Active Google Redirect, Cannot Download Anti-Virus, etc...

[Active] Google Redirect, Cannot Download Anti-Virus, etc...

DDS (Ver_09-05-14.01) - NTFSx86
Run by fe at 14:06:05.72 on Sat 06/20/2009
Internet Explorer: 7.0.6000.16851
Microsoft® Windows Vistaâ„¢ Business 6.0.6000.0.1252.1.1033.18.2046.1009 [GMT -5:00]

SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\CyberLink\PowerDVD DX(5)\PDVDDXSrv.exe
C:\Program Files\Dell AIO Printer 946\DLCImon.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\dlcicoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rpcnet.exe
C:\Windows\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\fe\AppData\Local\Temp\d.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\fe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UYKU2AJ\dds[1].pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070727
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070727
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Cognac] c:\users\fe\appdata\local\temp\d.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe "
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx(5)\PDVDDXSrv.exe "
mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16
mRun: [dlcimon.exe] "c:\program files\dell aio printer 946\dlcimon.exe "
mRun: [1157840481] c:\progra~1\egames\bricks~1\register\egames~1.exe /r "c:\progra~1\egames\bricks~1\register\EGAMES~1.rpd "
mRun: [408809432] c:\progra~1\egames\shoott~1\register\egames~1.exe /r "c:\progra~1\egames\shoott~1\register\EGAMES~1.rpd "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\fe\appdata\local\micros~1\windows\tempor~1\content.ie5\pwiare9s\INDEX_~1.SH!
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.129,85.255.112.84
TCP: {64328480-101C-42C5-AF2D-6C4028F4EB57} = 85.255.112.129,85.255.112.84
TCP: {F6D1313C-31F1-4FED-AD76-7F2476EA6B7C} = 85.255.112.129,85.255.112.84
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-10 179712]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]

=============== Created Last 30 ================

2009-06-20 13:54 <DIR> --d----- c:\programdata\WinZip
2009-06-19 23:21 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-19 23:21 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-19 23:15 <DIR> --d----- c:\program files\Wise Registry Cleaner
2009-06-19 23:12 <DIR> --d----- c:\program files\AVG
2009-06-16 21:53 <DIR> --d----- c:\program files\Trend Micro
2009-06-15 13:22 169,771,002 a------- c:\windows\MEMORY.DMP
2009-06-09 15:02 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-09 15:02 696,832 a------- c:\windows\system32\localspl.dll

==================== Find3M ====================

2009-06-20 13:19 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-06-19 23:44 12,884 a------- c:\users\fe\appdata\roaming\nvModes.dat
2009-06-19 23:43 56,680 a------- c:\windows\system32\rpcnet.dll
2009-06-19 23:04 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-06-01 18:43 56,680 a------- c:\windows\system32\rpcnet.exe
2009-04-24 11:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 11:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 11:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 11:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 11:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 08:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 07:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 08:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-03-27 20:36 290,816 a------- c:\windows\system32\TubeFinder.exe
2009-03-25 17:55 33,280 a------- c:\windows\system32\identprv.dll
2009-02-14 08:50 51,200 a------- c:\windows\inf\infpub.dat
2009-02-14 08:50 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-14 08:50 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-14 08:50 86,016 a------- c:\windows\inf\infstor.dat
2009-02-14 08:48 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-12-12 17:40 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-12-12 17:40 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-12-12 17:40 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2006-11-22 09:54 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
2006-11-02 07:35 397,312 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\WinMail.exe

============= FINISH: 14:06:28.62 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft® Windows Vistaâ„¢ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 12/10/2007 3:27:05 PM
System Uptime: 6/20/2009 5:10:59 AM (9 hours ago)

Motherboard: Dell Inc. | | 0UY141
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 39.721 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP228: 6/13/2009 3:00:14 AM - Windows Update
RP229: 6/14/2009 3:00:14 AM - Windows Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Reader 9.1
biolsp patch
Bricks of Egypt
Broadcom ASF Management Applications
Broadcom Management Programs
Business Complete Care Services Agreement
Business Contact Manager for Outlook 2007 SP1
Championship Mah Jongg
Chuzzle Deluxe 1.01
Conexant HDA D330 MDC V.92 Modem
Dell AIO Printer 946
Dell Embassy Trust Suite by Wave Systems
Dell PC Fax
Dell Resource CD
Dell System Customization Wizard
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
eGames GameButler
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ETS Upgrade
Fingerprint Sensor Minimum Install
Google Toolbar for Internet Explorer
Intel(R) Matrix Storage Manager
Java(TM) SE Runtime Environment 6
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
NetZero Internet and Voice Offer
NTRU TCG Software Stack
NVIDIA Drivers
O2Micro USB Smart Card Reader
PowerDVD
Preboot Manager
Print Perfect Clip Art Deluxe DVD
Print to Fax
Private Information Manager
QuickSet
Roxio Creator BDAV Plugin
Roxio Creator Data
Roxio Creator DE
Roxio Update Manager
SCRABBLE
Search Settings 1.2
Secure Update
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Wizards
Shoot the Roach
The Print Shop® Zoom
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
upekmsi
Wave Infrastructure Installer
Wave Support Software
WinZip 12.1
Wise Registry Cleaner 4 Free 4.62

