1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Google Redirect, Cannot Download Anti-Virus, etc...

Discussion in 'Malware and Virus Removal Archive' started by fklee, 2009/06/20.

Page 2 of 2
  1. 2009/06/22
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEL6CED.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEM2EQM.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEM6L0V.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEMBM50.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IENMUGQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEOU5KZ.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEQZZA9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEULZAG.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEV6EKX.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEVFGU8.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEWQHGI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEWQPF7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEZ7QFG.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IEZZ69O.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IF27QUJ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IF2IO1X.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFASBCB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFCGGLM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFD7SRS.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFFS39P.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFT9XM2.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFTM8NW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFTZOAB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFV9NBU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFVJDE5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFWWYIG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFX58KC.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFY3GH8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IFZ1FDL.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IG0E57M.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IG26VQW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGBRMVQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGCNPWQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGD6I4N.bmp
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGGT8MB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGJ17N0
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGJDIS5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGMSSOC.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGNV60U
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IGYY5C4.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IH2VYXG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IH32MUT.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IH4P3L5.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IH5T9CV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IH60RXK.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IH8OCLC
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHA9K4U.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHCPVKG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHDFPON.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHDH20S.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHF1DS2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHHBA7K
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHIXVPB
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHRG07Y
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IHZHTV2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$II0JRXP.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$II125OC.docx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$II2VH4P.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$II3GZC9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$II3W1TD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$II8XT9P.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IIG0691.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IIG9PHW
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IIGAT2N.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IIGQK7W
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IIMSFQC.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IISPCXB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IIZ0IM1.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJ03EPG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJAWWP7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJAXBPM.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJOIF1K.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJPL6C8
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJPQSJO.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJRZWSG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJSL0EE
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJT96H4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJWI06M.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJX9SGC.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IJZCIUK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IK1E586.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IK1VERF.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IK4NRFK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IK6ZZJW.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKBEACA.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKJEXDI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKPKUQ4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKPYJOW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKUO3J7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKVLKAH.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKVTTMW.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IKXJRB4.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IL9IZL0.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ILC6HUU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ILKTV4R.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ILMVVP9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ILNEQL8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ILOGQZD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ILUINDG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ILX98RG
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IM1K2E8.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IM3YG5N.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IM63GJ7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IM8W97Y.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMAA2T7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMBKN7L
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMBL5K5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMBY14Z.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMCBBXZ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IME1I6E.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMGAZSW.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMH7H6K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMHE9HC.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMKO4EU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMLBNN7.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMLQ76C.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IMT2QHP.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IN48GTS.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IN5FR9K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INDD7HT.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INDR1RW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INFOKVG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INHLLUU.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INJDY2U
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INKA5DX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INQAVSF.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INUM5U5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INYV0U3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$INZXCOP.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IO03URR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IO3XAY1.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IO7TCEQ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOBVJN5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IODVVXD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOEZ4V3.xlsx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOGEB81.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOKAPJ5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOU020D.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOUX41Z
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOWJC6M.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IOWST00.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IP2AQ25.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IP30QDI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IP67NGG
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IP8C2FZ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IP8YROA.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPHP8GR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPLFV1E.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPMPYER.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPOJMJ8.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPT1OMJ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPUL7PW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPXKRU6.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPXOI1Y.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IPY3W6P.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQ0QF0V.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQ3SAFK
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQ62KAM
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQ6KSU7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQ8Y5PA.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQEJOAF.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQJQRJM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQM8C12.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQMZD57.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQP44E9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQQTBAX.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQTWCTW.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQVS9B2.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IQXSS5F.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IR1SSNM.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IR8KXGY
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRFKB4H.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRFQVGU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRG3J9M.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRJ7X9Z.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRK8UA3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRNGSY1.zip
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRP4FDX.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRXIVCN.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IRYV9UV.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IS29CCP.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IS2VXAI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IS49H7E.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IS4CJLZ.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IS52417.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISF2SGZ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISHIFTH.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISHK0MB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISI8F10.bmp
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISN56OX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISNE8TQ.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISTJ8CD.pptx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISTQDBB.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISWFUVQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ISXXHYW
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IT18JFD.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IT27YKR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IT2QOIT.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IT343TO.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IT6RNDF.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IT7YK3B.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ITOR4TF.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ITW48P4.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IU3363F.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IU41LZV.pptx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IU4FF1I.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IU6BUMB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IU6QJNZ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IU7QT2Z.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUAINQD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUARZWH.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUGBOQ3.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUHATUZ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUPGWWZ.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUPU9E5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUUNKXG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IUYTP4H
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IV8R10A.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVAQVMW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVARSR5.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVB0QWD.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVCGG4X.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVCUDZI.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVECB8X.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVIUGZD.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVL394P.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVL5PEB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVSGXDG.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVXID37.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IVYUIEE.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IW1E2R3.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IW2E3OO.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IW68BBV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IW7XR0F
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWCOB24.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWD78Q7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWLX5UF.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWMNVQJ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWONQDW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWOQ15L.jnt
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWPNRA5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IWS1TR3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IX0I6N1.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IX2DNUN
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IX3BG29.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IX68G59.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IX7PKCX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXD1XSF.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXET0GQ.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXHSBQ6.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXM4JFK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXMMJSQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXS3YGO.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXTLYZ8
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXUL1NW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IXXOOHG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IY15LKE.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IY2O7O5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IY31WKR.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IY4GE4Z.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IY4KORX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IYF7OY8.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IYMTGCW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IYN0WRK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IYQ5KZ9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IYWCQTV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IYXFB4N
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IYYZHKM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZ180XG
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZ8AD24.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZ8J3AB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZARMI4.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZE0JB5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZFXD5F.wmv
