Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow PC, Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow PC, Please help!

Unread postby Justagirl » April 1st, 2009, 1:43 pm

Hello. I have been having major problems with my computer for the last week. It's been running insanely slow- taking up to 10 minutes to load a webpage (cable conn.). I have posted on several computer help forums over the last few days with no help, so I'm hoping I can get a little insight here. I have downloaded & ran AVG & CCleaner. Downloaded Malwarebytes' but am unable to open it. Got ComboFix, but have no idea how to use it. I've also went through my hijack log and deleted a few suspicious looking things. This is my last hope before I reformat my HD. Any help would be greatly appreciated! Thanks. xoxo

Windows XP
Home Edition 2002
Service Pack 2

------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43, on 2009-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Opera\opera.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\windows\System32\svchost.exe
C:\comboofix\NirCmd.cfexe
C:\DOCUME~1\Owner\LOCALS~1\Temp\1107795804.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\windows\system32\nhser43uhjnefr.dll - {c2ba40a2-74f3-42bd-f434-2604812c8954} - C:\windows\system32\nhser43uhjnefr.dll
O4 - HKLM\..\Run: [Ovejux] rundll32.exe "C:\windows\ihozawufilelufi.dll",e
O4 - HKLM\..\Run: [CPM873226e7] Rundll32.exe "c:\windows\system32\govuyoni.dll",a
O4 - HKLM\..\Run: [8401157b] rundll32.exe "C:\windows\system32\digoteri.dll",b
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\1107795804.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\govuyoni.dll
O22 - SharedTaskScheduler: kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\windows\system32\nhser43uhjnefr.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\govuyoni.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\windows\
O23 - Service: CSIScanner (csiscanner) - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 4087 bytes
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm
Advertisement
Register to Remove

Re: Slow PC, Please help!

Unread postby dan12 » April 1st, 2009, 5:15 pm

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Slow PC, Please help!

Unread postby Justagirl » April 1st, 2009, 5:28 pm

First of all, I can't even begin to tell you how I appreciative I am for your help. Thank you. You rock!! :)

I'm not too computer savvy, but as far as I know I have Administrator priviledges, but I'm not positive.

Here is my uninstall list:

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
America Online (Choose which version to remove)
AOL Connectivity Services
Ares 2.1.0
Bonjour
Digital Media Reader
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 11
Kaspersky Internet Security 2009
Kaspersky Internet Security 2009
LimeWire 4.18.8
Microsoft Visual C++ 2005 Redistributable
Multimedia Keyboard Driver
Nero BurnRights
Nero OEM
Onlinebandit 5.70
Opera 9.63
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
S3 S3Config3D
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3RefreshLock
S3 S3TrayPlus
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SoftV92 Data Fax Modem with SmartCP
UniChrome Pro IGP Display Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Messenger
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm

Re: Slow PC, Please help!

Unread postby dan12 » April 1st, 2009, 5:42 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.8
Ares 2.1.0


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


This will overwrite the other you have.

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Slow PC, Please help!

Unread postby Justagirl » April 1st, 2009, 7:07 pm

[[Edited to include Hijackthis log]]

Okay, I uninstalled Limewire & Ares.

When I ran ComboFix, I got a few errors. One of them being "ComboFix has detected the
presence of Rootkit activity and needs to reboot the machine". Several files were listed
under that message. I wrote them down if you need them.

Another was:

Error : C: \Boot.ini is not correctly formatted/

There were also a few errors re files that failed to initialize.

Here is the log:

ComboFix 09-04-01.01 - Owner 2009-04-01 17:26:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702.409 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFixx.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Start Menu\A360
c:\documents and settings\Owner\Start Menu\A360\A360.lnk
c:\documents and settings\Owner\Start Menu\A360\Help.lnk
c:\documents and settings\Owner\Start Menu\A360\Registration.lnk
c:\program files\Common Files\System\Uninstall
c:\program files\Common Files\System\Uninstall\Uninstall A360.lnk
c:\windows\ewamabimonusijeg.dll
c:\windows\iwukivegohekeva.dll
c:\windows\system32\ademidul.ini
c:\windows\system32\afiburiw.ini
c:\windows\system32\agesenut.ini
c:\windows\system32\aheyuhip.ini
c:\windows\system32\ahezofod.ini
c:\windows\system32\amurihuj.ini
c:\windows\system32\aneroyoy.ini
c:\windows\system32\ateyosun.ini
c:\windows\system32\ayukifug.ini
c:\windows\system32\bejifafo.dll
c:\windows\system32\bizijeju.dll
c:\windows\system32\bufojodi.dll
c:\windows\system32\byqkol.dll
c:\windows\system32\cbdswd.dll
c:\windows\system32\danuzihi.dll
c:\windows\system32\digoteri.dll
c:\windows\system32\dofozeha.dll
c:\windows\system32\drivers\UACehtavxbk.sys
c:\windows\system32\dvetmi.dll
c:\windows\system32\ebinapew.ini
c:\windows\system32\ejeforav.ini
c:\windows\system32\enujumub.ini
c:\windows\system32\fajohiti.dll
c:\windows\system32\gilefede.dll
c:\windows\system32\govuyoni.dll
c:\windows\system32\hesuwopa.dll
c:\windows\system32\hinirole.dll
c:\windows\system32\holuyibi.dll
c:\windows\system32\hulutozu.dll
c:\windows\system32\ibiyuloh.ini
c:\windows\system32\ibujupop.ini
c:\windows\system32\idojofub.ini
c:\windows\system32\igpidj.dll
c:\windows\system32\ikayovub.ini
c:\windows\system32\ikevizur.ini
c:\windows\system32\iperajoz.ini
c:\windows\system32\ipoyiduw.ini
c:\windows\system32\ipozazil.ini
c:\windows\system32\irafasem.ini
c:\windows\system32\iretogid.ini
c:\windows\system32\itobumek.ini
c:\windows\system32\ivoyosor.ini
c:\windows\system32\iyizovur.ini
c:\windows\system32\izufefor.ini
c:\windows\system32\jevetedo.dll
c:\windows\system32\livulene.dll
c:\windows\system32\luhadipu.dll
c:\windows\system32\mitayide.dll
c:\windows\system32\nadusajo.dll
c:\windows\system32\odewohis.ini
c:\windows\system32\ofujufip.ini
c:\windows\system32\ojevuyol.ini
c:\windows\system32\ojimitov.ini
c:\windows\system32\ojutihid.ini
c:\windows\system32\omusehal.ini
c:\windows\system32\opisiduz.ini
c:\windows\system32\opoweyij.ini
c:\windows\system32\opufusom.ini
c:\windows\system32\owazihut.ini
c:\windows\system32\owojusiv.ini
c:\windows\system32\sozivado.dll
c:\windows\system32\UACdrirjoym.log
c:\windows\system32\UACduyxetla.dll
c:\windows\system32\UACgkvxfmhm.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmrqoemnt.dll
c:\windows\system32\UACpjfqbwqw.dll
c:\windows\system32\UACswwujxva.dat
c:\windows\system32\UACuwkbeskr.log
c:\windows\system32\UACwxilrdpy.log
c:\windows\system32\UACylksrqrp.dll
c:\windows\system32\ufemenan.ini
c:\windows\system32\uhoyifev.ini
c:\windows\system32\ujejizib.ini
c:\windows\system32\upidahul.ini
c:\windows\system32\uremehew.ini
c:\windows\system32\utimeyul.ini
c:\windows\system32\uwozuwas.ini
c:\windows\system32\uyosilir.ini
c:\windows\system32\uzijodan.ini
c:\windows\system32\vahuyayu.dll
c:\windows\system32\varofeje.dll
c:\windows\system32\wupinade.dll
c:\windows\system32\yoyorena.dll
c:\windows\system32\zasiyugi.dll
c:\windows\system32\zudisipo.dll
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_botdrv
-------\Service_botdrv


