3E-4E2A-B18D-E46BD8CBAC80}\offreg.dll
2013-02-27 09:42 . 2013-02-28 13:5430616----a-w-c:\windows\system32\drivers\hitmanpro37.sys
2013-02-27 06:29 . 2013-02-27 06:29--------d-----w-C:\FRST
2013-02-14 09:09 . 2013-02-14 09:09--------d-----w-c:\program files\HitmanPro
2013-02-14 09:08 . 2013-02-18 00:12--------d-----w-c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-04 17:06319617--sh--w-c:\windows\System32\SalaatTime.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-19 20:19 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\System32\mswsock.dll
[-] 2010-11-19 20:19 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:0286696----a-w-c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-26 39408]
"SRS WOW HD for ViewSonic"="c:\program files\SRS Labs\WOW HD for ViewSonic\SRSViewSonic_Win32.exe" [2008-11-12 1908736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-12 37152]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-21 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\users\elyaziedm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [x]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [x]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [x]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [x]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [x]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [x]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.011\ccSetx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\srs_ViewSonic_i386.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - PSKMAD
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 15:09]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 09:56]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 09:56]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051932773-3675164257-2742990508-1000Core.job
- c:\users\elyaziedm\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 17:45]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051932773-3675164257-2742990508-1000UA.job
- c:\users\elyaziedm\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 17:45]
.
2012-11-23 c:\windows\Tasks\Norton Security Scan for elyaziedm.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-09-12 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sg/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
AddRemove-EasyRecovery - c:\program files\Ontrack\EasyRecovery\uninstal.exe
AddRemove-I Want This - c:\program files\I Want This\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\HitmanPro\HitmanPro.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2013-02-28 22:38:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-28 14:38
.
Pre-Run: 1,095,061,504 bytes free
Post-Run: 2,871,537,664 bytes free
.
- - End Of File - - AAEC18F5005ADDFB45D532E165307795

Elzinho Ammar · Feb 28, 2013

Hi,
I posted the log for combo-fix above. had to run it from safe-mode.
the .dll errors are still there and explorer.exe is still restarting continuously.

Thanks,

Regards,
Ammar

Jay Pfoutz · Feb 28, 2013

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

ClearJavaCache::

FCopy::
c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll | c:\windows\System32\mswsock.dll

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Elzinho Ammar · Mar 5, 2013

ComboFix 13-02-26.01 - elyaziedm 04/03/13 18:26:03.2.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1474 [GMT 8:00]
Running from: c:\users\elyaziedm\Desktop\ComboFix.exe
Command switches used :: c:\users\elyaziedm\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll --> c:\windows\System32\mswsock.dll
.
((((((((((((((((((((((((( Files Created from 2013-02-04 to 2013-03-04 )))))))))))))))))))))))))))))))
.
.
2013-03-04 10:29 . 2013-03-04 10:29--------d-----w-c:\users\elyaziedm\AppData\Local\temp
2013-03-04 10:29 . 2013-03-04 10:29--------d-----w-c:\users\Default\AppData\Local\temp
2013-02-28 14:12 . 2013-02-28 14:1260872----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{5824B8D8-7D3E-4E2A-B18D-E46BD8CBAC80}\offreg.dll
2013-02-27 06:29 . 2013-02-27 06:29--------d-----w-C:\FRST
2013-02-14 09:09 . 2013-02-14 09:09--------d-----w-c:\program files\HitmanPro
2013-02-14 09:08 . 2013-02-18 00:12--------d-----w-c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-04 17:06319617--sh--w-c:\windows\System32\SalaatTime.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:0286696----a-w-c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-26 39408]
"SRS WOW HD for ViewSonic"="c:\program files\SRS Labs\WOW HD for ViewSonic\SRSViewSonic_Win32.exe" [2008-11-12 1908736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-12 37152]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-21 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\users\elyaziedm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.011\ccSetx86.sys [x]
R1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
R1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
R1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
R1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
R1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
R1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
R1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
R1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
R1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [x]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [x]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [x]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [x]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [x]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [x]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [x]
R3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\srs_ViewSonic_i386.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 15:09]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 09:56]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 09:56]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051932773-3675164257-2742990508-1000Core.job
- c:\users\elyaziedm\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 17:45]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051932773-3675164257-2742990508-1000UA.job
- c:\users\elyaziedm\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 17:45]
.
2012-11-23 c:\windows\Tasks\Norton Security Scan for elyaziedm.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-09-12 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sg/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-04 18:30:46
ComboFix-quarantined-files.txt 2013-03-04 10:30
ComboFix2.txt 2013-02-28 14:38
.
Pre-Run: 2,939,625,472 bytes free
Post-Run: 3,113,246,720 bytes free
.
- - End Of File - - 0B6123E2D51C7202FDDAEA6BEC5859DA