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZND3QM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZPRGKS.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZQ9V4R.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZVT8HK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZWAG3K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZX51N3.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$IZXADKM.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Dell\Dell Auction.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Dell\Dell Internet Security.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Dell\Dell.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Dell\Support.Dell.Com.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Links\Customize Links.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Links\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Microsoft Websites\IE Add-on site.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Microsoft Websites\IE site on Microsoft.com.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Microsoft Websites\Marketplace.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Microsoft Websites\Microsoft At Home.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Microsoft Websites\Microsoft At Work.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Microsoft Websites\Welcome to IE7.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\MSN Websites\MSN Autos.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\MSN Websites\MSN Entertainment.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\MSN Websites\MSN Money.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\MSN Websites\MSN Sports.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\MSN Websites\MSN.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\MSN Websites\MSNBC News.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Windows Live\Get Windows Live.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Windows Live\Windows Live Gallery.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Windows Live\Windows Live Mail.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04L365\Windows Live\Windows Live Spaces.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R04XJFR.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R05VN9Y\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R0ANKDS.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R0CFUI9.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R0FE0KQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R0PNEDA.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R0U1CA9.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R0WVGKB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R11QM53.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1CE5LF\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1CK8ZE.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1GF0JC.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1H2M9N.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1H3P51.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1I4EUM.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1KOWOY\~$gefactor_com The Most Complete Nicolas Cage Fan Site.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1KOWOY\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1KX330.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1LTEBJ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1NNLCE.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1PLISD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R1ZNK77.xlsx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R29LEFT.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2B7X6Z.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2D5JNV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2DCY95.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2F7PZK.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2GH0ZF.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2IRACL.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2J5JNW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2JT8LC.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2L2X6C.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2RLTH2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2TMXL0.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2W05YJ.pptx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2XC4HF.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2YHOUX\Now Playing.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2YHOUX\Nw Playlist.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2YHOUX\Sync List.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2YHOUX\Untitled Playlist - Shortcut.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2YHOUX\Untitled Playlist.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R2ZBOE6.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R302NEE.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R32MBPY.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R33LPMJ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R35XMSR.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R369PA1.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R381Q84.rtf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R38AP62.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R3LJFHB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R3PZ2Y9.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R3RSDBZ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R3TYYO2.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R3YME8E.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R424136.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R42ID6Z.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R43ZPZG\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R43ZPZG\Teresa K.contact
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R46G2LN.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R46LW0X.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R49GGTI.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R4CS7I8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R4HMYBO.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R4U2KSU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R56LU8Y.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R582WNW.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5AOVS3\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5AOVS3\Sample Videos\Butterfly.wmv
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5AOVS3\Sample Videos\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5AOVS3\Sample Videos\Lake.wmv
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5CMX4G.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5G08TC.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5I215I.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5PH2SS\Ho0oo.docx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5PH2SS\New Microsoft Office Publisher Document - Copy.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5PH2SS\New Microsoft Office Publisher Document.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5QAZVJ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R5RHAHL.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R63TN5X.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6665HW.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R67IMIY.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6DM71B.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6IJJFO.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6JCQXT.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6JGIEP.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6LKOK0.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6PTJ3H.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6W516O.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6WQE9N.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6WUHSG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R6XP80O.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R70PEMP.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R728FPP.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7312LC.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R75883B.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7AP73V.zip
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7CKOOR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7CSACA.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7I7GFH.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7JND26.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7K34LD\Briefcase Database
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7K34LD\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7MNRNF.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7MUPB5.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7NZ53E.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7OJ325.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7VWJPW.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R7YFAZJ.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R812TVO.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R87QYDG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R89WY79.xlsx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R8J3726.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R8OM9JY.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R8VQUYH.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R8Z2MK7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R90UB62.xlsx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R91H78R.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R96NCGP.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R96XME8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R97AP97.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9F4XQY.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9FB6AY.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9IH7MB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9IQ83C.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9ORRVS.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9P0RVV.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9PI32C.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9SWS3I.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9TKUWG.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$R9XAZPL.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RA5A7M3\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RA6EHNF.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RA7O66T.docx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RA7ZY7R.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RABQAZ2.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\01 Track 1.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\02 Track 2.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\03 Track 3.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\04 Track 4.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\05 Track 5.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\06 Track 6.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\07 Track 7.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\08 Track 8.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\09 Track 9.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\10 Track 10.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-14-56 PM)\11 Track 11.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\01 Track 1.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\02 Track 2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\03 Track 3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\04 Track 4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\05 Track 5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\06 Track 6.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\07 Track 7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\08 Track 8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\09 Track 9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\10 Track 10.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\11 Track 11.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-21-09 PM)\12 Track 12.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\01 Track 1.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\02 Track 2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\03 Track 3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\04 Track 4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\05 Track 5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\06 Track 6.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\07 Track 7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\08 Track 8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\09 Track 9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\10 Track 10.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\11 Track 11.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\12 Track 12.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-26-02 PM)\13 Track 13.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\01 Track 1.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\02 Track 2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\03 Track 3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\04 Track 4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\05 Track 5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\06 Track 6.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\07 Track 7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\08 Track 8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\09 Track 9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\10 Track 10.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\11 Track 11.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\12 Track 12.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\13 Track 13.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\14 Track 14.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\15 Track 15.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\16 Track 16.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\17 Track 17.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAD7T4W\Unknown Album (9-19-2007 1-39-30 PM)\18 Track 18.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAF7YQJ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RALN941.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAS267Z.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAU9MEX.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAVKXS3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RAWWMXY.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RB2NEWR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RB2WF1L.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RB7XHSU.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RB7YMKW.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RB9898U.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RB9RJ6P.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RBB5CHL.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RBHJ7HN.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RBPSRDG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RBR6V1E.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RBU6ML0.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC3K9RV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC3XR5I\Analog Clock-Google.gg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC3XR5I\Weather-Google Inc..gg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC3XR5I\World Daylight Alarm Clock-Google.gg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC4NS38.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC5MBP0\Briefcase Database
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC5MBP0\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC5W51I.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RC6HYEH.docx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RCA5U2O.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RCD0YNX.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RCOUDCO.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RCS24P9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RCTIPFB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RCTVMBM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RCV5R90.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RD1P5RQ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RD2U8TT.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RD3VRU9.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RD4KSBX\Default.rdp
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RD4KSBX\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDA4ZOW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDBL82K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDDRZXU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDEUI3K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDJ3JAK.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDLO0R4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDR28LB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDWRN1F.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RDZ1ZFQ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE3LKFE.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE6IT3G.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE6RYPG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE71ZAI.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE7RB6A.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE7TDD2.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE7WHGU.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE8KGRG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RE9OTD7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RECNKRD.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REFZ59Q\Desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REFZ59Q\GameExplorer.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REL6CED.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REM2EQM.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REM6L0V.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REMBM50.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RENMUGQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REOU5KZ.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REQZZA9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REULZAG.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REV6EKX.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REVFGU8.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REWQHGI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REWQPF7.wma
     