((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-01 17:55 . 2009-04-01 17:55 462 --a------ c:\windows\ufebehamicunojag.dll
2009-04-01 17:53 . 6,656 c:\windows\system32\drivers\restore.sys
2009-04-01 17:22 . 2009-04-01 17:55 878,112 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-04-01 17:22 . 2009-04-01 17:51 188,448 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-04-01 17:22 . 2009-04-01 17:51 7,912 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-04-01 17:22 . 2009-04-01 17:51 1,724 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-04-01 14:30 . 2009-04-01 14:30 <DIR> d-------- c:\program files\Alwil Software
2009-04-01 13:54 . 2009-04-01 13:54 1,263 --a------ c:\windows\system32\%LocalXml%
2009-04-01 13:04 . 2009-04-01 13:52 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-04-01 13:04 . 2009-04-01 13:52 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-04-01 13:03 . 2009-04-01 13:03 <DIR> d-------- c:\program files\Kaspersky Lab
2009-04-01 13:03 . 2009-04-01 17:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-01 12:04 . 2009-04-01 11:39 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2009-04-01 11:43 . 2009-04-01 11:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-01 11:38 . 2009-04-01 11:38 64 --a------ c:\windows\wininit.ini
2009-04-01 09:58 . 2009-04-01 09:58 <DIR> d-------- C:\4c1727e96774f6efe758776af2
2009-04-01 09:51 . 2009-04-01 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 09:50 . 2009-04-01 09:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-31 13:08 . 2009-03-31 13:08 <DIR> d-------- c:\program files\AVG
2009-03-31 13:08 . 2009-04-01 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-31 12:53 . 2009-03-31 12:53 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 12:20 . 2009-03-29 12:20 45,056 --a------ C:\dmsiacq.exe
2009-03-29 12:20 . 2009-03-29 12:20 2 --a------ C:\-2080303660
2009-03-28 22:27 . 2009-03-28 22:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\iWin
2009-03-28 22:26 . 2009-03-28 22:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-27 00:20 . 2009-03-27 00:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games
2009-03-19 23:37 . 2004-08-04 12:00 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-19 23:37 . 2004-08-04 12:00 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-03-19 23:37 . 2004-08-04 12:00 68,608 --a------ c:\windows\system32\plugin.ocx
2009-03-19 23:37 . 2004-08-04 12:00 68,608 --a------ c:\windows\system32\dllcache\plugin.ocx
2009-03-19 17:35 . 2009-03-19 17:35 <DIR> d-------- c:\program files\Onlinebandit
2009-03-19 07:28 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-19 07:28 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-19 07:28 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-18 09:43 . 2009-03-18 09:43 7,502 ---hs---- c:\windows\system32\fivuriji.dll
2009-03-18 09:43 . 2009-03-18 09:43 7,502 ---hs---- c:\windows\system32\bovehiye.dll
2009-03-18 09:43 . 2009-03-18 09:43 2,713 ---hs---- c:\windows\system32\nofiteza.dll
2009-03-16 09:51 . 2009-03-16 09:51 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-03-16 09:43 . 2009-03-16 09:43 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-05 22:46 . 2009-03-05 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-03-05 15:51 . 2009-03-05 15:51 <DIR> d--hs---- c:\documents and settings\Owner\IECompatCache
2009-03-05 15:49 . 2009-03-05 15:49 <DIR> d--hs---- c:\documents and settings\Owner\IETldCache
2009-03-05 15:10 . 2009-01-10 22:00 79,360 --a--c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-02 15:57 . 2009-03-02 15:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\Yahoo!
2009-03-02 15:56 . 2009-03-05 14:36 <DIR> d-------- c:\program files\Yahoo!
2009-03-02 15:56 . 2009-03-02 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-02 12:22 . 2009-03-02 12:22 <DIR> d-------- C:\Installation Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 23:49 --------- d-----w c:\program files\Ares
2009-04-01 20:52 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-29 19:31 213,376 -c--a-w c:\windows\system32\drivers\ndis.sys
2009-03-26 02:50 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-03-21 18:36 --------- d-----w c:\program files\Common Files\AOL
2009-03-20 00:01 --------- d-----w c:\program files\Common Files\Apple
2009-03-06 04:12 --------- d-----w c:\documents and settings\Owner\Application Data\HPAppData
2009-03-05 21:35 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-02 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 02:12 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-15 18:07 --------- d-----w c:\program files\Google
1601-01-01 00:12 462 -csha-w c:\windows\system32\yayosiyi.dll
.

------- Sigcheck -------

2009-03-29 12:31 213376 3d748d850b1c17c357c54bbfd4835f27 c:\windows\system32\dllcache\ndis.sys
2009-03-29 12:31 213376 3d748d850b1c17c357c54bbfd4835f27 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b96ce8d5-6485-58be-3024-7aa6f4f37ab3}]
2007-03-08 08:36 155136 --a------ c:\windows\ihozawufilelufi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ovejux"="c:\windows\ihozawufilelufi.dll" [2007-03-08 155136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-01 206088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli pbumsv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
backup=c:\windows\pss\run_startmenu.cmdCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-07 12:07 496752 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 17:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-02-20 15:22 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ovejux]
--a------ 2007-03-08 08:36 155136 c:\windows\ihozawufilelufi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 13:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-03-09 08:00 966656 c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 16:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-17 19:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--a------ 2003-09-19 10:09 36864 c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-09 12:17 67584 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-08-13 11:48 49152 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2004-08-13 11:48 143360 c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Onlinebandit\\Start.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-01 20560]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S1 41abdc71;41abdc71;c:\windows\system32\drivers\41abdc71.sys --> c:\windows\system32\drivers\41abdc71.sys [?]
S2 csiscanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

BHO-{C2BA40A2-74F3-42BD-F434-2604812C8954} - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\govuyoni.dll
MSConfigStartUp-8401157b - c:\windows\system32\digoteri.dll
MSConfigStartUp-8DB7E0B9F2BA2D7B2FBDBD577B617007 - c:\program files\A360\av360.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-avg8_tray - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Cleanup - c:\docume~1\Owner\LOCALS~1\Temp\200811685836_mcappins.exe
MSConfigStartUp-CPM873226e7 - c:\windows\system32\govuyoni.dll
MSConfigStartUp-diagnostic manager - c:\docume~1\Owner\LOCALS~1\Temp\2212577726.exe
MSConfigStartUp-falitekiti - c:\windows\system32\yimazitu.dll
MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msci - c:\docume~1\Owner\LOCALS~1\Temp\200811685836_mcinfo.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-reader_s - c:\windows\System32\reader_s.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 17:55:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(916)
c:\windows\pbumsv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\Temp\BN2.tmp
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2009-04-01 17:58:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 00:58:28

Pre-Run: 43,962,179,584 bytes free
Post-Run: 44,002,435,072 bytes free

354 --- E O F --- 2009-03-06 13:11:09



Hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:42 PM, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {b96ce8d5-6485-58be-3024-7aa6f4f37ab3} - C:\windows\ihozawufilelufi.dll
O4 - HKLM\..\Run: [Ovejux] rundll32.exe "C:\windows\ihozawufilelufi.dll",e
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\windows\
O23 - Service: CSIScanner (csiscanner) - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 4244 bytes
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm

Re: Slow PC, Please help!

Unread postby dan12 » April 1st, 2009, 8:19 pm

I'm seeing a lot of antivirus applications! can you confirm your current antivirus is kaspersky and your firewall also?
If so can you remove

Start > Run, type appwiz.cpl and click OK.

Uninstall the following:

Avast4

Now close Control Panel.


Please note, these tools will remove all applications belonging to the relevant company.

Remove Norton

Please click HERE and follow the instructions to download and run the norton removal tool

I'm still a bit to do on your returned combofix report.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Slow PC, Please help!

Unread postby dan12 » April 1st, 2009, 8:23 pm

You may want to add avg8 to the removal list also :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Slow PC, Please help!

Unread postby Justagirl » April 1st, 2009, 8:47 pm

Yes, I'm sticking with kaspersky. I downloaded AVG & Avast within the last few days hoping to 'fix' my problem.

I deleted both and hopefully any remnants they left behind.

I am having problems deleting Norton via the link you provided. The Norton I had came with my emachines and I have no clue of the version or the product key. Is there any other way?

Im attaching another log just in case, since I deleted the other antivirus'.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:03 PM, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {b96ce8d5-6485-58be-3024-7aa6f4f37ab3} - C:\windows\ihozawufilelufi.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Ovejux] rundll32.exe "C:\windows\ihozawufilelufi.dll",e
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\windows\
O23 - Service: CSIScanner (csiscanner) - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 3448 bytes
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm

Re: Slow PC, Please help!

Unread postby dan12 » April 1st, 2009, 8:51 pm

Windows Installer Cleanup Utility

Download the Windows Installer Cleanup Utility and save it to your Desktop.

Double-click msicuu2.exe to install the utility.

Next, Click 'Start', click 'All Programs' (or 'Programs' on some operating systems), and then click the shortcut for the
Windows Installer Clean Up Utility to open the utility

Once the program is open select:

Symantec

Now click Remove, then click OK

Reboot your computer.

I will catch you in the morning for your next post :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Slow PC, Please help!

Unread postby Justagirl » April 1st, 2009, 9:00 pm

Okay, Im going to follow your last instruction later tonight, but I just thought I should mention: As I was navigating around the site, I got an error covering most of my browser (It looked ligitimate with the WOW logo [my isp] )saying: SPAM ALERT: Your PC(s) may be infected with a computer virus that sends out large amounts of spam. As such, your outbound email service has been temporarily suspended. Please click below for more details.
I've never seen anything like this before.. should I be concerned?
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm

Re: Slow PC, Please help!

Unread postby Justagirl » April 1st, 2009, 11:29 pm

I follwed your steps on dowloading/installing the Cleanup Utility but Symantec wasn't on the list. I couldn't find anything even remotely pertaining to Norton on there..
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm

Re: Slow PC, Please help!