==== Event Viewer Messages From Past Week ========

6/19/2009 7:00:16 PM, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/19/2009 6:52:46 PM, Error: EventLog [6008] - The previous system shutdown at 6:50:38 PM on 6/19/2009 was unexpected.
6/19/2009 6:48:41 PM, Error: EventLog [6008] - The previous system shutdown at 6:47:04 PM on 6/19/2009 was unexpected.
6/19/2009 6:43:23 PM, Error: EventLog [6008] - The previous system shutdown at 6:41:11 PM on 6/19/2009 was unexpected.
6/19/2009 6:20:14 PM, Error: Service Control Manager [7022] - The Smart Card service hung on starting.
6/19/2009 11:44:19 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/19/2009 11:44:19 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
6/19/2009 11:43:57 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
6/19/2009 11:12:56 PM, Error: Service Control Manager [7000] - The AVG Free On-access Scanner Minifilter Driver x86 service failed to start due to the following error: The system cannot find message text for message number 0xAVG Free On-access Scanner Minifilter Driver x86 in the message file for The system cannot find message text for message number 0x%1 in the message file for %2..
6/19/2009 11:04:41 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.
6/19/2009 11:04:28 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.
6/19/2009 1:19:10 PM, Error: EventLog [6008] - The previous system shutdown at 1:16:54 PM on 6/19/2009 was unexpected.
6/19/2009 1:11:15 PM, Error: EventLog [6008] - The previous system shutdown at 10:10:54 PM on 6/18/2009 was unexpected.
6/18/2009 12:27:24 PM, Error: EventLog [6008] - The previous system shutdown at 12:24:30 PM on 6/18/2009 was unexpected.
6/18/2009 12:17:02 AM, Error: EventLog [6008] - The previous system shutdown at 12:15:00 AM on 6/18/2009 was unexpected.
6/18/2009 12:13:16 AM, Error: EventLog [6008] - The previous system shutdown at 12:10:51 AM on 6/18/2009 was unexpected.
6/18/2009 10:10:32 PM, Error: EventLog [6008] - The previous system shutdown at 10:07:32 PM on 6/18/2009 was unexpected.
6/18/2009 10:05:48 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:07 PM on 6/18/2009 was unexpected.
6/18/2009 10:01:03 PM, Error: EventLog [6008] - The previous system shutdown at 12:29:36 PM on 6/18/2009 was unexpected.
6/17/2009 9:05:26 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:47 PM on 6/17/2009 was unexpected.
6/17/2009 9:01:52 PM, Error: EventLog [6008] - The previous system shutdown at 9:00:13 PM on 6/17/2009 was unexpected.
6/17/2009 8:51:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/17/2009 8:51:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McShield with arguments " " in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/17/2009 8:50:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
6/17/2009 8:47:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/17/2009 8:46:21 AM, Error: EventLog [6008] - The previous system shutdown at 8:44:56 AM on 6/17/2009 was unexpected.
6/17/2009 11:26:23 PM, Error: EventLog [6008] - The previous system shutdown at 11:24:29 PM on 6/17/2009 was unexpected.
6/17/2009 11:18:46 AM, Error: Service Control Manager [7034] - The Dell Internal Network Card Power Management service terminated unexpectedly. It has done this 1 time(s).
6/17/2009 11:02:46 AM, Error: EventLog [6008] - The previous system shutdown at 10:59:42 AM on 6/17/2009 was unexpected.
6/17/2009 10:43:37 PM, Error: EventLog [6008] - The previous system shutdown at 10:42:13 PM on 6/17/2009 was unexpected.
6/16/2009 5:15:47 PM, Error: EventLog [6008] - The previous system shutdown at 5:13:46 PM on 6/16/2009 was unexpected.
6/16/2009 5:12:03 PM, Error: EventLog [6008] - The previous system shutdown at 5:10:19 PM on 6/16/2009 was unexpected.
6/16/2009 4:54:39 PM, Error: EventLog [6008] - The previous system shutdown at 4:53:05 PM on 6/16/2009 was unexpected.
6/16/2009 4:37:50 PM, Error: EventLog [6008] - The previous system shutdown at 4:36:01 PM on 6/16/2009 was unexpected.
6/16/2009 4:30:29 PM, Error: EventLog [6008] - The previous system shutdown at 4:16:43 PM on 6/16/2009 was unexpected.
6/16/2009 4:12:48 PM, Error: EventLog [6008] - The previous system shutdown at 4:11:10 PM on 6/16/2009 was unexpected.
6/16/2009 3:54:06 PM, Error: EventLog [6008] - The previous system shutdown at 3:52:27 PM on 6/16/2009 was unexpected.