    fklee,
    #21
  2. 2009/06/22
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REZ7QFG.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$REZZ69O.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RF27QUJ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RF2IO1X.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFASBCB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFCGGLM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFD7SRS.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFFS39P.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFT9XM2.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFTM8NW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFTZOAB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFV9NBU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFVJDE5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFWWYIG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFX58KC.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFY3GH8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RFZ1FDL.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RG0E57M.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RG26VQW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGBRMVQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGCNPWQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGD6I4N.bmp
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGGT8MB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGJ17N0\forum.spark-forumID=42218&p=1.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGJ17N0\New Folder\Desert Landscape.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGJDIS5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGMSSOC.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RGYY5C4.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH2VYXG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH32MUT.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH4P3L5.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH5T9CV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH60RXK.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Autumn Leaves.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Creek.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Desert Landscape.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Dock.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Forest Flowers.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Forest.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Frangipani Flowers.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Garden.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Green Sea Turtle.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Humpback Whale.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\New Briefcase\Briefcase Database
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\New Briefcase\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\New Briefcase\Waterfall.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\New Briefcase\Winter Leaves.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Oryx Antelope.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Toco Toucan.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RH8OCLC\Sample Pictures\Tree.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHA9K4U.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHCPVKG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHDFPON.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHDH20S.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHF1DS2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHIXVPB\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHRG07Y\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RHZHTV2.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RI0JRXP.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RI125OC.docx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RI2VH4P.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RI3GZC9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RI3W1TD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RI8XT9P.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIG0691.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGAT2N.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Home.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Projects\Audio.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Projects\Backup.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Projects\Copy.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Projects\Data.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Projects\DVD and Video.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Projects\Photo.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIGQK7W\Projects\Tools.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIMSFQC.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RISPCXB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RIZ0IM1.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJ03EPG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJAWWP7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJAXBPM.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJOIF1K.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{208F236E-B511-4949-BDF9-3791602ED53A}_Large.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{208F236E-B511-4949-BDF9-3791602ED53A}_Small.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{2BEDE989-0477-48C8-8E85-D5FC97494EC0}_Large.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{2BEDE989-0477-48C8-8E85-D5FC97494EC0}_Small.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{81244B04-70BE-47F1-9A5E-2026093D598F}_Large.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{81244B04-70BE-47F1-9A5E-2026093D598F}_Small.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{CA6465E3-92B8-4969-B053-E091250B3E3E}_Large.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{CA6465E3-92B8-4969-B053-E091250B3E3E}_Small.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Large.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Small.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{DAAE5A7A-D07D-4C7C-AE7B-E926C737721B}_Large.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{DAAE5A7A-D07D-4C7C-AE7B-E926C737721B}_Small.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{F87D14E5-4DEB-4169-B9EA-D067EBCD4297}_Large.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArt_{F87D14E5-4DEB-4169-B9EA-D067EBCD4297}_Small.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\AlbumArtSmall.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\Folder.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPL6C8\Pictures.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJPQSJO.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJRZWSG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJSL0EE\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJT96H4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJWI06M.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJX9SGC.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RJZCIUK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RK1E586.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RK1VERF.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RK4NRFK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RK6ZZJW.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKBEACA.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKJEXDI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKPKUQ4.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKPYJOW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKUO3J7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKVLKAH.accdb
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKVTTMW.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RKXJRB4.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RL9IZL0.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RLC6HUU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RLKTV4R.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RLMVVP9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RLNEQL8.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RLOGQZD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RLUINDG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RLX98RG\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RM1K2E8.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RM3YG5N.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RM63GJ7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RM8W97Y.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMAA2T7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMBKN7L\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMBKN7L\Welcome Scan.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMBL5K5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMBY14Z.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMCBBXZ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RME1I6E.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMGAZSW.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMH7H6K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMHE9HC.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMKO4EU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMLBNN7.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMLQ76C.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RMT2QHP.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RN48GTS.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RN5FR9K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNDD7HT.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNDR1RW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNFOKVG.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNHLLUU.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNJDY2U\Drafts\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNJDY2U\Inbox\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNKA5DX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNQAVSF.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNUM5U5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNYV0U3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RNZXCOP.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RO03URR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RO3XAY1.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RO7TCEQ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ROBVJN5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RODVVXD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ROEZ4V3.xlsx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ROGEB81.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ROKAPJ5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ROU020D.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ROWJC6M.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$ROWST00.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RP2AQ25.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RP30QDI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RP67NGG\Desert Landscape.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RP8C2FZ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RP8YROA.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPHP8GR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPLFV1E.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPMPYER.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPOJMJ8.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPT1OMJ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPUL7PW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPXKRU6.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPXOI1Y.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RPY3W6P.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQ0QF0V.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQ3SAFK\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQ62KAM\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQ6KSU7.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQ8Y5PA.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQEJOAF.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQJQRJM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQM8C12.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQMZD57.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQP44E9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQQTBAX.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQTWCTW.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQVS9B2.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RQXSS5F.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RR1SSNM.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RR8KXGY\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRFKB4H.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRFQVGU.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRG3J9M.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRJ7X9Z.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRK8UA3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRNGSY1.zip
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRP4FDX.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRXIVCN.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RRYV9UV.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RS29CCP.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RS2VXAI.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RS49H7E.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RS4CJLZ.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RS52417.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSF2SGZ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSHIFTH.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSHK0MB.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSI8F10.bmp
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSN56OX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSNE8TQ.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSTJ8CD.pptx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSTQDBB.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSWFUVQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RSXXHYW\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RT18JFD.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RT27YKR.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RT2QOIT.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RT343TO.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RT6RNDF.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RT7YK3B.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RTOR4TF.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RTW48P4.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RU3363F.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RU41LZV.pptx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RU4FF1I.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RU6BUMB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RU6QJNZ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RU7QT2Z.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RUAINQD.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RUARZWH.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RUGBOQ3.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RUHATUZ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RUPGWWZ.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RUPU9E5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RUUNKXG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RV8R10A.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVAQVMW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVARSR5.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVB0QWD.pub
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVCGG4X.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVCUDZI.mht
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVECB8X.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVIUGZD.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVL394P.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVL5PEB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVSGXDG.png
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVXID37.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RVYUIEE.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RW1E2R3.jpg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RW2E3OO.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RW68BBV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWCOB24.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWD78Q7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWLX5UF.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWMNVQJ.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWONQDW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWOQ15L.jnt
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWPNRA5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RWS1TR3.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RX0I6N1.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RX2DNUN\Drafts\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RX2DNUN\Inbox\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RX2DNUN\Inbox\WelcomeFax.tif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RX3BG29.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RX68G59.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RX7PKCX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXD1XSF.wmf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXET0GQ.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXHSBQ6.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXM4JFK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXMMJSQ.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXS3YGO.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXTLYZ8\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXUL1NW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RXXOOHG.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RY15LKE.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RY2O7O5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RY31WKR.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RY4GE4Z.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RY4KORX.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RYF7OY8.mp3
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RYMTGCW.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RYN0WRK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RYQ5KZ9.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RYWCQTV.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RYYZHKM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\GameExplorer.lnk
     