Unread postby dan12 » April 2nd, 2009, 4:36 am

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

--------------------------


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

---------------------------------


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
c:\windows\system32\drivers\restore.sys

Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\-2080303660

If Jotti is too busy please try Virustotal

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
c:\windows\system32\fivuriji.dll
c:\windows\system32\bovehiye.dll
c:\windows\system32\nofiteza.dll
c:\windows\system32\yayosiyi.dll
c:\windows\ufebehamicunojag.dll
c:\windows\ihozawufilelufi.dll
c:\windows\system32\drivers\41abdc71.sys 
c:\windows\system32\drivers\pxscan.sys 
c:\program files\Prevx\prevx.exe 
c:\windows\Temp\BN2.tmp
Folder::
c:\program files\Ares
c:\documents and settings\Owner\Application Data\LimeWire
c:\program files\Common Files\Symantec Shared
c:\program files\AVG
c:\documents and settings\All Users\Application Data\avg8
FCopy::
c:\windows\system32\dllcache\ndis.sys | c:\windows\system32\drivers\ndis.sys
DirLook::
C:\4c1727e96774f6efe758776af2
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b96ce8d5-6485-58be-3024-7aa6f4f37ab3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ovejux"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ovejux]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Driver::
aswSP
aswFsBlk
pxscan
41abdc71
    


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Update malwarebytes and do a full scan please.

Post logs when carried out
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Slow PC, Please help!

Unread postby Justagirl » April 2nd, 2009, 11:32 am

(1).Completed ATF Cleaner.
-----
(2). Scan results from SystemLook:

SystemLook v1.0 by jpshortstuff (02.03.09)
Log created at 09:01 on 02/04/2009 by Owner (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"auditbaseobjects"= 0x00000000 (0)
"Authentication Packages"="msv1_0"
"Bounds"=00 30 00 00 00 20 00 00 (REG_BINARY)
"crashonauditfail"= 0x00000000 (0)
"disabledomaincreds"= 0x00000000 (0)
"enabledcom"="y"
"everyoneincludesanonymous"= 0x00000000 (0)
"fipsalgorithmpolicy"= 0x00000000 (0)
"forceguest"= 0x00000001 (1)
"fullprivilegeauditing"=00 (REG_BINARY)
"ImpersonatePrivilegeUpgradeToolHasRun"= 0x00000001 (1)
"limitblankpassworduse"= 0x00000001 (1)
"lmcompatibilitylevel"= 0x00000000 (0)
"LsaPid"= 0x00000388 (904)
"nodefaultadminowner"= 0x00000001 (1)
"nolmhash"= 0x00000000 (0)
"Notification Packages"="scecli pbumsv.dll"
"restrictanonymous"= 0x00000000 (0)
"restrictanonymoussam"= 0x00000001 (1)
"SecureBoot"= 0x00000001 (1)
"Security Packages"="kerberos msv1_0 schannel wdigest"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]


-=End Of File=-
------------------------------------------

(3). Jotti results for c:\windows\system32\drivers\restore.sys:
Error:
c:\windows\system32\drivers\restore.sys specified one or more files that could not be found.

(4). Jotti results for C:\-2080303660:

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


--------------------------------

(5). C:\ComboFix.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Sidenote: Tried recovering and got an error: C:\Boot.ini is not currently formatted.