6/16/2009 3:46:05 PM, Error: EventLog [6008] - The previous system shutdown at 3:44:26 PM on 6/16/2009 was unexpected.
6/16/2009 3:23:06 PM, Error: EventLog [6008] - The previous system shutdown at 3:20:50 PM on 6/16/2009 was unexpected.
6/16/2009 3:19:02 PM, Error: EventLog [6008] - The previous system shutdown at 3:17:17 PM on 6/16/2009 was unexpected.
6/16/2009 12:55:19 AM, Error: EventLog [6008] - The previous system shutdown at 12:41:55 AM on 6/16/2009 was unexpected.
6/16/2009 12:31:28 AM, Error: EventLog [6008] - The previous system shutdown at 12:30:00 AM on 6/16/2009 was unexpected.
6/16/2009 12:29:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:27:17 AM on 6/16/2009 was unexpected.
6/16/2009 12:14:47 AM, Error: EventLog [6008] - The previous system shutdown at 12:13:14 AM on 6/16/2009 was unexpected.
6/16/2009 10:08:25 PM, Error: EventLog [6008] - The previous system shutdown at 10:06:49 PM on 6/16/2009 was unexpected.
6/16/2009 10:05:10 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:44 PM on 6/16/2009 was unexpected.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC mfehidk MPFP NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2009 10:01:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/16/2009 10:01:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/16/2009 10:00:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/16/2009 10:00:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/16/2009 10:00:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/16/2009 10:00:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/16/2009 10:00:15 PM, Error: EventLog [6008] - The previous system shutdown at 9:58:42 PM on 6/16/2009 was unexpected.
6/15/2009 9:33:45 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {B299BB78-EBBE-48F9-8725-E6A84C4E7C1D} to the user TeresaK-PC\fe SID (S-1-5-21-3264931571-3061508423-1144595183-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/15/2009 8:38:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user TeresaK-PC\fe SID (S-1-5-21-3264931571-3061508423-1144595183-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/15/2009 8:38:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user TeresaK-PC\fe SID (S-1-5-21-3264931571-3061508423-1144595183-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/15/2009 8:38:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user TeresaK-PC\fe SID (S-1-5-21-3264931571-3061508423-1144595183-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/15/2009 8:38:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {375FF000-DD27-11D9-8F9C-0002B3988E81} to the user TeresaK-PC\fe SID (S-1-5-21-3264931571-3061508423-1144595183-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/15/2009 8:38:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user TeresaK-PC\fe SID (S-1-5-21-3264931571-3061508423-1144595183-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/15/2009 7:07:50 PM, Error: EventLog [6008] - The previous system shutdown at 7:06:06 PM on 6/15/2009 was unexpected.
6/15/2009 6:28:51 PM, Error: EventLog [6008] - The previous system shutdown at 6:27:16 PM on 6/15/2009 was unexpected.
6/15/2009 6:23:45 PM, Error: EventLog [6008] - The previous system shutdown at 6:21:47 PM on 6/15/2009 was unexpected.
6/15/2009 1:25:51 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.12 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
6/15/2009 1:22:36 PM, Error: EventLog [6008] - The previous system shutdown at 1:20:47 PM on 6/15/2009 was unexpected.
6/13/2009 3:05:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).

==== End Of File ===========================

 

Ok, sorry, but I do not know how to disable those things...could you please tell me how...

 

I disabled everything, but I get an error message:

"You cannot rename Combofix as Combofix(1)

Please use another name, preferably made up of alphanumeric characters "

 

I didn't say you asked me to rename anything. I was simply telling you that I had received an error message AFTER I disabled everything AND RAN Combofix. I was telling you exactly what the message said...

 

No, I've never DL'ed Combofix, and the error message actually comes in the beginning when I clicked on the DL here or here links.

 

The link doesn't work.

 

I will try that today and get back to you, thanks.

 

Ok, I need to zip my logs for you to analyze further. Unfortunately, I do not know how to do this. But I do have both logs requested!