    fklee,
    #22


  3. to hide this advert.

  4. 2009/06/22
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\addbonus.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\board_out.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\bonus.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\buriedappear.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\buriedmatched.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\buriedunmatched.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\click.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\cursebad.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\cursegood.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\dialog.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\dialoggrowl.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\endround.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\extralife.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\fall.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\gemclick.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\gemland.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\go.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\growl.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\hint.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\iwin.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\jqtheme.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\match.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\match2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\mismatch.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\music1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\music2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\music3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\music4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\music5.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\popuphint.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\ready.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_amb1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_amb2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_amb3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_amb4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_amb5.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flash1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flash2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flash3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flash4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flash5.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flicker1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flicker2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flicker3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flicker4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_flicker5.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_punctuate1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_punctuate2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_punctuate3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_punctuate4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_punctuate5.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win3_crackle.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win3_flare.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win5_1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win5_2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win5_3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win5_4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\st_win5_5.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\timesup.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\ting.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\tock.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\win1.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\win2.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\win3.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\win4.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\audio\win5.ogg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\Buy More Games!.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\ddelname.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\dentername.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\dhighdetail.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\doptions.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\dplayas.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\drules.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\jewel.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\menu.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\menudialog.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\splash.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\splashanim.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\story.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\vendor.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\cfg\vendordetails.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\debug.txt
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\fonts\bankgbtm.ttf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\fonts\bnkgothm.ttf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\fonts\notepad.ttf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\fonts\Xpressive.ttf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\framework.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\again.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\ArrowCursor.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\balloon.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\between0.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\between1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\between2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\between3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\between4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\between5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\between5text.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\betweenrank.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bignums.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bigtext1.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bigtext2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bigtext3.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bigtext4.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bigtext5.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bigtext6.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board1-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board1-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board1-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board1-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board1-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board2-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board2-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board2-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board2-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board2-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board2-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board3-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board3-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board3-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board3-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board3-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board3-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board3-7.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-7.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board4-8.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-10.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-7.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-8.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\board5-9.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bookmenu.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\bottomoverlay.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried2-2.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried2-3.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried2-4.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried2-5.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried2-6.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried2-7.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried3-3.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried3-4.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried3-5.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried3-6.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried3-7.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried3-8.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried4-4.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried4-5.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried4-6.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried4-7.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried4-8.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried4-9.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried5-4.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried5-5.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried5-6.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried5-7.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried5-8.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\buried5-9.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\changeBtn.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\continue.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dback.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dcancel.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dcheck.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\ddelete.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\ddone.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\ddonesmall.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\ddown.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dhead.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dicon.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dknob.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dmenuhighscores.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dmenumain.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dmenuoptions.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dmenureplayany.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dmenurestart.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dmenurules.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dmenuunpause.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dnext.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dno.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dok.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dprev.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dradio.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dsliderl.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dsliderr.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dup.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\dyes.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\end.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endroundarrows.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endrounddialog.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endrounddialog1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endrounddialog2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endroundno.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endroundpath.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endroundrank.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endroundtryagain.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endroundx.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\endroundyes.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint1.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint3.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint4.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint5.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint6.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint7.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hint8.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\hostbtn.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item1.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item10.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item10m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item10m1.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item10m2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item10m3.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item1m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item2.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item2m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item3.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item3m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item4.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item4m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item5.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item5m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item6.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item6m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item7.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item7m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item8.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item8m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item9.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\item9m.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\jewel.gif
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\jqlogo.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\largedialog.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\leftoverlay.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\level0.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\level1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\level2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\level3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\level4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\level5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\lives.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\livesnums.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\lose.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\marker.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menu.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menu1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menu2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menu3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menu4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menu5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menudialogbottom.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menudialogmid.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\menudialogtop.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\moreinfo.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\optionsbtn.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\optionsdialog.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\playasdialog.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\quitbtn.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\radventurer.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rboards.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rcancel.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\replayanydialogoverlay.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rexcavator.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rexplorer.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rightoverlay.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\routline.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rplayboard.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rresearcher.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rslider.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rsurveyor.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rulesbtn.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\rulesstrip.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\scoreslevellable.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\scoreslevelnums.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\scoresranks.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\scoresviewgame.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\scoresviewlevel.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\smalldialog.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\space0.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\space1.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\space1m.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\space2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\space2m.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\start.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\startbtn.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue1-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue1-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue1-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue1-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue1-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue2-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue2-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue2-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue2-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue2-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue2-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue3-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue3-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue3-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue3-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue3-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue3-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue3-7.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-7.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue4-8.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-10.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-6.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-7.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-8.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statue5-9.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statueeyes1.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statueeyes2.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statueeyes3.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statueeyes4.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\statueeyes5.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\Thumbs.dbe
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timereye1.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timereye2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timereye3.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timereye4.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timereye5.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timerhead1.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timerhead2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timerhead3.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timerhead4.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timerhead5.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timertongue1.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timertongue2.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timertongue3.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timertongue4.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\timertongue5.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\topoverlay.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\images\updatebtn.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\iWin Games.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\iwin.ico
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\JewelQuest.exe
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\jpeg.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\libpng1.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\license.rtf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\MumboJumbo Games.url
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\players.cfge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\readme.rtf
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\SDL.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\SDL_gfx.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\SDL_image.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\SDL_mixer.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\SDL_ttf.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\bg_intro.jpge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\com.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\cone.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\i.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\iW.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\iWi.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\iWin.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\iWin_com.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\n.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\star.pnge
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\splash\w.gife
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\stderr.txt
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\stdout.txt
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\Uninstall.exe
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\vorbis.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\vorbisfile.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ180XG\Jewel Quest\zlib.dll
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ8AD24.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZ8J3AB.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZARMI4.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZE0JB5.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZFXD5F.wmv
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZND3QM.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZPRGKS.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZQ9V4R.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZVT8HK.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZWAG3K.wma
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZX51N3.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\$RZXADKM.wpl
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1004\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$I00VW1X
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$I4MIKRX
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$I6NGWDH
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IBQEF57.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IPUNJ1N
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IQYY2L7.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IRO0CRJ
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IS0UB6R
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IS2IB9Y
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IYMDUE4
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$IYULYY0
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$R00VW1X\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$R4MIKRX\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RPUNJ1N\Dell AIO Printer 946 - Shortcut.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RPUNJ1N\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RPUNJ1N\Jewel Quest.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RRO0CRJ\CD Drive.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RRO0CRJ\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RRO0CRJ\Pictures.lnk
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS0UB6R\Book1.xlsx
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS0UB6R\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS0UB6R\My Google Gadgets\Analog Clock-Google.gg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS0UB6R\My Google Gadgets\Weather-Google Inc..gg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS0UB6R\My Google Gadgets\World Daylight Alarm Clock-Google.gg
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS2IB9Y\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS2IB9Y\Everywhere.search-ms
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RS2IB9Y\Indexed Locations.search-ms
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RYMDUE4\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RYMDUE4\Klee.contact
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\$RYULYY0\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1006\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1007\$INCYING
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1007\$IWLKRMY
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-1007\desktop.ini
    c:\$recycle.bin\S-1-5-21-3264931571-3061508423-1144595183-500\desktop.ini
    c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500\desktop.ini
    c:\windows\system32\drivers\MSIVXnpywxfelaqvijowbcwlnebbhiibqcvel.sys
    c:\windows\system32\MSIVXcount
    c:\windows\system32\MSIVXmlhijnmgfdglairfcdvqiqyccspibvqu.dll
    c:\windows\system32\MSIVXvogbhiwdvbjcgkeiduyvbthewnnjmaev.dll
    c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

    ----- BITS: Possible infected sites -----

    hxxp://downloadfixandlove.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_MSIVXserv.sys
     
    fklee,
    #23
  5. 2009/06/22
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
    .