FILE ::
c:\program files\Prevx\prevx.exe
c:\windows\ihozawufilelufi.dll
c:\windows\system32\bovehiye.dll
c:\windows\system32\drivers\41abdc71.sys
c:\windows\system32\drivers\pxscan.sys
c:\windows\system32\fivuriji.dll
c:\windows\system32\nofiteza.dll
c:\windows\system32\yayosiyi.dll
c:\windows\Temp\BN2.tmp
c:\windows\ufebehamicunojag.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Application Data\LimeWire\active.mojito
c:\documents and settings\Owner\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Owner\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Owner\Application Data\LimeWire\downloads.dat
c:\documents and settings\Owner\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Owner\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Owner\Application Data\LimeWire\filters.props
c:\documents and settings\Owner\Application Data\LimeWire\gnutella.net
c:\documents and settings\Owner\Application Data\LimeWire\installation.props
c:\documents and settings\Owner\Application Data\LimeWire\library.dat
c:\documents and settings\Owner\Application Data\LimeWire\limewire.props
c:\documents and settings\Owner\Application Data\LimeWire\mojito.props
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Owner\Application Data\LimeWire\questions.props
c:\documents and settings\Owner\Application Data\LimeWire\responses.cache
c:\documents and settings\Owner\Application Data\LimeWire\simpp.xml
c:\documents and settings\Owner\Application Data\LimeWire\spam.dat
c:\documents and settings\Owner\Application Data\LimeWire\tables.props
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Owner\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Owner\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Owner\Application Data\LimeWire\version.xml
c:\documents and settings\Owner\Application Data\LimeWire\versions.props
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\audio.sxml2
c:\program files\Ares
c:\program files\Ares\Shared\(boys with girlfriends)_meiko - similar to shep sheppard & mariah carey.wma
c:\program files\Ares\Shared\___ARESTRA___usher ft young jeezy - make love in this club(2).mp3
c:\program files\Ares\Shared\_mike jones - who is mike jones - back then (dirty)(2).mp3
c:\program files\Ares\Shared\_mike jones - who is mike jones - back then (dirty).mp3
c:\program files\Ares\Shared\01-king back.mp3
c:\program files\Ares\Shared\01-livin-my-life.mp3
c:\program files\Ares\Shared\01-pretty_ricky_and_white_dawg-grind_on_me_(dirty_remix)-drx.mp3
c:\program files\Ares\Shared\01-shawty_lo-dope_boy_money.mp3
c:\program files\Ares\Shared\01-yo_gotti-thats_whats_up_(intro)(6).mp3
c:\program files\Ares\Shared\01-young buck - push em back-rgf.mp3
c:\program files\Ares\Shared\01 'im da man' (remix)111.mp3
c:\program files\Ares\Shared\01 king back.mp3
c:\program files\Ares\Shared\01 la la land.mp3
c:\program files\Ares\Shared\01 tremble for my beloved(2).mp3
c:\program files\Ares\Shared\01 wait.mp3
c:\program files\Ares\Shared\01_decode.mp3
c:\program files\Ares\Shared\02- walking on air.mp3
c:\program files\Ares\Shared\02-birdman_and_lil_wayne-brown_paper_bag_(ft _swizz_beatz)(2).mp3
c:\program files\Ares\Shared\02-family_force_5-get_your_back_off_the_wall(2).mp3
c:\program files\Ares\Shared\02-gucci mane-make the trap (ayyy) ft oj da juiceman-rgf(2).mp3
c:\program files\Ares\Shared\02-lil_wayne_hawaii_5 0[1].mp3
c:\program files\Ares\Shared\02-paul_wall_ft_big_pokey-sittin_sideways_(dirty)-crn.mp3
c:\program files\Ares\Shared\02-spitalfield-the_only_thing_that_matters.mp3
c:\program files\Ares\Shared\02-t i -hurt_remix__ft_young_jeezy_-an187.mp3
c:\program files\Ares\Shared\02-thrice-lockdown.mp3
c:\program files\Ares\Shared\02-ti_feat_young_jeezy_young_dro_bg_-top_back_(remix)_(dirty).mp3
c:\program files\Ares\Shared\02-two_weeks-qtxmp3(2).mp3
c:\program files\Ares\Shared\02 brenda's got a baby.mp3
c:\program files\Ares\Shared\02 electroshock.mp3
c:\program files\Ares\Shared\02 pink - sober(2).mp3
c:\program files\Ares\Shared\02 satellite(2)(2).mp3
c:\program files\Ares\Shared\02 turn my swag on (2oo8).mp3
c:\program files\Ares\Shared\03-leave out all the rest(2).mp3
c:\program files\Ares\Shared\03 - ludo - please.mp3
c:\program files\Ares\Shared\03 geek in the pink(2)287.mp3
c:\program files\Ares\Shared\03 lil wayne feat jay z - hello broo.mp3
c:\program files\Ares\Shared\03 lil wayne feat jay z - hello brooklyn 3 0 rmx.mp3
c:\program files\Ares\Shared\03 maybe misery(3).mp3
c:\program files\Ares\Shared\03 maybe misery.mp3
c:\program files\Ares\Shared\03 raw.mp3
c:\program files\Ares\Shared\03 take you down99.mp3
c:\program files\Ares\Shared\03 teardrops on my guitar(2).mp3
c:\program files\Ares\Shared\04-hello brooklyn 2 0 [explicit](3).mp3
c:\program files\Ares\Shared\04-katy_perry-thinking_of_you.mp3
c:\program files\Ares\Shared\04-lil-wanye-something-you-forgot-carter-3(2).mp3
c:\program files\Ares\Shared\04-lil_wanye-something_you_forgot_(carter_3)-c4.mp3
c:\program files\Ares\Shared\04-ne-yo-mad(2)(2).mp3
c:\program files\Ares\Shared\04-nonpoint-alive_and_kicking.mp3
c:\program files\Ares\Shared\04-plies-on_my_dick_(prod _by_goldrush).mp3
c:\program files\Ares\Shared\04 my beautiful rescue140.mp3
c:\program files\Ares\Shared\04 outta my system (feat t-pain(2)(2).mp3
c:\program files\Ares\Shared\05-3oh3-im_not_your_boyfriend_baby.mp3
c:\program files\Ares\Shared\05-ludacris_-_call_up_the_homies_(co-starring_the_game_and_willy_northpole)-ysp.mp3
c:\program files\Ares\Shared\05-silverstein-discovering_the_waterfront-fnt.mp3
c:\program files\Ares\Shared\05-the_game-lord_hold_my_hand-whoa.mp3
c:\program files\Ares\Shared\05-yo_gotti-u_a_gangsta_rite.mp3
c:\program files\Ares\Shared\05 - good life.mp3
c:\program files\Ares\Shared\05 - on the real.mp3
c:\program files\Ares\Shared\05 good life (ft t-pain).mp3
c:\program files\Ares\Shared\05 my blue heaven.mp3
c:\program files\Ares\Shared\05 pure cocaine feat gucci mane & young cash.mp3
c:\program files\Ares\Shared\05 spotlight (twilight mix).mp3
c:\program files\Ares\Shared\06-3oh3-i_cant_do_it_alone.mp3
c:\program files\Ares\Shared\06-a_heartwell_ending-memory.mp3
c:\program files\Ares\Shared\06-dj_drama_ft _t i _yung_joc_willie_young_jeezy_twista_diddy_nelly-5000_ones(2).mp3
c:\program files\Ares\Shared\06-yo_gotti-product_of_the_streets.mp3
c:\program files\Ares\Shared\06-young buck ft lyfe - buck the world-rgf.mp3
c:\program files\Ares\Shared\06 - hit the floor.mp3
c:\program files\Ares\Shared\06 - three days grace - riot(2).mp3
c:\program files\Ares\Shared\06 phone home (produced by david ban(3)(2).mp3
c:\program files\Ares\Shared\06 phone home (produced by david ban.mp3
c:\program files\Ares\Shared\060 - t-pain ft ludacris - chopped 'n' skrewed [torrent tatty] (?omba)184.mp3
c:\program files\Ares\Shared\07-t i-hurt_(feat _alfamega_and_busta_rhymes).mp3
c:\program files\Ares\Shared\07-young_jeezy_and_slick_pulla-duffle_bag_boy_(remix).mp3
c:\program files\Ares\Shared\07 lil wayne - milli.mp3
c:\program files\Ares\Shared\07 on the rea (ft screwball and cormega) (original demo version clean).mp3
c:\program files\Ares\Shared\08-shawty lo-cut the check (feat lil' mark & braski)-rgf.mp3
c:\program files\Ares\Shared\08-theory_of_a_deadman-bad_girlfriend.mp3
c:\program files\Ares\Shared\08-yo_gotti-product_of_the_streets(2).mp3
c:\program files\Ares\Shared\08-young jeezy-who dat.mp3
c:\program files\Ares\Shared\08 if you can afford me(3).mp3
c:\program files\Ares\Shared\08 jon young & j cash - cant make you love me(2).mp3
c:\program files\Ares\Shared\08 room 409.mp3
c:\program files\Ares\Shared\09-do-my-thing-ft-juelz-santana.mp3
c:\program files\Ares\Shared\09-lil_wayne-when_they_come_for_me-hhf.mp3
c:\program files\Ares\Shared\09-owl_city-dear_vienna.mp3
c:\program files\Ares\Shared\09 go-getter greg(3).mp3
c:\program files\Ares\Shared\09 if i fall.mp3
c:\program files\Ares\Shared\09_keke-palmer_so-uncool_bottoms-up.mp3
c:\program files\Ares\Shared\1-03 shake it (lenny b remix - radio.mp3
c:\program files\Ares\Shared\10-alter_bridge-watch_over_you.mp3
c:\program files\Ares\Shared\10 cyclone.wma
c:\program files\Ares\Shared\10 gucci mane - pussy haterz you.mp3
c:\program files\Ares\Shared\10 never think.mp3
c:\program files\Ares\Shared\10__dope_boy_money_-_hotnewhiphop com.mp3
c:\program files\Ares\Shared\11-gucci_mane-shopping_spree.mp3
c:\program files\Ares\Shared\11-t i-we_do_this.mp3
c:\program files\Ares\Shared\11 hornz.mp3
c:\program files\Ares\Shared\112-gucci_mane-swing_my_door.mp3
c:\program files\Ares\Shared\12-gucci_mane-spanish_plug(2).mp3
c:\program files\Ares\Shared\12-gucci_mane-spanish_plug.mp3
c:\program files\Ares\Shared\12-lil-wanye-im-a-beast-carter-3(2).mp3
c:\program files\Ares\Shared\12 - flightless bird, american mouth(2).mp3
c:\program files\Ares\Shared\12 dipset 2(2).mp3
c:\program files\Ares\Shared\13 back in time.wma
c:\program files\Ares\Shared\13 sex- money- murder gucci mane- young snead- magic- maceo street certified rap & hip-hop 192kbps.mp3
c:\program files\Ares\Shared\13_-_rick_ross_ft_lil_wayne,_young_jeezy_and_trick_daddy_-_luxury_tax_(dirty).mp3
c:\program files\Ares\Shared\15-lil-wayne--rawti-dissnew(2)(2).mp3
c:\program files\Ares\Shared\15-lil wayne-whoever you like feat jae millz & gudda gudda-mf.mp3
c:\program files\Ares\Shared\15 - ice-t - colors.mp3
c:\program files\Ares\Shared\15 whoever you like feat jae millz.mp3
c:\program files\Ares\Shared\16 t i - dead and gone [ft justin timberlake].mp3
c:\program files\Ares\Shared\16_gucci_man_-_freaky_gurl$kotbay93$.mp3
c:\program files\Ares\Shared\18-gucci_mane_and_shawty_lo-money_in_the_attic.mp3
c:\program files\Ares\Shared\19-lil_wayne-luxury_tax-jl.mp3
c:\program files\Ares\Shared\19 lil wayne - hawaii 5 0(2).mp3
c:\program files\Ares\Shared\19 lil wayne - hawaii 5 0.mp3
c:\program files\Ares\Shared\2 pac - tupac shakur - untill the end of time.mp3
c:\program files\Ares\Shared\2 pistols ft t-pain - she got it.mp3
c:\program files\Ares\Shared\20-gucci_mane_and_shawty_lo_(d4l)-trap_money(2).mp3
c:\program files\Ares\Shared\20 beauty in the breakdown.mp3
c:\program files\Ares\Shared\20 christian falk feat robyn - dream on.mp3
c:\program files\Ares\Shared\20 smackdown vs raw - survivor.mp3
c:\program files\Ares\Shared\21 ti - collect call372.mp3
c:\program files\Ares\Shared\24-lil_wayne-colors_(feat _sean_kingston_and_kardinal_offishall)_(benzi_refix).mp3
c:\program files\Ares\Shared\27-lil_wayne_and_juelz_santana-im_gettin_money_(dipset_street_classic).mp3
c:\program files\Ares\Shared\2pac- brendas got a baby.mp3
c:\program files\Ares\Shared\2pac - tupac - changes.mp3
c:\program files\Ares\Shared\2pac ft biggie - tupac ressurection - runnin.mp3
c:\program files\Ares\Shared\3oh!3 - 02 - punkbtch.mp3
c:\program files\Ares\Shared\3oh!3 - 08 - richman.mp3
c:\program files\Ares\Shared\3oh!3 - 10 - still around.mp3
c:\program files\Ares\Shared\3oh3 - chokechain.mp3
c:\program files\Ares\Shared\3oh3 - holla til you pass out.mp3
c:\program files\Ares\Shared\6 - 3oh!3 - don't dance.mp3
c:\program files\Ares\Shared\ace troubleshooter - it's never enough - 03 - jasmine.mp3
c:\program files\Ares\Shared\adobe photoshop 7 full install with serial.exe
c:\program files\Ares\Shared\against me! - thrash unreal.mp3
c:\program files\Ares\Shared\AlbumArt_{00000000-0000-0000-0000-000000000000}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{00000000-0000-0000-0000-000000000000}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{029DA769-BE2B-47CF-ADCE-DE1772C91E2A}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{029DA769-BE2B-47CF-ADCE-DE1772C91E2A}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{06D7881A-0021-42AB-BB1B-3B5B50628C46}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{06D7881A-0021-42AB-BB1B-3B5B50628C46}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{0B7E9382-C3E3-46A2-B289-279D50BC1B88}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{0B7E9382-C3E3-46A2-B289-279D50BC1B88}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{257097CE-5259-4D8F-84BF-F3304899111F}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{257097CE-5259-4D8F-84BF-F3304899111F}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{25A2BA22-6725-4169-BC95-8D4A840A0339}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{25A2BA22-6725-4169-BC95-8D4A840A0339}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{2907157F-62F0-47CB-BB20-7386C88EA914}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{2907157F-62F0-47CB-BB20-7386C88EA914}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{321DE4A1-DA8F-4480-BE9B-660614C4A8F0}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{321DE4A1-DA8F-4480-BE9B-660614C4A8F0}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{3AD1143B-AC67-47D1-8EF4-DCEA372E4230}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{3AD1143B-AC67-47D1-8EF4-DCEA372E4230}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{4191513D-66DA-4C96-BFE4-D7ECF8FBF2DD}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{4191513D-66DA-4C96-BFE4-D7ECF8FBF2DD}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{4BF560C8-BB02-4969-AD36-3B6617E35781}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{4BF560C8-BB02-4969-AD36-3B6617E35781}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{5434D10C-1A46-4529-BAAD-4A8C3DE4B176}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{5434D10C-1A46-4529-BAAD-4A8C3DE4B176}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{57B6F62E-D621-4CC8-A0C2-68B81F2DE98B}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{57B6F62E-D621-4CC8-A0C2-68B81F2DE98B}