Elzinho Ammar · Mar 5, 2013

Sorry for being a little delayed. I posted the log above. Do take a look.

Thank you mate.

Jay Pfoutz · Mar 5, 2013

Are you able to be in Normal Mode..or not?

Elzinho Ammar · Mar 5, 2013

I cannot run any .exe files like combofix in normal mode. the .dll errors are no more. but explorer.exe still keeps restarting, and my internet connection is unavailable.

Elzinho Ammar · Mar 5, 2013

Sorry, I can now connect to the internet but can't type anything on the search address panel. I suppose that has got something to do with explorer.exe not being able to load.

Jay Pfoutz · Mar 6, 2013

Okay, we'll do best here...

RogueKiller Scan

Download RogueKiller from the following link and save it on your desktop:
TechSpot
Official Site (alternative
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Jay Pfoutz · Mar 8, 2013

How's this going?

Elzinho Ammar · Mar 11, 2013

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : elyaziedm [Admin rights]
Mode : Scan -- Date : 03/11/2013 12:02:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS ATA Device +++++
--- User ---
[MBR] 29e1dc061b137e45665f7036b5afdc7f
[BSP] a42ed0f3cefdd74b134f70f0c5caff31 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 121544 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 269389824 | Size: 21088 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 9192ecf8d5c1a64f546b0fbbd23e828e
[BSP] 4681b8102fbe1b0935959ab6ec6886e3 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 1898 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_03112013_02d1202.txt >>
RKreport[1]_S_03112013_02d1202.txt

Elzinho Ammar · Mar 11, 2013

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : elyaziedm [Admin rights]
Mode : Remove -- Date : 03/11/2013 12:03:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS ATA Device +++++
--- User ---
[MBR] 29e1dc061b137e45665f7036b5afdc7f
[BSP] a42ed0f3cefdd74b134f70f0c5caff31 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 121544 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 269389824 | Size: 21088 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 9192ecf8d5c1a64f546b0fbbd23e828e
[BSP] 4681b8102fbe1b0935959ab6ec6886e3 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 1898 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03112013_02d1203.txt >>
RKreport[1]_S_03112013_02d1202.txt ; RKreport[2]_D_03112013_02d1203.txt

Elzinho Ammar · Mar 11, 2013

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : elyaziedm [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/11/2013 12:08:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 52 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 298 / Fail 0
My documents: Success 5 / Fail 5
My favorites: Success 8 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 18 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 91 / Fail 5
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\CdRom2 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume4 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_03112013_02d1208.txt >>
RKreport[1]_S_03112013_02d1202.txt ; RKreport[2]_D_03112013_02d1203.txt ; RKreport[3]_SC_03112013_02d1208.txt

Elzinho Ammar · Mar 11, 2013

I am doing the tdskiller. and will get back to you.

Thank you

Inactive Explorer.exe keeps restarting and .dll errors

Posts: 43 +0

Posts: 4,279 +49

Posts: 4,279 +49

Posts: 43 +0

Posts: 43 +0

Posts: 43 +0

Posts: 4,279 +49

Posts: 43 +0

Posts: 4,279 +49

Posts: 43 +0

Posts: 43 +0

Posts: 43 +0

Posts: 43 +0

Posts: 4,279 +49

Posts: 43 +0

Posts: 43 +0

Posts: 4,279 +49

Posts: 43 +0

Posts: 43 +0

Posts: 4,279 +49

Posts: 4,279 +49

Posts: 43 +0

Posts: 43 +0

Posts: 43 +0

Posts: 43 +0

Similar threads