    2009-06-23 00:21 . 2009-06-23 00:21 -------- d-----w- c:\users\fe\AppData\Local\temp
    2009-06-23 00:21 . 2009-06-23 00:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2009-06-20 18:55 . 2009-06-20 18:55 -------- d-----w- c:\users\fe\AppData\Local\WinZip
    2009-06-20 18:54 . 2009-06-22 00:04 -------- d-----w- c:\programdata\WinZip
    2009-06-20 04:51 . 2009-06-14 21:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
    2009-06-20 04:21 . 2009-06-20 04:51 -------- d-----w- c:\programdata\AVG Security Toolbar
    2009-06-20 04:15 . 2009-06-20 04:19 -------- d-----w- c:\program files\Wise Registry Cleaner
    2009-06-09 20:02 . 2009-04-21 12:04 2028032 ----a-w- c:\windows\system32\win32k.sys
    2009-06-09 20:02 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-23 00:10 . 2009-02-15 09:08 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2009-06-23 00:10 . 2007-07-27 11:52 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2009-06-23 00:08 . 2009-02-14 15:59 -------- d-----w- c:\users\fe\AppData\Roaming\FrostWire
    2009-06-22 00:54 . 2009-06-22 00:53 -------- d-----w- c:\program files\FrostWire
    2009-06-22 00:53 . 2009-06-22 00:53 -------- d-----w- c:\program files\AskBarDis
    2009-06-22 00:35 . 2007-07-27 11:50 -------- d-----w- c:\program files\Microsoft Small Business
    2009-06-22 00:15 . 2007-09-13 17:28 -------- d-----w- c:\program files\Cosmi
    2009-06-22 00:14 . 2009-03-25 23:39 -------- d-----w- c:\program files\Common Files\Adobe
    2009-06-21 22:29 . 2007-12-10 21:45 0 ----a-w- c:\users\fe\AppData\Local\WavXMapDrive.bat
    2009-06-21 22:28 . 2009-02-15 09:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2009-06-21 21:11 . 2009-06-21 21:11 -------- d-----w- c:\programdata\Avira
    2009-06-21 21:11 . 2009-06-21 21:11 -------- d-----w- c:\program files\Avira
    2009-06-20 18:53 . 2007-07-27 11:48 -------- d-----w- c:\program files\Google
    2009-06-20 04:44 . 2007-10-02 19:08 12884 ----a-w- c:\users\fe\AppData\Roaming\nvModes.dat
    2009-06-20 04:05 . 2007-07-27 11:45 -------- d-----w- c:\programdata\McAfee
    2009-06-20 03:40 . 2007-07-27 11:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-20 03:39 . 2009-03-24 03:59 -------- d-----w- c:\users\fe\AppData\Roaming\Move Networks
    2009-06-20 03:39 . 2009-03-27 04:46 -------- d-----w- c:\program files\MySpace
    2009-06-17 13:49 . 2009-04-06 03:34 -------- d-----w- c:\users\fe\AppData\Roaming\FMZilla
    2009-06-15 08:04 . 2007-07-27 11:42 -------- d-----w- c:\programdata\Microsoft Help
    2009-06-15 08:02 . 2007-07-27 11:48 -------- d-----w- c:\program files\Microsoft SQL Server
    2009-06-08 22:25 . 2007-08-03 17:06 -------- d-----w- c:\program files\Dl_cats
    2009-06-01 23:43 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe
    2009-05-15 17:28 . 2009-03-02 04:19 -------- d-----w- c:\users\fe\AppData\Roaming\U3
    2009-05-13 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-05-05 23:31 . 2009-05-05 23:31 266400 ----a-w- c:\users\fe\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
    2009-05-05 23:31 . 2009-05-05 23:31 -------- d-----w- c:\users\fe\AppData\Roaming\McAfee
    2009-04-24 16:22 . 2009-06-09 20:01 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-24 16:14 . 2009-06-09 20:01 56320 ----a-w- c:\windows\system32\iesetup.dll
    2009-04-24 16:14 . 2009-06-09 20:01 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-24 16:11 . 2009-06-09 20:01 72704 ----a-w- c:\windows\system32\admparse.dll
    2009-04-24 13:53 . 2009-06-09 20:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-04-24 12:25 . 2009-06-09 20:01 48128 ----a-w- c:\windows\system32\mshtmler.dll
    2009-04-23 13:01 . 2009-06-09 20:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-03-30 15:33 . 2009-06-21 21:11 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-03-28 01:36 . 2009-04-10 03:40 290816 ----a-w- c:\windows\system32\TubeFinder.exe
    2009-03-25 22:55 . 2008-01-18 07:33 33280 ----a-w- c:\windows\system32\identprv.dll
    2009-03-25 16:06 . 2009-05-08 23:35 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
    2009-03-25 16:06 . 2009-05-08 23:35 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2009-03-25 16:06 . 2009-05-08 23:35 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2009-03-25 16:06 . 2009-05-08 23:35 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2009-03-25 16:05 . 2009-05-08 23:35 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
    2006-11-22 14:54 . 2006-11-22 14:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    2006-11-02 12:35 . 2006-11-02 12:35 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]
    "WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
    "NvSvc "= "c:\windows\system32\nvsvc.dll" [2007-05-08 86016]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-08 8429568]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-08 81920]
    "NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2007-05-08 67584]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2007-04-03 17920]
    "FaxCenterServer "= "c:\program files\Dell Fax Solutions\fm3032.exe" [2006-12-08 312200]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "SecureUpgrade "= "c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 218688]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-27 77824]
    "WavXMgr "= "c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 66560]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX(5)\PDVDDXSrv.exe" [2006-10-20 118784]
    "DLCICATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
    "dlcimon.exe "= "c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-12-08 435080]
    "SearchSettings "= "c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-27 50688]
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-27 45056]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F75C6257-A48D-4268-AE4D-F8A37FFF53DE} "= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{7158A2F4-6AFA-4BFB-83A0-2D9819CDDFAA} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{69A72F80-67AD-407E-9149-21D8262377A5} "= UDP:c:\windows\System32\wercon.exe:problem Reports and Solutions
    "{458847D0-93F3-414F-AF95-CF40A5EA4B7D} "= TCP:c:\windows\System32\wercon.exe:problem Reports and Solutions
    "{21C797A5-F662-4827-BA6D-41EE869C1372} "= UDP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
    "{77D7D91D-6AFB-4E6C-975F-EE2F26729035} "= TCP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
    "{3C8EF798-F6B6-4095-A0BB-49D268BEBF74} "= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:printer Status Window
    "{C6D1851B-090D-4C71-B624-FDE07846E238} "= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:printer Status Window
    "{B5949471-F6E2-44B7-848D-0B2D3DDC0F09} "= UDP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
    "{05C81B09-4125-44BF-B1C2-0A763243ACB4} "= TCP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
    "{6530BB7A-134A-4B37-9F53-591DD8C70B14} "= UDP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
    "{570C3276-EDAD-4C19-9BBF-81ECE3201453} "= TCP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
    "{5AE37BC8-8293-469F-8C79-DAACE03C2081} "= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
    "{78FB0AEE-A13F-45DB-8F9E-552E94597827} "= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
    "TCP Query User{34D212F4-D0C2-4318-9FA5-32DD370F9FC1}c:\\program files\\frostwire\\frostwire.exe "= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
    "UDP Query User{E7C27DFC-BDDC-490F-848A-E35D9473A30E}c:\\program files\\frostwire\\frostwire.exe "= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
    "{DAF9E743-32CF-4BF4-A29D-84FF50C5F7E8} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{EA2F77CC-EEBE-4FC7-829A-63FB4571602E} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{1D453F68-E655-4666-AC8A-1F6AE2408033} "= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{33CCE6D5-2F6A-43A3-8005-574517503429} "= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "TCP Query User{CC02E206-229E-4EC1-9879-1807A172C931}c:\\program files\\frostwire\\frostwire.exe "= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
    "UDP Query User{EB2889BA-804B-44A6-8EC1-597AFAB0057D}c:\\program files\\frostwire\\frostwire.exe "= TCP:c:\program files\frostwire\frostwire.exe:FrostWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "SNMP-1 "= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:mad:%SystemRoot%\system32\snmp.exe,-5|

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/21/2009 4:11 PM 108289]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
    R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [12/10/2007 5:56 PM 179712]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4/14/2006 10:07 AM 28933976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    rsmsvcs REG_MULTI_SZ ntmssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-23 c:\windows\Tasks\User_Feed_Synchronization-{433BA65C-1449-4D22-9CB2-31CAAB8D5D06}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
    HKLM-Run-1157840481 - c:\progra~1\eGames\BRICKS~1\Register\EGAMES~1.EXE
    HKLM-Run-408809432 - c:\progra~1\eGames\SHOOTT~1\Register\EGAMES~1.EXE


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070727
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-22 19:21
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3264931571-3061508423-1144595183-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?? "=hex:1d,80,b4,e0,87,bd,bf,b2,a6,a5,af,c9,f7,2e,d9,67,5d,14,b2,b8,74,73,df,
    b0,f0,17,48,db,19,72,12,ee,86,74,5c,47,a7,9c,99,4d,f8,7e,d0,17,c6,66,47,70,\
    "?? "=hex:bf,d1,6f,46,1c,39,f6,b2,17,ce,e8,09,ca,ce,da,9d

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(608)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll
    .
    Completion time: 2009-06-23 19:23
    ComboFix-quarantined-files.txt 2009-06-23 00:23

    Pre-Run: 41,559,482,368 bytes free
    Post-Run: 41,672,359,936 bytes free

    1697 --- E O F --- 2009-06-15 08:04
     
    fklee,
    #24
  6. 2009/06/22
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:29:51 PM, on 6/22/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16851)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX(5)\PDVDDXSrv.exe "
    O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe "
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8076 bytes
     
    fklee,
    #25
  7. 2009/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\Tasks\User_Feed_Synchronization-{433BA65C-1449-4D22-9CB2-31CAAB8D5D06}.job
c:\windows\system32\msfeedssync.exe

Folder::
c:\programdata\AVG Security Toolbar
c:\users\fe\AppData\Roaming\McAfee
c:\program files\AskBarDis
c:\program files\Search Settings
c:\program files\Common Files\McAfee

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "SearchSettings "=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
 "{F75C6257-A48D-4268-AE4D-F8A37FFF53DE} "=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
 "{1D453F68-E655-4666-AC8A-1F6AE2408033} "=-
 "{33CCE6D5-2F6A-43A3-8005-574517503429} "=-

RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #26
  8. 2009/06/23
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    ComboFix 09-06-20.04 - fe 06/23/2009 19:02.2 - NTFSx86
    Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2046.1143 [GMT -5:00]
    Running from: F:\Combo-Fix.exe
    Command switches used :: c:\users\fe\Desktop\CFScript - Shortcut.lnk
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
    .