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{606D5119-6FFE-46B4-AED0-98D7635A7849}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{606D5119-6FFE-46B4-AED0-98D7635A7849}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{60A24846-846D-47DE-A59D-D6CC890C0B09}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{60A24846-846D-47DE-A59D-D6CC890C0B09}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{60E5823A-F58C-4C2F-A624-B4618F7A87FB}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{60E5823A-F58C-4C2F-A624-B4618F7A87FB}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{6269981C-DEE0-4F0D-9F0F-678A79C3BE21}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{6269981C-DEE0-4F0D-9F0F-678A79C3BE21}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{6CFD5199-3B9B-4C09-BE8E-8DAF3132986B}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{6CFD5199-3B9B-4C09-BE8E-8DAF3132986B}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{6D9A6F71-B883-4D07-9BF9-88502E600A4A}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{6D9A6F71-B883-4D07-9BF9-88502E600A4A}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{6DF65908-DD9A-4A15-BC54-D817B1BA0F7D}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{6DF65908-DD9A-4A15-BC54-D817B1BA0F7D}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{6E85F9D6-D754-414D-8400-28C1C26E9240}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{6E85F9D6-D754-414D-8400-28C1C26E9240}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{72B3CB06-B477-4068-AEFD-7EF60D362B01}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{72B3CB06-B477-4068-AEFD-7EF60D362B01}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{79989412-2EEA-4512-B384-30D27BB77ADA}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{79989412-2EEA-4512-B384-30D27BB77ADA}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{7C35043F-6B31-428D-AF93-51F767A43D24}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{7C35043F-6B31-428D-AF93-51F767A43D24}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{80BFE542-73EC-44B0-B835-65FAEE754056}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{80BFE542-73EC-44B0-B835-65FAEE754056}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{865B6B1F-BF6F-43E9-94C0-022B70E9409B}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{865B6B1F-BF6F-43E9-94C0-022B70E9409B}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{86BC265D-0BA2-4971-8B18-B2B8A6E1F98E}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{86BC265D-0BA2-4971-8B18-B2B8A6E1F98E}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{8AA646E2-7211-4F74-9EDF-DD3D5A4B56A5}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{8AA646E2-7211-4F74-9EDF-DD3D5A4B56A5}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{95DFC131-4F7B-42DD-BEB9-A75420A725D4}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{95DFC131-4F7B-42DD-BEB9-A75420A725D4}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{980A77D0-5D89-4CE3-B01C-67E8C6C2AA52}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{9DE8CBE4-B101-40A5-952F-5EFE1D1037DB}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{9DE8CBE4-B101-40A5-952F-5EFE1D1037DB}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{9E177111-9DB8-4311-A78A-609DC476A81C}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{9E177111-9DB8-4311-A78A-609DC476A81C}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{AB0BA877-AB87-454F-BBAB-003926B1D659}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{AB0BA877-AB87-454F-BBAB-003926B1D659}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{B13FCDEE-1539-4828-A342-FB788439F68A}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{B13FCDEE-1539-4828-A342-FB788439F68A}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{BB4F9F9C-CC42-4626-89C1-CE4C04936AF0}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{BB4F9F9C-CC42-4626-89C1-CE4C04936AF0}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{BB768CE7-07BD-48A2-930F-26F5D38676C1}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{BB768CE7-07BD-48A2-930F-26F5D38676C1}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{C4A9EAD8-72BE-4ACD-B3C5-1DE47DD8A74E}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{C4A9EAD8-72BE-4ACD-B3C5-1DE47DD8A74E}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{CE98889C-6B02-4433-8975-CA31492973E7}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{CE98889C-6B02-4433-8975-CA31492973E7}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{D295AAF0-5492-44F9-97BD-D6FAB92F5640}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{D295AAF0-5492-44F9-97BD-D6FAB92F5640}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{DE286044-0548-4CB6-A515-2EBF57748AE1}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{DE286044-0548-4CB6-A515-2EBF57748AE1}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{DF7E03E6-36C8-4109-8315-F01BE13E254A}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{DF7E03E6-36C8-4109-8315-F01BE13E254A}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{E990E753-F7F3-41EF-8B5F-F82F67D1FF46}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{E990E753-F7F3-41EF-8B5F-F82F67D1FF46}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{EA1D0A52-A771-4F4F-A793-8FD9012B4A90}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{EA1D0A52-A771-4F4F-A793-8FD9012B4A90}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{EBCA0D74-93B9-4D35-BE2D-11F6BA31FF8B}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{EBCA0D74-93B9-4D35-BE2D-11F6BA31FF8B}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{F13D81FB-CA95-4C65-BB73-BD453E10F6D0}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{F13D81FB-CA95-4C65-BB73-BD453E10F6D0}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{FA739A3E-E403-47FA-9EAA-2709453BD439}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{FA739A3E-E403-47FA-9EAA-2709453BD439}_Small.jpg
c:\program files\Ares\Shared\AlbumArt_{FF381102-9500-4736-B826-D09D15843E5E}_Large.jpg
c:\program files\Ares\Shared\AlbumArt_{FF381102-9500-4736-B826-D09D15843E5E}_Small.jpg
c:\program files\Ares\Shared\AlbumArtSmall.jpg
c:\program files\Ares\Shared\anberlin - feel good drag.mp3
c:\program files\Ares\Shared\ashida-always_the_friend.mp3
c:\program files\Ares\Shared\asteria - the taste the touch(2).mp3
c:\program files\Ares\Shared\baby bash feat t-pain- cyclone.mp3
c:\program files\Ares\Shared\beyonce - if i were a boy(3)(3).mp3
c:\program files\Ares\Shared\beyonce - single ladies (put a ring on it)(2).mp3
c:\program files\Ares\Shared\big pun, tupac & notorious b i g - it's not a game(2).mp3
c:\program files\Ares\Shared\biggie smalls and tupac - pac - house of pain unreleased.mp3
c:\program files\Ares\Shared\birthday sex(2)(2).mp3
c:\program files\Ares\Shared\birthday sex(4).mp3
c:\program files\Ares\Shared\birthday sex.mp3
c:\program files\Ares\Shared\blue foundation - eyes on fire.mp3
c:\program files\Ares\Shared\bone thugs and harmony & tupac - thug love.mp3
c:\program files\Ares\Shared\bow wow ft johnta austin - you can get it all89.mp3
c:\program files\Ares\Shared\bow_wow_ft _jermaine_dupri_-_roc_the_mic_(dirty)_im1.mp3
c:\program files\Ares\Shared\boys like girls - thunder (acoustic)(2)(2).mp3
c:\program files\Ares\Shared\brad paisley - mud on the tires - whiskey lullaby.mp3
c:\program files\Ares\Shared\brutha - she's gone (noshout)447249.mp3
c:\program files\Ares\Shared\burn_halo_-_save_me.mp3
c:\program files\Ares\Shared\carrie underwood - some hearts - before he cheats(2).mp3
c:\program files\Ares\Shared\carter burwell - bella lullaby.mp3
c:\program files\Ares\Shared\chris brown - kiss kiss.mp3
c:\program files\Ares\Shared\chris_brown-04-with_you-cr.mp3
c:\program files\Ares\Shared\coheed and cambria - in keeping secrets (advance pr - a favor house atlantic.mp3
c:\program files\Ares\Shared\coolio - gangsta's paradise(3).mp3
c:\program files\Ares\Shared\copy of crossfade - cold.mp3
c:\program files\Ares\Shared\daft punk - human after all - technologic.mp3
c:\program files\Ares\Shared\dark new day - pieces(2).mp3
c:\program files\Ares\Shared\david banner & lil flip - real thugs get down on the floor.mp3
c:\program files\Ares\Shared\davidbanner-shawtysay-dirty mp3.mp3
c:\program files\Ares\Shared\desktop.ini
c:\program files\Ares\Shared\doinmythan.mp3
c:\program files\Ares\Shared\dre ft chris brown - erased.mp3
c:\program files\Ares\Shared\egypt central - taking you down(2).mp3
c:\program files\Ares\Shared\eiffel 65 - blue (da ba dee)(1).mp3
c:\program files\Ares\Shared\evanecense - bring me to life.mp3
c:\program files\Ares\Shared\evanescence & linkin park-wake me up inside.mp3
c:\program files\Ares\Shared\evanescense & linkin park - wake me up inside.mp3
c:\program files\Ares\Shared\family force 5-i love you to death.mp3
c:\program files\Ares\Shared\family force 5 - puturhands.mp3
c:\program files\Ares\Shared\family force 5 - wake the dead.mp3
c:\program files\Ares\Shared\fastball - she's so high above me.mp3
c:\program files\Ares\Shared\fer sure(2)(2).mp3
c:\program files\Ares\Shared\fever214.mp3
c:\program files\Ares\Shared\floyd mayweather - yep(2)(2).mp3
c:\program files\Ares\Shared\floyd money mayweather - yep(2)(2).mp3
c:\program files\Ares\Shared\flyleaf - im so sick.mp3
c:\program files\Ares\Shared\framing hanley - lollipop - lollipop.mp3
c:\program files\Ares\Shared\freekey_zekey_ft _lil_wayne__jha_jha_-_beat_without_bass(3).mp3
c:\program files\Ares\Shared\freekey_zekey_ft _lil_wayne__jha_jha_-_beat_without_bass.mp3
c:\program files\Ares\Shared\full moon(2).mp3
c:\program files\Ares\Shared\full_19eb6a65af1469f56a7692f085547cbd.mp3
c:\program files\Ares\Shared\game feat ne-yo- camera phone ('08).mp3
c:\program files\Ares\Shared\garth brooks - shameless(2).mp3
c:\program files\Ares\Shared\garth brooks - the thunder rolls53.mp3
c:\program files\Ares\Shared\gary jules - donnie darko - mad world434.mp3
c:\program files\Ares\Shared\go all the way (into the twilight).mp3
c:\program files\Ares\Shared\goldfinger - tony hawk pro skater - superman163.mp3
c:\program files\Ares\Shared\good life.mp3
c:\program files\Ares\Shared\gorilla zoe feat lil wayne & jim jones - lost (remix) - hotnewhiphop com.mp3
c:\program files\Ares\Shared\grind on me (dirty).mp3
c:\program files\Ares\Shared\grind on me.mp3
c:\program files\Ares\Shared\gucci_mane - freaky_girl__clean.mp3
c:\program files\Ares\Shared\guilty pleasure.mp3
c:\program files\Ares\Shared\hawthorne heights - dissolve and decay.mp3
c:\program files\Ares\Shared\hawthorne heights - life on standby.mp3
c:\program files\Ares\Shared\hawthorne heights - nikki fm(2).mp3
c:\program files\Ares\Shared\inoj - let me love you down(2).mp3
c:\program files\Ares\Shared\jay-z - american gangster - 04 - hello brooklyn 2 0 (feat lil wayne).mp3
c:\program files\Ares\Shared\jay-z ft lil wayne-hello brooklyn.mp3
c:\program files\Ares\Shared\jay-z ft lil wayne - hello brooklyn 2 0.mp3
c:\program files\Ares\Shared\jeremih - birthday sex (r kelly demo).mp3
c:\program files\Ares\Shared\jeremy ashida - do you love her(1).mp3
c:\program files\Ares\Shared\jeremy ashida - may i fly.mp3
c:\program files\Ares\Shared\jeremy ashida - put it in your pocket.mp3
c:\program files\Ares\Shared\jeremy ashida - things never change(2).mp3
c:\program files\Ares\Shared\jeremy ashida - we like it hot.mp3
c:\program files\Ares\Shared\jeremy ashida three - stop and think.mp3
c:\program files\Ares\Shared\joe budden - come and take a walk with me140.mp3
c:\program files\Ares\Shared\joe budden - joe budden - walk with me.mp3
c:\program files\Ares\Shared\joe buddens - walk with me.mp3
c:\program files\Ares\Shared\johnny cash - hurt.mp3
c:\program files\Ares\Shared\johnny cash - ring of fire.mp3
c:\program files\Ares\Shared\johnny cash - super hits - i walk the line.mp3
c:\program files\Ares\Shared\jon young- just chill.mp3
c:\program files\Ares\Shared\jon young-dont wanna fight.mp3
c:\program files\Ares\Shared\jon young - ain't no playa.mp3
c:\program files\Ares\Shared\jon young - now they wanna ft j cash.mp3
c:\program files\Ares\Shared\jon young - with you(2).mp3
c:\program files\Ares\Shared\jon young - with you(4).mp3
c:\program files\Ares\Shared\jon young music ft shamrock - doin my thang remix176.mp3
c:\program files\Ares\Shared\katy perry - 10 - self inflicted.mp3
c:\program files\Ares\Shared\katy perry - fingerprints.mp3
c:\program files\Ares\Shared\katy perry - hot n cold.mp3
c:\program files\Ares\Shared\katy perry - i kissed a girl(2).mp3
c:\program files\Ares\Shared\katy perry - ur so gay(2)278.mp3
c:\program files\Ares\Shared\keke palmer - how will i know(1).mp3
c:\program files\Ares\Shared\kill hannah - lips like morphine(2)399.mp3
c:\program files\Ares\Shared\kleerup feat robyn - with every heartbeat(2).mp3
c:\program files\Ares\Shared\lil' wayne - dying138.mp3
c:\program files\Ares\Shared\lil wayne - duffle bag boy.mp3
c:\program files\Ares\Shared\lil wayne - the carter - man i miss my dog.mp3
c:\program files\Ares\Shared\lil wayne - top back(2).mp3
c:\program files\Ares\Shared\lil wayne feat juelz santana - always strapped(2).mp3
c:\program files\Ares\Shared\lil wayne feat juelz santana - always strapped.mp3
c:\program files\Ares\Shared\lil_wayne-06-phone_home_(produced_by_david_banner)-sp1200.mp3
c:\program files\Ares\Shared\lil_wayne_-_mrs _officer_(dirty).mp3
c:\program files\Ares\Shared\lil_wayne_drake_and_kid-kid-i_want_this_forever(2).mp3
c:\program files\Ares\Shared\lil_wayne_ft _kanye_west-lollipop_remix-www rapgodfathers com.mp3
c:\program files\Ares\Shared\linkin park - in the end.mp3
c:\program files\Ares\Shared\linkin park - meteora - faint.mp3