 

I suppose because their big. But I can seperate them if you'd like.

 

I have to split the Combofix log into 2 parts, and then I'm going to post the Hijack this log...

 

ComboFix 09-06-20.04 - fe 06/22/2009 19:11.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2046.1523 [GMT -5:00]
Running from: F:\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2826133206-2312993737-4083541239-500
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1003
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1007
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\$recycle.bin\S-1-5-21-2826133206-2312993737-4083541239-500\desktop.ini
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1003\desktop.ini
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I00HNZ6
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I04L365
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I04XJFR.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I059S3X
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I05VN9Y
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I0ANKDS.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I0CFUI9.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I0FE0KQ.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I0PNEDA.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I0U1CA9.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I0WVGKB.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I11QM53.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1CE5LF
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1CK8ZE.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1GF0JC.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1H2M9N.pub
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1H3P51.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1I4EUM.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1KOWOY
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1KX330.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1LTEBJ.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1NNLCE.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1PLISD.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I1ZNK77.xlsx
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I29LEFT.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2B7X6Z.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2D5JNV.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2DCY95.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2F7PZK.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2GH0ZF.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2IRACL.gif
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2J5JNW.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2JT8LC.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2L2X6C.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2RLTH2.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2TMXL0.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2W05YJ.pptx
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2XC4HF.jpg
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2YHOUX
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I2ZBOE6.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I302NEE.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I32MBPY.wmf
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I33LPMJ.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I35XMSR.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I369PA1.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I381Q84.rtf
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I38AP62.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I3LJFHB.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I3PZ2Y9.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I3RSDBZ.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I3TYYO2.jpg
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I3YME8E.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I424136.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I42ID6Z.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I43ZPZG
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I46G2LN.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I46LW0X.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I46SI2V
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I49GGTI.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I4CS7I8.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I4HMYBO.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I4U2KSU.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I56LU8Y.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I582WNW.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I5AOVS3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I5CMX4G.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I5G08TC.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I5I215I.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I5PH2SS
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I5QAZVJ.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I5RHAHL.url
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I63TN5X.png
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6665HW.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I67IMIY.mht
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6DM71B.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6IJJFO.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6JCQXT.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6JGIEP.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6LKOK0.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6PTJ3H.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6W516O.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6WQE9N.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6WUHSG.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I6XP80O.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I70PEMP.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I728FPP.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7312LC.png
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I75883B.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7AP73V.zip
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7CKOOR.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7CSACA.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7I7GFH.png
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7JND26.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7K34LD
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7MNRNF.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7MUPB5.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7NZ53E.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7OJ325.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7VWJPW.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I7YFAZJ.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I812TVO.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I87QYDG.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I89WY79.xlsx
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I8FI7XA
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I8J3726.mht
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I8OM9JY.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I8VQUYH.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I8Z2MK7.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I90UB62.xlsx
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I91H78R.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I96NCGP.accdb
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I96XME8.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I97AP97.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9F4XQY.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9FB6AY.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9IH7MB.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9IQ83C.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9ORRVS.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9P0RVV.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9PI32C.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9SWS3I.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9TKUWG.png
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$I9XAZPL.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IA5A7M3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IA6EHNF.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IA7O66T.docx
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IA7ZY7R.wmf
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IABQAZ2.gif
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IAD7T4W
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IAF7YQJ.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IALN941.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IAS267Z.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IAU9MEX.png
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IAVKXS3.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IAWWMXY.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IB2NEWR.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IB2WF1L.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IB7XHSU.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IB7YMKW.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IB9898U.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IB9RJ6P.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IBB5CHL.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IBHJ7HN.mp3
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IBPSRDG.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IBR6V1E.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IBU6ML0.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IC353TN
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IC3K9RV.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IC3XR5I
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IC4NS38.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IC5MBP0
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IC5W51I.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IC6HYEH.docx
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ICA5U2O.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ICD0YNX.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ICOUDCO.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ICS24P9.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ICTIPFB.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ICTVMBM.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ICV5R90.accdb
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ID1P5RQ.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ID2U8TT.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ID3VRU9.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ID4KSBX
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDA4ZOW.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDBL82K.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDDRZXU.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDEUI3K.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDJ3JAK.png
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDLO0R4.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDR28LB.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDWRN1F.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IDZ1ZFQ.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE3LKFE.accdb
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE6IT3G.pub
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE6RYPG.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE71ZAI.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE7RB6A.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE7TDD2.mht
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE7WHGU.accdb
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE8KGRG.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IE9OTD7.wma
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IECNKRD.lnk
c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEFZ59Q