    2009-06-24 00:05 . 2009-06-24 00:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2009-06-23 00:29 . 2009-06-23 00:29 -------- d-----w- c:\program files\Trend Micro
    2009-06-23 00:28 . 2009-06-24 00:01 -------- d-s---w- C:\ComboFix
    2009-06-23 00:23 . 2009-06-24 00:05 -------- d-----w- c:\users\fe\AppData\Local\temp
    2009-06-22 00:53 . 2009-06-22 00:54 -------- d-----w- c:\program files\FrostWire
    2009-06-22 00:53 . 2009-06-22 00:53 -------- d-----w- c:\program files\AskBarDis
    2009-06-21 21:11 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-06-21 21:11 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-06-21 21:11 . 2009-06-21 21:11 -------- d-----w- c:\programdata\Avira
    2009-06-21 21:11 . 2009-06-21 21:11 -------- d-----w- c:\program files\Avira
    2009-06-20 18:55 . 2009-06-20 18:55 -------- d-----w- c:\users\fe\AppData\Local\WinZip
    2009-06-20 18:54 . 2009-06-22 00:04 -------- d-----w- c:\programdata\WinZip
    2009-06-20 04:51 . 2009-06-14 21:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
    2009-06-20 04:21 . 2009-06-20 04:51 -------- d-----w- c:\programdata\AVG Security Toolbar
    2009-06-20 04:15 . 2009-06-20 04:19 -------- d-----w- c:\program files\Wise Registry Cleaner
    2009-06-09 20:02 . 2009-04-21 12:04 2028032 ----a-w- c:\windows\system32\win32k.sys
    2009-06-09 20:02 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-24 00:05 . 2009-02-14 15:59 -------- d-----w- c:\users\fe\AppData\Roaming\FrostWire
    2009-06-23 23:47 . 2009-02-15 09:08 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2009-06-23 00:10 . 2007-07-27 11:52 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2009-06-22 00:35 . 2007-07-27 11:50 -------- d-----w- c:\program files\Microsoft Small Business
    2009-06-22 00:15 . 2007-09-13 17:28 -------- d-----w- c:\program files\Cosmi
    2009-06-22 00:14 . 2009-03-25 23:39 -------- d-----w- c:\program files\Common Files\Adobe
    2009-06-21 22:29 . 2007-12-10 21:45 0 ----a-w- c:\users\fe\AppData\Local\WavXMapDrive.bat
    2009-06-21 22:28 . 2009-02-15 09:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2009-06-20 18:53 . 2007-07-27 11:48 -------- d-----w- c:\program files\Google
    2009-06-20 04:44 . 2007-10-02 19:08 12884 ----a-w- c:\users\fe\AppData\Roaming\nvModes.dat
    2009-06-20 04:05 . 2007-07-27 11:45 -------- d-----w- c:\programdata\McAfee
    2009-06-20 03:40 . 2007-07-27 11:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-20 03:39 . 2009-03-24 03:59 -------- d-----w- c:\users\fe\AppData\Roaming\Move Networks
    2009-06-20 03:39 . 2009-03-27 04:46 -------- d-----w- c:\program files\MySpace
    2009-06-17 13:49 . 2009-04-06 03:34 -------- d-----w- c:\users\fe\AppData\Roaming\FMZilla
    2009-06-15 08:04 . 2007-07-27 11:42 -------- d-----w- c:\programdata\Microsoft Help
    2009-06-15 08:02 . 2007-07-27 11:48 -------- d-----w- c:\program files\Microsoft SQL Server
    2009-06-08 22:25 . 2007-08-03 17:06 -------- d-----w- c:\program files\Dl_cats
    2009-06-01 23:43 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe
    2009-05-15 17:28 . 2009-03-02 04:19 -------- d-----w- c:\users\fe\AppData\Roaming\U3
    2009-05-13 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-05-05 23:31 . 2009-05-05 23:31 266400 ----a-w- c:\users\fe\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
    2009-05-05 23:31 . 2009-05-05 23:31 -------- d-----w- c:\users\fe\AppData\Roaming\McAfee
    2009-04-24 16:22 . 2009-06-09 20:01 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-24 16:14 . 2009-06-09 20:01 56320 ----a-w- c:\windows\system32\iesetup.dll
    2009-04-24 16:14 . 2009-06-09 20:01 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-24 16:11 . 2009-06-09 20:01 72704 ----a-w- c:\windows\system32\admparse.dll
    2009-04-24 13:53 . 2009-06-09 20:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-04-24 12:25 . 2009-06-09 20:01 48128 ----a-w- c:\windows\system32\mshtmler.dll
    2009-04-23 13:01 . 2009-06-09 20:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-03-28 01:36 . 2009-04-10 03:40 290816 ----a-w- c:\windows\system32\TubeFinder.exe
    2006-11-22 14:54 . 2006-11-22 14:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    2006-11-02 12:35 . 2006-11-02 12:35 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\WinMail.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-23_00.21.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-23 01:04 . 2009-06-23 01:04 89102 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
    + 2007-12-10 21:05 . 2009-06-23 23:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2007-12-10 21:05 . 2009-06-22 23:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-12-10 21:05 . 2009-06-23 23:55 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2007-12-10 21:05 . 2009-06-22 23:55 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2007-12-10 21:05 . 2009-06-23 23:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-12-10 21:05 . 2009-06-22 23:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2007-12-18 00:16 . 2009-06-23 23:47 337540 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
    + 2009-02-02 23:07 . 2009-02-02 23:07 1914440 c:\windows\Downloaded Program Files\CONFLICT.4\FP_AX_CAB_INSTALLER.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]
    "WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
    "NvSvc "= "c:\windows\system32\nvsvc.dll" [2007-05-08 86016]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-08 8429568]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-08 81920]
    "NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2007-05-08 67584]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2007-04-03 17920]
    "FaxCenterServer "= "c:\program files\Dell Fax Solutions\fm3032.exe" [2006-12-08 312200]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "SecureUpgrade "= "c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 218688]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-27 77824]
    "WavXMgr "= "c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 66560]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX(5)\PDVDDXSrv.exe" [2006-10-20 118784]
    "DLCICATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
    "dlcimon.exe "= "c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-12-08 435080]
    "SearchSettings "= "c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-27 50688]
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-27 45056]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F75C6257-A48D-4268-AE4D-F8A37FFF53DE} "= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{7158A2F4-6AFA-4BFB-83A0-2D9819CDDFAA} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{69A72F80-67AD-407E-9149-21D8262377A5} "= UDP:c:\windows\System32\wercon.exe:problem Reports and Solutions
    "{458847D0-93F3-414F-AF95-CF40A5EA4B7D} "= TCP:c:\windows\System32\wercon.exe:problem Reports and Solutions
    "{21C797A5-F662-4827-BA6D-41EE869C1372} "= UDP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
    "{77D7D91D-6AFB-4E6C-975F-EE2F26729035} "= TCP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
    "{3C8EF798-F6B6-4095-A0BB-49D268BEBF74} "= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:printer Status Window
    "{C6D1851B-090D-4C71-B624-FDE07846E238} "= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:printer Status Window
    "{B5949471-F6E2-44B7-848D-0B2D3DDC0F09} "= UDP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
    "{05C81B09-4125-44BF-B1C2-0A763243ACB4} "= TCP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
    "{6530BB7A-134A-4B37-9F53-591DD8C70B14} "= UDP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
    "{570C3276-EDAD-4C19-9BBF-81ECE3201453} "= TCP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
    "{5AE37BC8-8293-469F-8C79-DAACE03C2081} "= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
    "{78FB0AEE-A13F-45DB-8F9E-552E94597827} "= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
    "TCP Query User{34D212F4-D0C2-4318-9FA5-32DD370F9FC1}c:\\program files\\frostwire\\frostwire.exe "= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
    "UDP Query User{E7C27DFC-BDDC-490F-848A-E35D9473A30E}c:\\program files\\frostwire\\frostwire.exe "= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
    "{DAF9E743-32CF-4BF4-A29D-84FF50C5F7E8} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{EA2F77CC-EEBE-4FC7-829A-63FB4571602E} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{1D453F68-E655-4666-AC8A-1F6AE2408033} "= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{33CCE6D5-2F6A-43A3-8005-574517503429} "= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "TCP Query User{CC02E206-229E-4EC1-9879-1807A172C931}c:\\program files\\frostwire\\frostwire.exe "= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
    "UDP Query User{EB2889BA-804B-44A6-8EC1-597AFAB0057D}c:\\program files\\frostwire\\frostwire.exe "= TCP:c:\program files\frostwire\frostwire.exe:FrostWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "SNMP-1 "= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:mad:%SystemRoot%\system32\snmp.exe,-5|