c:\program files\Ares\Shared\linkin park - one step closer(2).mp3
c:\program files\Ares\Shared\linkin park - with you.mp3
c:\program files\Ares\Shared\linking park - (linkin park)-a place for my head.mp3
c:\program files\Ares\Shared\live - lightning crashes.mp3
c:\program files\Ares\Shared\ludacris ft lil wayne - last of a dying breed [wegotitfirst com].mp3
c:\program files\Ares\Shared\ludacris ft the game - call up the homies.mp3
c:\program files\Ares\Shared\ludacris_ft _lil_wayne_-_last_of_a_dying_breed_(move_the_crowd)_urbanmusicblog net(2).mp3
c:\program files\Ares\Shared\ludacris_ft _lil_wayne_-_last_of_a_dying_breed_(move_the_crowd)_urbanmusicblog net(3).mp3
c:\program files\Ares\Shared\ludacris_ft _lil_wayne_-_last_of_a_dying_breed_(move_the_crowd)_urbanmusicblog net.mp3
c:\program files\Ares\Shared\ludacris_ft _lil_wayne_-_last_of_a_dying_breed_[wegotitfirst com].mp3
c:\program files\Ares\Shared\ludo-love_me_dead_exclusive_download.mp3
c:\program files\Ares\Shared\ludo - air conditioned love(2).mp3
c:\program files\Ares\Shared\ludo - kizomba.mp3
c:\program files\Ares\Shared\ludo - save our city.mp3
c:\program files\Ares\Shared\lyfe jennings- sex.mp3
c:\program files\Ares\Shared\madina lake - house of cards.mp3
c:\program files\Ares\Shared\make the world go around89.mp3
c:\program files\Ares\Shared\make_it_hot_bmf(2).mp3
c:\program files\Ares\Shared\maria mena - your the only one.mp3
c:\program files\Ares\Shared\michelle branch - goodbye to you(2).mp3
c:\program files\Ares\Shared\mike jones - back then (clean).mp3
c:\program files\Ares\Shared\mike tyson flow(2)(2).mp3
c:\program files\Ares\Shared\mike tyson flow(2).mp3
c:\program files\Ares\Shared\mike tyson flow.mp3
c:\program files\Ares\Shared\muse - black holes and revelations - supermassive black hole.mp3
c:\program files\Ares\Shared\ne-yo feat jamie foxx & fabolous-she got her own.mp3
c:\program files\Ares\Shared\ne-yo ft jamie foxx & fabolous - she got her own (miss independent remix)(2).mp3
c:\program files\Ares\Shared\ne-yo ft jamie foxx & fabolous - she got her own (miss independent remix).mp3
c:\program files\Ares\Shared\ne-yo ft jamie foxx & fabolous - she got her own.mp3
c:\program files\Ares\Shared\never see tomorrow - 1000 miles.mp3
c:\program files\Ares\Shared\neyo ft jamie foxx & fabolous - she got her own (miss independent remix)(2).mp3
c:\program files\Ares\Shared\nickelback - someday cds - someday.mp3
c:\program files\Ares\Shared\nine inch nails - the downward spiral - hurt.mp3
c:\program files\Ares\Shared\nora jones-diana krall & norah jones - turn me on.mp3
c:\program files\Ares\Shared\on deck www hiphopearly com.mp3
c:\program files\Ares\Shared\owl city - dear vienna.mp3
c:\program files\Ares\Shared\papa roach - getting away with murder-(prom - getting away with murder.mp3
c:\program files\Ares\Shared\papa roach - getting away with murder - not listening.mp3
c:\program files\Ares\Shared\papa roach - getting away with murder - scars.mp3
c:\program files\Ares\Shared\papa roach - to be loved (better quality)(3)(3).mp3
c:\program files\Ares\Shared\paper planes remix - mia ft lil wayne(2)(2).mp3
c:\program files\Ares\Shared\paramore_-_i_caught_myself__full_version_(2).mp3
c:\program files\Ares\Shared\pow[2].mp3
c:\program files\Ares\Shared\puddle of mud - blurry.mp3
c:\program files\Ares\Shared\puddle of muod -famous.mp3
c:\program files\Ares\Shared\r kelly playas only.mp3
c:\program files\Ares\Shared\ray_j_-_one_wish.mp3
c:\program files\Ares\Shared\rehab - the bartender.mp3
c:\program files\Ares\Shared\rick ross ft lil wayne & young jeezy- luxury tax.mp3
c:\program files\Ares\Shared\rihanna - a girl like me - unfaithful(2).mp3
c:\program files\Ares\Shared\robyn - handle me (voodoo and serano remix).mp3
c:\program files\Ares\Shared\robyn - handle me(2).mp3
c:\program files\Ares\Shared\ron_browz - jumping_out_the_window.mp3
c:\program files\Ares\Shared\roy jones jr presents - body head bangerz vol 1 - 24s (ft bun b & mike jones).mp3
c:\program files\Ares\Shared\senses fail - let it enfold you - the irony of dying on your birthday.mp3
c:\program files\Ares\Shared\senses fail - the irony of dying on your birthday.mp3
c:\program files\Ares\Shared\serj tankian - the unthinking majority353.mp3
c:\program files\Ares\Shared\shawty.mp3
c:\program files\Ares\Shared\shontelle - tshirt.mp3
c:\program files\Ares\Shared\shontelle+-+t-shirt(2).mp3
c:\program files\Ares\Shared\shot to the heart- rick ross ft lil wayne.mp3
c:\program files\Ares\Shared\snow patrol - chasing cars.mp3
c:\program files\Ares\Shared\soulja boy - soulja girl(2).mp3
c:\program files\Ares\Shared\soulja_boy_-_kiss_me_through_the_phone_(ft _sammie).mp3
c:\program files\Ares\Shared\soulja_boy_-_turn_my_swag_on_-_hotnewhiphop com.mp3
c:\program files\Ares\Shared\souljaboy5+yougotmailigot.mp3
c:\program files\Ares\Shared\south park mexicans (spm) - los marijuanos - marijuana.mp3
c:\program files\Ares\Shared\south park mexicans (spm) - low rider.mp3
c:\program files\Ares\Shared\south park mexicans (spm) - southside.mp3
c:\program files\Ares\Shared\spitalfield - remember right now - kill the drama.mp3
c:\program files\Ares\Shared\spitalfield - remember right now - those days you felt alive57.mp3
c:\program files\Ares\Shared\stay.mp3
c:\program files\Ares\Shared\story of the year - page avenue - anthem of our dying day.mp3
c:\program files\Ares\Shared\sublime - 40 oz to freedom - date rape.mp3
c:\program files\Ares\Shared\t-5065469-tu pac - run the streets.mp3
c:\program files\Ares\Shared\t-pain ft lil' wayne - can't believe it(5).mp3
c:\program files\Ares\Shared\t-pain_ft _lil_wayne-cant_believe_it-www thatoneotherblog blogspot com57.mp3
c:\program files\Ares\Shared\t i - big things poppin (clean).mp3
c:\program files\Ares\Shared\t i - tell em i said that.mp3
c:\program files\Ares\Shared\t i - the king - 01 - the king back.mp3
c:\program files\Ares\Shared\t i - ti lil flip beef - 99 problems freestyle (lil flip diss)(2)(2).mp3
c:\program files\Ares\Shared\t i - what you know about that(1).mp3
c:\program files\Ares\Shared\t i - what you know about that.mp3
c:\program files\Ares\Shared\t i feat juelz santana, jr writer and papoose - what you know about that remix.mp3
c:\program files\Ares\Shared\t i ft lil wayne papoose - what you know about that (remix)(2).mp3
c:\program files\Ares\Shared\takin it there ft trey songz(2).mp3
c:\program files\Ares\Shared\takin it there ft trey songz.mp3
c:\program files\Ares\Shared\taylor swift - love story(3).mp3
c:\program files\Ares\Shared\tha_joker_-_my_dougie_freestyle(2).mp3
c:\program files\Ares\Shared\the city is at war(2).mp3
c:\program files\Ares\Shared\the click five - jenny.mp3
c:\program files\Ares\Shared\the darkness - july 2002 playlouder singles club - i believe in a thing called love496.mp3
c:\program files\Ares\Shared\the distillers - beat your heart out.mp3
c:\program files\Ares\Shared\the friday night boys - give it up new.mp3
c:\program files\Ares\Shared\the game - big dreams (dirty).mp3
c:\program files\Ares\Shared\the game - big dreams.mp3
c:\program files\Ares\Shared\the game - nigga witta attitude - west side story (feat 50 cent).mp3
c:\program files\Ares\Shared\the game - the doctor's advocate 2006 - red bandana.mp3
c:\program files\Ares\Shared\the game - the doctors advocate - red bandana.mp3
c:\program files\Ares\Shared\the game - the documentary - 10 start from scratch.mp3
c:\program files\Ares\Shared\the game - the documentary - hate it or love it (feat 50 cen.mp3
c:\program files\Ares\Shared\the game - uknowwhatitis vol 3 - 300 bars and runnin full 18 mins.mp3
c:\program files\Ares\Shared\the game start my life from scratch.mp3
c:\program files\Ares\Shared\the jet set-just call me - the_beat_of_your_heart-scn.mp3
c:\program files\Ares\Shared\the killers - spaceman.mp3
c:\program files\Ares\Shared\the pink spiders - hot pink - modern swinger(2).mp3
c:\program files\Ares\Shared\the_friday_night_boys-high_school_acoustic(2).mp3
c:\program files\Ares\Shared\the_game_ft_ludacris_ya_heard__(prod_by_nottz).mp3
c:\program files\Ares\Shared\the_morning_light_-_honest.mp3
c:\program files\Ares\Shared\three days grace - animal i have become.mp3
c:\program files\Ares\Shared\thrice - all thats left.mp3
c:\program files\Ares\Shared\thrice - deadbolt.mp3
c:\program files\Ares\Shared\thrice - identity crisis (unmastered) - phoenix ignition.mp3
c:\program files\Ares\Shared\thrice - lullaby.mp3
c:\program files\Ares\Shared\thrice - pop goes punk - send me an angel.mp3
c:\program files\Ares\Shared\thrice - the artist in the ambulance - silhouette.mp3
c:\program files\Ares\Shared\thrice - the artist in the ambulance - stare at the sun.mp3
c:\program files\Ares\Shared\thrice 04 silhouette.mp3
c:\program files\Ares\Shared\ti ft rihanna - livin my life494.mp3
c:\program files\Ares\Shared\top back - freestyle.mp3
c:\program files\Ares\Shared\track 10.mp3
c:\program files\Ares\Shared\tupac - 2-pac - me and my girlfriend.mp3
c:\program files\Ares\Shared\tupac - 2pac greatest hits - dear mama.mp3
c:\program files\Ares\Shared\tupac - all eyes on me - run the streets.mp3
c:\program files\Ares\Shared\tupac & dr dre - tupac feat dr dre - california love.mp3
c:\program files\Ares\Shared\ufc 59 - tito ortiz vs forrest griffin.mpg
c:\program files\Ares\Shared\underworld - trainspotting (soundtrack) - born slippy325.mp3
c:\program files\Ares\Shared\usher - trading places(2).mp3
c:\program files\Ares\Shared\voices of theory - say it(2).mp3
c:\program files\Ares\Shared\wave out mix 2006-6-9 14-11-6(2)(2).mp3
c:\program files\Ares\Shared\why cry - the panic channel.mp3
c:\program files\Ares\Shared\wyclef_jean_ft_akon_lil_wayne_nia-sweetest_girl.mp3
c:\program files\Ares\Shared\young buck - bonafide hustler.mp3
c:\program files\Ares\Shared\young buck - get bucked(7).mp3
c:\program files\Ares\Shared\young buck - instrumentals - bonafide hustler (instrumental)(2)86.mp3
c:\program files\Ares\Shared\young buck ft 50cent-let me in.mp3
c:\program files\Ares\Shared\young buck, young jeezy, t i & jazzie pha - 4 kings.mp3
c:\program files\Ares\Shared\young cash ft[1] yo gotti, gucci mane - pure cocaine.mp3
c:\program files\Ares\Shared\young jeezy - the recession - 17 - get allot.mp3
c:\program files\Ares\Shared\young_buck_-_bonafide_hustler_ft _50_cent_and_tony_yayo-smo7.mp3
c:\program files\Ares\Shared\youtube - true jackson vp full theme song (with lyrics)(2)(4).mp3
c:\program files\Ares\Shared\yung la ft young dro t i-aint i remix(2).mp3
c:\program files\AVG
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-06-08-44-00-703.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-06-15-38-25-984.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-07-11-13-44-890.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-07-16-00-50-234.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-09-19-10-14-171.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-12-22-59-54-328.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-15-03-16-43-359.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-20-09-16-18-453.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-11-28-23-45-18-984.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-04-14-01-53-361.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-06-10-11-02-125.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-07-00-44-41-968.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-07-19-52-51-593.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-08-18-13-47-234.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-09-22-02-34-468.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-10-00-46-22-828.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-11-02-26-24-296.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-11-17-11-56-828.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-12-22-37-33-062.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-15-16-33-52-890.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-18-03-06-17-937.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-19-15-07-43-900.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-19-20-00-49-968.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-20-10-13-59-125.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-21-00-59-57-796.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-21-08-01-23-890.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-26-09-41-19-140.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2008-12-29-12-23-13-515.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-01-01-02-13-24-078.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-01-12-00-23-11-625.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-01-16-20-06-55-812.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-01-24-23-00-58-828.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-01-29-17-45-14-187.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-01-31-14-38-22-781.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-02-02-10-29-01-671.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-02-10-19-20-03-859.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-02-18-23-23-42-421.dmp
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2009-02-20-00-17-13-250.dmp
c:\windows\system32\bovehiye.dll
c:\windows\system32\fivuriji.dll
c:\windows\system32\nofiteza.dll
c:\windows\ufebehamicunojag.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\ndis.sys --> c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP
-------\Legacy_BOTDRV
-------\Legacy_pxscan
-------\Service_41abdc71
-------\Service_botdrv
-------\Service_pxscan


((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-01 23:02 . 2009-04-01 23:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-01 23:02 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 23:02 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-01 20:23 . 2009-04-01 20:23 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-04-01 20:04 . 2009-04-01 20:04 <DIR> d-------- c:\program files\Viewpoint
2009-04-01 20:04 . 2009-04-01 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-01 17:22 . 2009-04-02 09:38 1,100,320 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-04-01 17:22 . 2009-04-02 09:38 213,024 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-04-01 17:22 . 2009-04-02 09:38 9,676 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-04-01 17:22 . 2009-04-02 09:38 1,808 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-04-01 13:54 . 2009-04-01 13:54 1,263 --a------ c:\windows\system32\%LocalXml%
2009-04-01 13:04 . 2009-04-01 13:52 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-04-01 13:04 . 2009-04-01 13:52 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-04-01 13:03 . 2009-04-01 13:03 <DIR> d-------- c:\program files\Kaspersky Lab
2009-04-01 13:03 . 2009-04-02 09:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-01 12:04 . 2009-04-01 11:39 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2009-04-01 11:43 . 2009-04-01 11:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-01 11:38 . 2009-04-01 11:38 64 --a------ c:\windows\wininit.ini
2009-04-01 09:58 . 2009-04-01 09:58 <DIR> d-------- C:\4c1727e96774f6efe758776af2
2009-04-01 09:51 . 2009-04-01 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 09:50 . 2009-04-01 23:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-31 12:53 . 2009-03-31 12:53 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 12:20 . 2009-03-29 12:20 2 --a------ C:\-2080303660
2009-03-28 22:27 . 2009-03-28 22:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\iWin
2009-03-28 22:26 . 2009-03-28 22:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-27 00:20 . 2009-03-27 00:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games
2009-03-19 23:37 . 2004-08-04 12:00 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-19 23:37 . 2004-08-04 12:00 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-03-19 23:37 . 2004-08-04 12:00 68,608 --a------ c:\windows\system32\plugin.ocx
2009-03-19 23:37 . 2004-08-04 12:00 68,608 --a------ c:\windows\system32\dllcache\plugin.ocx
2009-03-19 17:35 . 2009-03-19 17:35 <DIR> d-------- c:\program files\Onlinebandit
2009-03-19 07:28 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-19 07:28 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-19 07:28 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-16 09:51 . 2009-03-16 09:51 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-03-16 09:43 . 2009-03-16 09:43 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-05 22:46 . 2009-03-05 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-03-05 15:51 . 2009-03-05 15:51 <DIR> d--hs---- c:\documents and settings\Owner\IECompatCache
2009-03-05 15:49 . 2009-03-05 15:49 <DIR> d--hs---- c:\documents and settings\Owner\IETldCache
2009-03-05 15:10 . 2009-01-10 22:00 79,360 --a--c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-02 15:57 . 2009-03-02 15:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\Yahoo!
2009-03-02 15:56 . 2009-03-05 14:36 <DIR> d-------- c:\program files\Yahoo!
2009-03-02 15:56 . 2009-03-02 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-02 12:22 . 2009-03-02 12:22 <DIR> d-------- C:\Installation Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 03:23 --------- d-----w c:\program files\MSECache
2009-04-01 20:52 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-21 18:36 --------- d-----w c:\program files\Common Files\AOL
2009-03-20 00:01 --------- d-----w c:\program files\Common Files\Apple
2009-03-06 04:12 --------- d-----w c:\documents and settings\Owner\Application Data\HPAppData
2009-03-05 21:35 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-02 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-15 18:07 --------- d-----w c:\program files\Google
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\4c1727e96774f6efe758776af2 ----