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/21/2009 4:11 PM 108289]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
    R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [12/10/2007 5:56 PM 179712]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4/14/2006 10:07 AM 28933976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    rsmsvcs REG_MULTI_SZ ntmssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{433BA65C-1449-4D22-9CB2-31CAAB8D5D06}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070727
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-23 19:05
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3264931571-3061508423-1144595183-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?? "=hex:1d,80,b4,e0,87,bd,bf,b2,a6,a5,af,c9,f7,2e,d9,67,5d,14,b2,b8,74,73,df,
    b0,f0,17,48,db,19,72,12,ee,86,74,5c,47,a7,9c,99,4d,f8,7e,d0,17,c6,66,47,70,\
    "?? "=hex:bf,d1,6f,46,1c,39,f6,b2,17,ce,e8,09,ca,ce,da,9d

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(608)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll
    .
    Completion time: 2009-06-24 19:06
    ComboFix-quarantined-files.txt 2009-06-24 00:06
    ComboFix2.txt 2009-06-23 00:23

    Pre-Run: 38,697,099,264 bytes free
    Post-Run: 38,679,359,488 bytes free

    200 --- E O F --- 2009-06-23 08:01
     
    fklee,
    #27
  9. 2009/06/23
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:10:44 PM, on 6/23/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16851)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\FrostWire\FrostWire.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX(5)\PDVDDXSrv.exe "
    O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe "
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8196 bytes
     
    fklee,
    #28
  10. 2009/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you sure, you used Notepad to save Combofix script, because nothing was removed?
     
    broni,
    #29
  11. 2009/06/23
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    I'm going to try again.
     
    fklee,
    #30
  12. 2009/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok...
     
    broni,
    #31
  13. 2009/06/23
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    ComboFix 09-06-22.0E - fe 06/23/2009 19:27.3 - NTFSx86
    Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2046.1062 [GMT -5:00]
    Running from: c:\users\fe\Downloads\Combo-Fix.exe
    Command switches used :: c:\users\fe\Desktop\CFScript - Shortcut.lnk
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
    .

    2009-06-24 00:30 . 2009-06-24 00:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2009-06-23 00:29 . 2009-06-23 00:29 -------- d-----w- c:\program files\Trend Micro
    2009-06-23 00:28 . 2009-06-24 00:01 -------- d-s---w- C:\ComboFix
    2009-06-23 00:23 . 2009-06-24 00:30 -------- d-----w- c:\users\fe\AppData\Local\temp
    2009-06-22 00:53 . 2009-06-22 00:54 -------- d-----w- c:\program files\FrostWire
    2009-06-22 00:53 . 2009-06-22 00:53 -------- d-----w- c:\program files\AskBarDis
    2009-06-21 21:11 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-06-21 21:11 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-06-21 21:11 . 2009-06-21 21:11 -------- d-----w- c:\programdata\Avira
    2009-06-21 21:11 . 2009-06-21 21:11 -------- d-----w- c:\program files\Avira
    2009-06-20 18:55 . 2009-06-20 18:55 -------- d-----w- c:\users\fe\AppData\Local\WinZip
    2009-06-20 18:54 . 2009-06-22 00:04 -------- d-----w- c:\programdata\WinZip
    2009-06-20 04:51 . 2009-06-14 21:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
    2009-06-20 04:21 . 2009-06-20 04:51 -------- d-----w- c:\programdata\AVG Security Toolbar
    2009-06-20 04:15 . 2009-06-20 04:19 -------- d-----w- c:\program files\Wise Registry Cleaner
    2009-06-09 20:02 . 2009-04-21 12:04 2028032 ----a-w- c:\windows\system32\win32k.sys
    2009-06-09 20:02 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-24 00:30 . 2009-02-14 15:59 -------- d-----w- c:\users\fe\AppData\Roaming\FrostWire
    2009-06-23 23:47 . 2009-02-15 09:08 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2009-06-23 00:10 . 2007-07-27 11:52 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2009-06-22 00:35 . 2007-07-27 11:50 -------- d-----w- c:\program files\Microsoft Small Business
    2009-06-22 00:15 . 2007-09-13 17:28 -------- d-----w- c:\program files\Cosmi
    2009-06-22 00:14 . 2009-03-25 23:39 -------- d-----w- c:\program files\Common Files\Adobe
    2009-06-21 22:29 . 2007-12-10 21:45 0 ----a-w- c:\users\fe\AppData\Local\WavXMapDrive.bat
    2009-06-21 22:28 . 2009-02-15 09:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2009-06-20 18:53 . 2007-07-27 11:48 -------- d-----w- c:\program files\Google
    2009-06-20 04:44 . 2007-10-02 19:08 12884 ----a-w- c:\users\fe\AppData\Roaming\nvModes.dat
    2009-06-20 04:05 . 2007-07-27 11:45 -------- d-----w- c:\programdata\McAfee
    2009-06-20 03:40 . 2007-07-27 11:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-20 03:39 . 2009-03-24 03:59 -------- d-----w- c:\users\fe\AppData\Roaming\Move Networks
    2009-06-20 03:39 . 2009-03-27 04:46 -------- d-----w- c:\program files\MySpace
    2009-06-17 13:49 . 2009-04-06 03:34 -------- d-----w- c:\users\fe\AppData\Roaming\FMZilla
    2009-06-15 08:04 . 2007-07-27 11:42 -------- d-----w- c:\programdata\Microsoft Help
    2009-06-15 08:02 . 2007-07-27 11:48 -------- d-----w- c:\program files\Microsoft SQL Server
    2009-06-08 22:25 . 2007-08-03 17:06 -------- d-----w- c:\program files\Dl_cats
    2009-06-01 23:43 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe
    2009-05-15 17:28 . 2009-03-02 04:19 -------- d-----w- c:\users\fe\AppData\Roaming\U3
    2009-05-13 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-05-05 23:31 . 2009-05-05 23:31 266400 ----a-w- c:\users\fe\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
    2009-05-05 23:31 . 2009-05-05 23:31 -------- d-----w- c:\users\fe\AppData\Roaming\McAfee
    2009-04-24 16:22 . 2009-06-09 20:01 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-24 16:14 . 2009-06-09 20:01 56320 ----a-w- c:\windows\system32\iesetup.dll
    2009-04-24 16:14 . 2009-06-09 20:01 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-24 16:11 . 2009-06-09 20:01 72704 ----a-w- c:\windows\system32\admparse.dll
    2009-04-24 13:53 . 2009-06-09 20:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-04-24 12:25 . 2009-06-09 20:01 48128 ----a-w- c:\windows\system32\mshtmler.dll
    2009-04-23 13:01 . 2009-06-09 20:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-03-28 01:36 . 2009-04-10 03:40 290816 ----a-w- c:\windows\system32\TubeFinder.exe
    2006-11-22 14:54 . 2006-11-22 14:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    2006-11-02 12:35 . 2006-11-02 12:35 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\WinMail.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-23_00.21.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-23 01:04 . 2009-06-23 01:04 89102 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
    + 2007-12-10 21:05 . 2009-06-24 00:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2007-12-10 21:05 . 2009-06-22 23:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-12-10 21:05 . 2009-06-24 00:11 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2007-12-10 21:05 . 2009-06-22 23:55 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2007-12-10 21:05 . 2009-06-24 00:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-12-10 21:05 . 2009-06-22 23:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2007-12-18 00:16 . 2009-06-23 23:47 337540 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
    + 2009-02-02 23:07 . 2009-02-02 23:07 1914440 c:\windows\Downloaded Program Files\CONFLICT.4\FP_AX_CAB_INSTALLER.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]
    "WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
    "NvSvc "= "c:\windows\system32\nvsvc.dll" [2007-05-08 86016]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-08 8429568]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-08 81920]
    "NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2007-05-08 67584]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2007-04-03 17920]
    "FaxCenterServer "= "c:\program files\Dell Fax Solutions\fm3032.exe" [2006-12-08 312200]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "SecureUpgrade "= "c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 218688]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-27 77824]
    "WavXMgr "= "c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 66560]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX(5)\PDVDDXSrv.exe" [2006-10-20 118784]
    "DLCICATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
    "dlcimon.exe "= "c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-12-08 435080]
    "SearchSettings "= "c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-27 50688]
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-27 45056]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F75C6257-A48D-4268-AE4D-F8A37FFF53DE} "= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{7158A2F4-6AFA-4BFB-83A0-2D9819CDDFAA} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{69A72F80-67AD-407E-9149-21D8262377A5} "= UDP:c:\windows\System32\wercon.exe:problem Reports and Solutions
    "{458847D0-93F3-414F-AF95-CF40A5EA4B7D} "= TCP:c:\windows\System32\wercon.exe:problem Reports and Solutions
    "{21C797A5-F662-4827-BA6D-41EE869C1372} "= UDP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
    "{77D7D91D-6AFB-4E6C-975F-EE2F26729035} "= TCP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
    "{3C8EF798-F6B6-4095-A0BB-49D268BEBF74} "= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:printer Status Window
    "{C6D1851B-090D-4C71-B624-FDE07846E238} "= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:printer Status Window
    "{B5949471-F6E2-44B7-848D-0B2D3DDC0F09} "= UDP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
    "{05C81B09-4125-44BF-B1C2-0A763243ACB4} "= TCP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
    "{6530BB7A-134A-4B37-9F53-591DD8C70B14} "= UDP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
    "{570C3276-EDAD-4C19-9BBF-81ECE3201453} "= TCP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
    "{5AE37BC8-8293-469F-8C79-DAACE03C2081} "= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
    "{78FB0AEE-A13F-45DB-8F9E-552E94597827} "= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:FineScanManager
    "TCP Query User{34D212F4-D0C2-4318-9FA5-32DD370F9FC1}c:\\program files\\frostwire\\frostwire.exe "= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
    "UDP Query User{E7C27DFC-BDDC-490F-848A-E35D9473A30E}c:\\program files\\frostwire\\frostwire.exe "= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
    "{DAF9E743-32CF-4BF4-A29D-84FF50C5F7E8} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{EA2F77CC-EEBE-4FC7-829A-63FB4571602E} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{1D453F68-E655-4666-AC8A-1F6AE2408033} "= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{33CCE6D5-2F6A-43A3-8005-574517503429} "= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "TCP Query User{CC02E206-229E-4EC1-9879-1807A172C931}c:\\program files\\frostwire\\frostwire.exe "= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
    "UDP Query User{EB2889BA-804B-44A6-8EC1-597AFAB0057D}c:\\program files\\frostwire\\frostwire.exe "= TCP:c:\program files\frostwire\frostwire.exe:FrostWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "SNMP-1 "= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:mad:%SystemRoot%\system32\snmp.exe,-5|

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/21/2009 4:11 PM 108289]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
    R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [12/10/2007 5:56 PM 179712]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4/14/2006 10:07 AM 28933976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    rsmsvcs REG_MULTI_SZ ntmssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{433BA65C-1449-4D22-9CB2-31CAAB8D5D06}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070727
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-23 19:30
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3264931571-3061508423-1144595183-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?? "=hex:1d,80,b4,e0,87,bd,bf,b2,a6,a5,af,c9,f7,2e,d9,67,5d,14,b2,b8,74,73,df,
    b0,f0,17,48,db,19,72,12,ee,86,74,5c,47,a7,9c,99,4d,f8,7e,d0,17,c6,66,47,70,\
    "?? "=hex:bf,d1,6f,46,1c,39,f6,b2,17,ce,e8,09,ca,ce,da,9d

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(608)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll
    .
    Completion time: 2009-06-24 19:31
    ComboFix-quarantined-files.txt 2009-06-24 00:31
    ComboFix2.txt 2009-06-24 00:06
    ComboFix3.txt 2009-06-23 00:23

    Pre-Run: 38,724,771,840 bytes free
    Post-Run: 38,702,252,032 bytes free

    201 --- E O F --- 2009-06-23 08:01
     
    fklee,
    #32
  14. 2009/06/23
    fklee

    fklee Inactive Thread Starter

    Joined:
    2009/06/20
    Messages:
    26
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:36:49 PM, on 6/23/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16851)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\FrostWire\FrostWire.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX(5)\PDVDDXSrv.exe "
    O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe "
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8032 bytes
     
    fklee,
    #33
  15. 2009/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure, what's going on here, so....

    Uninstall Combofix:

    Go Start > Run
    Type in:
    combofix /u
    Note the space between the "combofix" and the "/u "
    Restart computer.

    =================================================================

    Please download DrWeb CureIt (http://www.freedrweb.com/) & save it to your desktop.

    Scan with DrWeb-CureIt as follows:

    * Double-click on drweb-cureit.exe and then click Start. Click OK in a pop-up window allowing Express Scan
    o This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
    * Once the short scan has finished, Click Options > Change settings
    * Choose the Scan tab and uncheck Heuristic analysis and click OK
    * Back at the main window, select the Complete scan button.
    * Then click the Green Arrow [​IMG] Start Scanning button on the right and the scan will start.
    o Click Yes to all if it asks if you want to cure/move any file(s).
    * When the scan is done...
    * In the Dr.Web CureIt menu on top left, click File and choose Save report list.
    * Save the DrWeb.csv report to your Desktop.
    * Exit Dr.Web Cureit.


    * Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

    * After reboot. Leave the Dr. Web CureIt log on the desktop.

    Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan a pop-up window will appear, asking you to buy a full version. Simply close the pop-up window.
     
    broni,
    #34
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...