2009-04-01 09:58 788 --ah----- c:\4c1727e96774f6efe758776af2\$shtdwn$.req
2009-02-25 12:55 24768960 --a------ c:\4c1727e96774f6efe758776af2\mrt.exe
2009-02-25 12:55 24512 --a------ c:\4c1727e96774f6efe758776af2\mrtstub.exe


((((((((((((((((((((((((((((( SnapShot@2009-04-01_17.57.52.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-29 19:31:39 213,376 -c--a-w c:\windows\system32\dllcache\ndis.sys
+ 2004-08-04 19:00:00 182,912 -c--a-w c:\windows\system32\dllcache\ndis.sys
+ 2009-04-02 16:40:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-01 206088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli pbumsv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
backup=c:\windows\pss\run_startmenu.cmdCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-07 12:07 496752 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 17:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-02-20 15:22 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 13:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-03-09 08:00 966656 c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 16:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-17 19:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--a------ 2003-09-19 10:09 36864 c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-09 12:17 67584 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-08-13 11:48 49152 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2004-08-13 11:48 143360 c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Onlinebandit\\Start.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S2 csiscanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KL1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 09:42:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-02 9:43:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 16:43:55
ComboFix2.txt 2009-04-02 00:58:32

Pre-Run: 43,969,773,568 bytes free
Post-Run: 43,781,746,688 bytes free

819 --- E O F --- 2009-03-06 13:11:09

----------------------------------------



** I apologize about all the music you'll have to sift through in my combofix log: I was unsure if you needed that info. :/


(6). I did a Malwarebytes scan last night. Here was that log:



Malwarebytes' Anti-Malware 1.35
Database version: 1931
Windows 5.1.2600 Service Pack 2

4/1/2009 11:40:24 PM
mbam-log-2009-04-01 (23-40-24).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 99085
Time elapsed: 19 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\pbumsv.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ovejux (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\pbumsv.dll (Trojan.Hiloti) -> Delete on reboot.
C:\dmsiacq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\windows\system32\dofozeha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\windows\system32\UACduyxetla.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\windows\system32\UACgkvxfmhm.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP144\A0267655.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP144\A0267656.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP144\A0267682.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP144\A0267699.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ihozawufilelufi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\yayosiyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

---------------------------------

Today, the scan found nothing:

Malwarebytes' Anti-Malware 1.35
Database version: 1931
Windows 5.1.2600 Service Pack 2

4/2/2009 10:26:20 AM
mbam-log-2009-04-02 (10-26-20).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 98238
Time elapsed: 19 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm

Re: Slow PC, Please help!

Unread postby dan12 » April 2nd, 2009, 11:55 am

I have a little to look through, when you post the logs ie comboix, it's important I see the header of the log also :)
How are things now with the pc?
catch you later.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Slow PC, Please help!

Unread postby Justagirl » April 2nd, 2009, 12:01 pm

I'm sorry, as far as I thought- I was posting the entire log. How do I do that?

It's running wonderful so far, if not perfect :)
Thanks again for all your help <3
Justagirl
Regular Member
 
Posts: 17
Joined: April 1st, 2009, 1:31 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware