Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dwwin.exe - bad image error


  • This topic is locked This topic is locked
47 replies to this topic

#1 pringles06

pringles06

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 31 December 2009 - 09:56 AM

getting a bad image error with dwwin.exe. tried to download fix programs but they themselves cause an error as well. here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:42 AM, on 12/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32tcpsvcs.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32sstray.exe
C:WINDOWSzHotkey.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesEZBackitupEZBkuptray.exe
C:Program FilesMA311 PCI Adapter Configuration Utilitywlanutil.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesiTunesiTunes.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32wuauclt.exe
I:DocumentsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mightymarg.sectionz.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {BD2E2BB5-9604-918D-7FE6-C39EFE4504CF} - C:WINDOWSSystem32jvhvw.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BD2E2BB5-9604-918D-7FE6-C39EFE4504CF} - C:WINDOWSSystem32jvhvw.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM..Run: [CHotkey] zHotkey.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [DeltTray] DeltTray.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [findfast] C:Documents and SettingsColeApplication Datafindfast.exe
O4 - HKLM..Run: [EarthLink Installer] " /C
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKCU..Run: [AIM] C:Program Filesaimaim.exe -cnetwait.odl
O4 - HKCU..Run: [Bhqfs] C:Documents and SettingsColeApplication Data??crosoft.NETr?ndll32.exe
O4 - HKCU..Run: [Usrr] "C:DOCUME~1ColeAPPLIC~1SCURIT~1wuaclt.exe" -vt ndrv
O4 - HKCU..Run: [EZBack-it-up Tray Scheduler] C:Program FilesEZBackitupEZBkuptray.exe
O4 - HKCU..Run: [findfast] C:Documents and SettingsColeApplication Datafindfast.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..PoliciesExplorerRun: [{88707C22-0828-1033-0330-040805030001}] "C:Program FilesCommon Files{88707C22-0828-1033-0330-040805030001}Update.exe" te-110-12-0000132
O4 - Startup: Genie Stream.lnk = C:Program FilesiKatron SolutionsGenie StreamClientCGenieStream.exe
O4 - Startup: Scheduler.lnk = C:Program FilesSpyCatcherScheduler daemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:Program FilesBigFixBigFix.exe
O4 - Global Startup: Configuration Utility.lnk = C:Program FilesMA311 PCI Adapter Configuration Utilitywlanutil.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:Program FilesICQICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:Program FilesICQICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program Filesaimaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:Program FilesPartyGaming.NetPartyPokerNetRunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:Program FilesPartyGaming.NetPartyPokerNetRunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 - Filter hijack: text/html - {030215A3-6E97-4e7c-ACBE-64BBB004FD62} - C:Documents and SettingsColeApplication Dataiebar.dll
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe

--
End of file - 11833 bytes

thanks!

any suggestions?


While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Edited by garmanma, 31 December 2009 - 01:52 PM.


BC AdBot (Login to Remove)

 


#2 pringles06

pringles06
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 03 January 2010 - 11:24 PM

bump

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 09 January 2010 - 03:01 PM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log
Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 pringles06

pringles06
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 12 January 2010 - 09:39 AM

Description of problem: It used to be that about 2/3 of the programs I'd use would crash upon starting, ie run for a couple of seconds and immediately pop up a screen that said there was a bad image file with xlibgfl254.dll, check against installation diskette. However, that problem specifically has gone away and now I experience the same crashing with about 1/3 of the programs I am currently running. Examples of programs are Internet Explorer, RegCure, Quicktime, and various others.

DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Cole at 0:19:41.81 on Tue 01/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.150 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\EZBackitup\EZBkuptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
I:\Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mightymarg.sectionz.com/
uSearch Bar = about:blank
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
uURLSearchHooks: {bd2e2bb5-9604-918d-7fe6-c39efe4504cf} - c:\windows\system32\jvhvw.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {bd2e2bb5-9604-918d-7fe6-c39efe4504cf} - c:\windows\system32\jvhvw.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam]
uRun: [Bhqfs] c:\documents and settings\cole\application data\??crosoft.net\r?ndll32.exe
uRun: [Usrr] "c:\docume~1\cole\applic~1\scurit~1\wuaclt.exe" -vt ndrv
uRun: [EZBack-it-up Tray Scheduler] c:\program files\ezbackitup\EZBkuptray.exe
uRun: [findfast] c:\documents and settings\cole\application data\findfast.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\cole\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [nwiz] nwiz.exe /install
mRun: [nForce Tray Options] sstray.exe /r
mRun: [CHotkey] zHotkey.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DeltTray] DeltTray.exe
mRun: [findfast] c:\documents and settings\cole\application data\findfast.exe
mRun: [EarthLink Installer] " /C
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uExplorerRun: [{88707C22-0828-1033-0330-040805030001}] "c:\program files\common files\{88707c22-0828-1033-0330-040805030001}\Update.exe" te-110-12-0000132
StartupFolder: c:\docume~1\cole\startm~1\programs\startup\genies~1.lnk - c:\program files\ikatron solutions\genie stream\client\CGenieStream.exe
StartupFolder: c:\docume~1\cole\startm~1\programs\startup\schedu~1.lnk - c:\program files\spycatcher\Scheduler daemon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\config~1.lnk - c:\program files\ma311 pci adapter configuration utility\wlanutil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} - hxxp://blizzard.com/support/includes/cabs/si.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://72.32.179.44/filter/cameraviewer/isetup.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/activedata/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxp://www.symantec.com/techsupp/activedata/ActiveData.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: text/html - {030215A3-6E97-4e7c-ACBE-64BBB004FD62} - c:\documents and settings\cole\application data\iebar.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: WRNotifier - WRLogonNTF.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cole\applic~1\mozilla\firefox\profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\cole\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\cole\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 4096]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2006-11-21 3968]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-10-9 37056]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 204800]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-10-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-10-9 234616]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-4-20 14336]
R2 RVIEGVST;VSC VST Engine;c:\program files\roland\virtual sound canvas vst\RVIEg01VST.sys [2004-10-4 188276]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [2004-5-31 54784]
S1 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-10-9 308416]
S2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-10-9 193816]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-25 69632]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-10-9 90112]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?]
S3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\drivers\mscnr.sys --> c:\windows\system32\drivers\mscnr.sys [?]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20041123.016\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20041123.016\NAVENG.Sys [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20041123.016\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20041123.016\NavEx15.Sys [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2004-12-28 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2004-12-28 22304]

=============== Created Last 30 ================

2010-01-12 05:07:52 0 d-----w- c:\program files\common files\PACE Anti-Piracy
2010-01-12 05:07:52 0 d-----w- c:\docume~1\cole\applic~1\PACE Anti-Piracy
2010-01-12 05:07:52 0 d-----w- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2010-01-12 04:52:55 0 d-----w- c:\program files\InterLok
2010-01-12 04:52:17 0 d-----w- c:\docume~1\cole\applic~1\Antares
2010-01-12 04:52:15 0 d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32:56 0 d-----w- c:\docume~1\cole\applic~1\SynthMaker
2010-01-07 15:24:00 0 d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53:58 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53:25 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53:25 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53:25 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53:25 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53:25 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53:24 0 d-----w- c:\program files\M-Audio
2010-01-05 14:14:36 0 dc-h--w- c:\windows\ie8
2010-01-05 04:31:34 0 d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07:58 0 d-----w- c:\program files\SoulseekNS
2010-01-05 01:02:15 0 d-sh--w- c:\documents and settings\cole\IECompatCache
2010-01-05 01:01:16 0 d-sh--w- c:\documents and settings\cole\PrivacIE
2010-01-05 00:43:12 0 ----a-w- c:\windows\system32\regsvr32
2010-01-02 14:32:46 0 d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11:50 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10:42 0 d-----w- c:\program files\Bonjour
2010-01-01 09:33:00 0 d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47:17 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2009-12-31 14:37:11 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37:11 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37:11 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37:10 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37:10 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37:08 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37:08 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37:06 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37:03 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35:59 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-12-31 14:34:59 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33:59 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32:59 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31:59 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30:57 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys
2009-12-31 14:29:59 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19:49 0 d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19:43 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19:36 0 d-----w- c:\program files\Registry Patrol
2009-12-31 13:26:27 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26:27 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26:26 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26:26 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22:01 0 d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02:02 0 d-----w- c:\program files\Outsim
2009-12-31 00:41:27 0 d-sh--w- c:\documents and settings\cole\IETldCache
2009-12-30 23:56:30 0 d-----w- c:\windows\ie8updates
2009-12-30 23:49:00 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49:00 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:49:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:48:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48:56 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47:37 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44:38 0 d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:28:15 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-30 23:28:15 1409 ----a-w- c:\windows\QTFont.for
2009-12-30 23:24:43 0 d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04:01 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04:01 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04:01 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04:01 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:04:01 1229 ------w- c:\windows\system32\wbem\wscenter.mof
2009-12-30 23:02:59 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01:44 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01:32 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01:31 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01:29 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01:20 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01:19 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01:19 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01:17 0 d-----w- c:\windows\ServicePackFiles
2009-12-30 22:58:37 19528 ----a-w- c:\windows\002247_.tmp
2009-12-30 22:55:40 0 d-----w- c:\windows\EHome
2009-12-30 19:44:06 0 d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43:54 0 d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Soulseek

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2004-11-19 02:42:44 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42:41 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2004-09-01 02:27:24 3135 ----a-w- c:\program files\INSTALL.LOG
2003-08-05 15:41:44 53248 ----a-w- c:\windows\inf\ap561.exe
2002-11-26 20:24:58 32768 ----a-w- c:\windows\inf\Remove561.exe
2002-11-22 19:56:52 118784 ----a-w- c:\windows\inf\ShowBmp.exe
2002-10-29 22:07:44 36864 ----a-w- c:\windows\inf\Setup8a.exe
2002-10-01 18:43:32 119798 ----a-w- c:\windows\inf\spca561.sys
2001-11-18 02:29:30 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21:50 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35:46 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15:24 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04:24 3717 ----a-w- c:\program files\license.txt

============= FINISH: 0:20:42.98 ===============

Atach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2004 12:36:18 PM
System Uptime: 1/11/2010 11:54:29 PM (1 hours ago)

Motherboard: First International Computer, Inc. | | AU31
Processor: AMD Athlon™ XP 2800+ | Socket A | 2088/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 3.373 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 149 GiB total, 7.745 GiB free.
J: is Removable
K: is FIXED (FAT32) - 466 GiB total, 155.959 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
4Front Bass Module 1.0 VSTi
4Front Piano Module 1.0 VSTi
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Shockwave Player
America Online (Choose which version to remove)
AnalogX Vocal Remover
Antares Auto-Tune 3 DirectX
Antares Auto-Tune Evo VST
Antares Filter VST DX v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.2.3
AutoUpdate
AVG Anti-Spyware 7.5
Black Thorn
BlogTorrent beta-0.1
Bonjour
ccCommon
Codec Pack - All In 1 6.0.3.0
Collab
CompuServe
Data Lifeguard Tools
dBpowerAMP FLAC Codec
dBpowerAMP Music Converter
Deckadance
Delta
discoDSP Discovery v2.4
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DreamStation DXi
e-Watch Camera Viewer
Easy CD-DA Extractor 7.1
Easy CD Creator 5 Basic
Edirol HQ Orchestral v1.01
Edirol Hyper Canvas
eMachines Bay Reader
EV Nova (remove only)
EZBack-it-up 2.0.1
FabFilter One 2.01
FabFilter Volcano 1.11
FL Studio 6
FL Studio 7
FL Studio 9
Free M4a to MP3 Converter 6.1
Free Mp3 Wma Converter V 1.5.0
FruityLoops v3.56 Full
fxpansion!RobotikVocoder
Google Earth
Google Talk Plugin
GSpot Codec Information Appliance
Guitar Pro 4.0
Hematohm VST2
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
ICQ
igLoader
IK Multimedia Amplitube DX/VST/RTAS v2.0
IL Download Manager
Inspector
Interlok driver setup x32
iPod for Windows 2006-03-23
iPod for Windows 2006-06-28
iPod movie Converter 3
iScrobbler
iTunes
iZotope Trash
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.2_04
Java™ 6 Update 17
Java™ 6 Update 2
Java™ SE Runtime Environment 6
Java™ SE Runtime Environment 6 Update 1
Jeskola Buzz Starters Pack
Last.fm Player 1.0.3
Lexmark Photo Center
Lexmark Z700-P700 Series
Live 6.0b21
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Lounge Lizard 1.01
MA311 Device Driver and Configuration Utility
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Meridian Advance (remove only)
Microsoft Data Access Components KB870669
Microsoft Excel 2000 SR-1
Microsoft Office PowerPoint Viewer 2003
Microsoft PowerPoint 2000 SR-1
Microsoft Word 2000 SR-1
Microsoft Works 6.0
mIRC
Mozilla Firefox (3.5.7)
MSRedist
Multimedia Keyboard Driver
Musicnotes Player V1.22.3
myTunes Redux 1.0
Native Instruments Absynth v3.0.2
Native Instruments Elektrik Piano
Native Instruments FM7 v1.10.006
Native Instruments Traktor DJ Studio 2.5.2
NetObjects Fusion 4.0
Netscape 6 (6.2.1)
Network Play System (Patching)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
NoteWorthy Composer
NoteWorthy Player
Novation V-Station v1.20-H2O
NVIDIA Display Driver
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
Ohm Force OhmBoyz VST2 v1.03 PRO
Ohmforce Mobilohm VST v1.04
OhmForce Ohmygod VST2
Ohmforce Predatohm VST PRO v1.21
Ohmforce Quad Frohmage Pro VST v1.01
Orion Platinum
Philips PC Camera
PoiZone
Power MP3 WMA Converter 2006, (ver 3.42)
PowerDVD
PowerISO
QuickTime
RAR Password Recovery Magic v6.1.1.153
RD 2.12
RealPlayer
Reason 3.0
Reason Demo
ReBirth RB-338 2.0
RegCure
Replay Music 2.4
rgc:audio sfz VSTi v1.96
rgcAudio High Frequency Stimulator v1.0
rgcAudio z3ta Plus v1.40
Rhapsody Player Engine
Rob Papen Albino 2 Demo
Rogue Spear
Sakura
SampleTank 2 Free
Sawer
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Series II MIDI
sfArk
sfArkXTc
SFPack
SHOUTcast DNAS (remove only)
SHOUTcast Source DSP 1.8.2 (remove only)
Skin Edit 1.0
Skype 2.5
Skype™ 3.5
SmartFTP Client
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Soft Data Fax Modem with SmartCP
Sonic Foundry ACID 4.0
SoulSeek 157 NS 13e
Soulseek Client 152
SoulSeek Client 156b
Spybot - Search & Destroy 1.3
Starcraft
Steam
Steinberg Hypersonic v1.0
Steinberg\VSTplugins\MrRay
Super Mario Pac v1.1
Symantec Script Blocking Installer
SymNet
Synth1
SynthEdit
Sytrus
T-RackS 24
T-RackS Plug-in
TotalAccess Smart Installer
Toxic Biohazard
Toxic DEMO v2.1
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB953356)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Urban Operations
USB Keyboard Device 1.0.1.0
USB Midisport Uno 1.0.1.0
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual Sound Canvas VST
Virtual Trumpet
Waves Audio Processors 3.2
Waves Diamond Bundle 4.05
Waves Masters
Waves Renaissance Collection 2
WebFldrs XP
WinAce Archiver
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Movie Maker 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
Xvid 1.1.2 final uninstall
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zero-X BeatSlicer
Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week ========

1/5/2010 12:27:58 AM, error: SAVRT [20] - Unable to initialize the virus scanning engine database files.
1/5/2010 12:27:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT
1/5/2010 12:27:54 AM, error: Service Control Manager [7001] - The SAVScan service depends on the SAVRT service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2010 12:27:51 AM, error: Print [19] - Sharing printer failed + 1722, Printer Lexmark Z700-P700 Series share name Printer.

==== End Of File ===========================

gmer.log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 09:26:44
Windows 5.1.2600 Service Pack 2
Running: megytbmt.exe; Driver: C:\DOCUME~1\Cole\LOCALS~1\Temp\pwldapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF7B0F8AC]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF7B0F812]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF720749E]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF68F0340, 0x121A5F, 0xF8000020]
init C:\WINDOWS\System32\Drivers\sunkfilt39.sys entry point in "init" section [0xF77D7360]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Files - GMER 1.0.15 ----

File I:\Samples (HD2)\TechnoTrance Essential\Partition F\9 SWEEPSYNS1\LONGFALL.wav 260026 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition F\9 SWEEPSYNS1\SKYDIVE.wav 111454 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition F\9 SWEEPSYNS1\SMALL SWEEP.wav 166534 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition F\9 SWEEPSYNS1\WASP SWEEP 2.wav 261428 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1\EAST HORN LO.wav 64774 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1\EASTHHORN HI.wav 62634 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1\GONG SYNTH.wav 114188 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1\info.htm 2484 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1\KINGS GONG.wav 253694 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1\MELLOW GONG.wav 54924 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\1 ETHNICSYN1\SITA SYNTH.wav 89842 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\AFRO DRUM.wav 74462 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\AFRO PLUCK 2.wav 83988 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\BREATHY.wav 261334 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\EASTN PLUCK3.wav 89354 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\EXP FLUTE 1.wav 95494 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\info.htm 2475 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\PAN FLUTE.wav 199578 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\2 ETHNICSYN2\SOFT FLUTE.wav 63634 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\BEND DOWN.wav 89124 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\BEND UP.wav 59006 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\CHIME.wav 107530 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\DEEP TABLA.wav 127286 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\HI TABLA.wav 20290 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\info.htm 3394 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\LO TABLA.wav 129126 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\MID TABLA.wav 52538 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\TABLA FLICK.wav 22444 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\TABLA RIM.wav 45096 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\VERYHI TABLA.wav 14504 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\3 ETH PERC-1\WINDCHIME.wav 431036 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\BASS SHAKER.wav 43064 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\BELL TREE 2.wav 115834 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\HI DRUMSHAKE.wav 20950 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\info.htm 3421 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\JANGLER.wav 43934 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\LO DRUMSHAKE.wav 52208 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\LO TAB HIT.wav 17264 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\LONG SHAKE.wav 48076 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\4 ETH PERC-2\OPEN PAN.wav 56904 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\5 ETH PERC-3 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\5 ETH PERC-3\BELL 3.wav 13312 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\5 ETH PERC-3\info.htm 3332 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\5 ETH PERC-3\STICK 2.wav 10830 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\6 ETH PERC-4 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition G\6 ETH PERC-4\info.htm 3462 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\1 SEVEREGATE 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\1 SEVEREGATE\info.htm 4447 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\10 PERC FX 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\10 PERC FX\info.htm 3417 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\11 STRANGE 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\11 STRANGE\info.htm 3477 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\12 SHOCKING 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\12 SHOCKING\info.htm 3476 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\2 MAD DRUMS 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\2 MAD DRUMS\info.htm 4398 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT\ACIDIC BD 1.wav 14348 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT\ACIDIC HMN 4.wav 9226 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT\ACIDIC HMN 5.wav 6386 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT\ACIDIC HMN 7.wav 8562 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT\ACIDIC MTL 2.wav 10426 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT\ACIDIC MTL 3.wav 15272 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\3 ACIDIC KIT\info.htm 4442 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\4 GATED KIT 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\4 GATED KIT\info.htm 4431 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\5 RAVEYDRUMS 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\5 RAVEYDRUMS\RAVEY SNRE 2.wav 13188 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\6 HOUSEYDRMS 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\6 HOUSEYDRMS\HOUSE KICK 5.wav 12480 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\6 HOUSEYDRMS\HOUSE KICK10.wav 12900 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\6 HOUSEYDRMS\HOUSE SNRE 2.wav 15112 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\6 HOUSEYDRMS\HOUSE SNRE 4.wav 14356 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\6 HOUSEYDRMS\HOUSE SNRE 5.wav 11154 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\7 REVRB DRMS 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\7 REVRB DRMS\info.htm 8351 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\8 FX CYMBALS 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\8 FX CYMBALS\info.htm 3408 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\9 FLANGESNRS 0 bytes
File I:\Samples (HD2)\TechnoTrance Essential\Partition H\9 FLANGESNRS\info.htm 6401 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\01 1k Tone.wav 11308460 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\02 Applause.wav 11870588 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\03 National Anthem.wav 14206124 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\04 Drum Corps.wav 12912524 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\05 Umpire.wav 8415500 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\06 Crowd Watching Game.wav 16663964 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\07 Tennis.wav 21843068 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\08 Race.wav 20351900 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\09 Cable Car.wav 11717708 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\10 Subway (Interior).wav 7267724 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\11 Diesel Train.wav 8173244 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\12 Steam Engine.wav 11955260 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\13 Sst.wav 7009004 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\14 Fire Engine.wav 10506428 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\15 Police Car.wav 12613820 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\16 Peace March.wav 17851724 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\17 Jet Fighter.wav 5790668 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\18 Artillery_Firing.wav 13524044 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\19 M60 Rifle.wav 10896860 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\20 Cell Block.wav 5755388 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\21 Jackhammer.wav 17745884 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\22 Wrecking Ball.wav 15382124 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\23 Foghorn.wav 11602460 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\24 Schoolhouse Bell.wav 15716108 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\25 Pinball Machine.wav 18199820 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\26 Tea Kettle.wav 21885404 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\27 Bathtub.wav 16005404 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\28 Toilet Flush.wav 14888204 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\29 Babies.wav 9883148 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\30 Pet Shop.wav 8678924 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\31 Birds & Dogs.wav 18710204 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\32 Barnyard.wav 8168540 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\33 Birds.wav 11748284 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\34 Cows.wav 16558124 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\35 Lambs.wav 12747884 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\36 Wolves.wav 23320124 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\37 Lion.wav 7366508 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\38 Jungle.wav 16917980 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\39 Seagulls_Surf.wav 10372364 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\40 Sea Lions.wav 9118748 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\41 Dolphins.wav 13237100 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\42 Owl_Wind.wav 11153228 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\43 Thunder.wav 10708700 bytes
File I:\Samples (HD2)\The Complete Cbs Audiofile\44 Blizzard.wav 9114044 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_C1.wav 981916 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_C2.wav 620778 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_C3.wav 964842 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_C4.wav 528618 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_C5.wav 429290 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_F1.wav 907498 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_F2.wav 667882 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_F3.wav 726250 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_F4.wav 921444 bytes
File I:\Samples (HD2)\Touchpads\AnaHog\AnaLog_F5.wav 368874 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_A2.wav 476740 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_A3.wav 493808 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_C2.wav 422504 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_C3.wav 502648 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_C4.wav 506682 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_D#2.wav 413944 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_D#3.wav 470076 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_F#2.wav 462732 bytes
File I:\Samples (HD2)\Touchpads\AweSquare\AweSquare_F#3.wav 492516 bytes
File I:\Samples (HD2)\Touchpads\Babtism\Babtism_C1.wav 2245582 bytes
File I:\Samples (HD2)\Touchpads\Babtism\Babtism_C2.wav 1538158 bytes
File I:\Samples (HD2)\Touchpads\Babtism\Babtism_C3.wav 1898656 bytes
File I:\Samples (HD2)\Touchpads\Babtism\Babtism_C4.wav 1285734 bytes
File I:\Samples (HD2)\Touchpads\Babtism\Babtism_C5.wav 1353982 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_C5.wav 353246 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_D#1.wav 423816 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_D#2.wav 423490 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_D#3.wav 423454 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_D#4.wav 423434 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_F1.wav 422988 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_F2.wav 430356 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_F3.wav 420356 bytes
File I:\Samples (HD2)\Touchpads\DarkBrass\Dbr_F4.wav 423664 bytes
File I:\Samples (HD2)\Touchpads\DarkFaeries\DarkF_C1Gill.wav 1037408 bytes
File I:\Samples (HD2)\Touchpads\DarkFaeries\DarkF_C2Gill.wav 1108320 bytes
File I:\Samples (HD2)\Touchpads\DarkFaeries\DarkF_C3Gill.wav 1210590 bytes
File I:\Samples (HD2)\Touchpads\DarkFaeries\DarkF_C4Gill.wav 1048798 bytes
File I:\Samples (HD2)\Touchpads\DarkFaeries\DarkF_C5Gill.wav 1126226 bytes
File I:\Samples (HD2)\Touchpads\Fantasy\Fantasy_C1.wav 866018 bytes
File I:\Samples (HD2)\Touchpads\Fantasy\Fantasy_C2.wav 1912672 bytes
File I:\Samples (HD2)\Touchpads\Fantasy\Fantasy_C3.wav 2007522 bytes
File I:\Samples (HD2)\Touchpads\Fantasy\Fantasy_C4.wav 2802242 bytes
File I:\Samples (HD2)\Touchpads\FatSweep\Fat_A1.wav 742382 bytes
File I:\Samples (HD2)\Touchpads\FatSweep\Fat_A2.wav 985566 bytes
File I:\Samples (HD2)\Touchpads\FatSweep\Fat_C1.wav 1113646 bytes
File I:\Samples (HD2)\Touchpads\FatSweep\Fat_C2.wav 627182 bytes
File I:\Samples (HD2)\Touchpads\FatSweep\Fat_C3.wav 778746 bytes
File I:\Samples (HD2)\Touchpads\FatSweep\Fat_F1.wav 622834 bytes
File I:\Samples (HD2)\Touchpads\FatSweep\Fat_F2.wav 920398 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_A2.wav 358712 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_A3.wav 389376 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_A4.wav 306704 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_C2.wav 370384 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_C3.wav 357984 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_C4.wav 380912 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_C5.wav 314112 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_D#2.wav 529056 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_D#3.wav 389254 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_D#4.wav 373776 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_F2.wav 293046 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_F3.wav 406288 bytes
File I:\Samples (HD2)\Touchpads\Frappy\Frap_F4.wav 323760 bytes
File I:\Samples (HD2)\Touchpads\FreakSweep\FsM_C1.wav 1872664 bytes
File I:\Samples (HD2)\Touchpads\FreakSweep\FsM_C2.wav 1884592 bytes
File I:\Samples (HD2)\Touchpads\FreakSweep\FsM_C3.wav 1882432 bytes
File I:\Samples (HD2)\Touchpads\FreakSweep\FsM_C4.wav 1886272 bytes
File I:\Samples (HD2)\Touchpads\FreakSweep\FsM_C5.wav 1749516 bytes
File I:\Samples (HD2)\Touchpads\Groaner\Groan_C2.wav 1767168 bytes
File I:\Samples (HD2)\Touchpads\Groaner\Groan_C3.wav 2804958 bytes
File I:\Samples (HD2)\Touchpads\Groaner\Groan_C4.wav 2630912 bytes
File I:\Samples (HD2)\Touchpads\Groaner\Groan_C5.wav 1420510 bytes
File I:\Samples (HD2)\Touchpads\Harsh\NMP_C2.wav 104946 bytes
File I:\Samples (HD2)\Touchpads\Harsh\NMP_C3.wav 67348 bytes
File I:\Samples (HD2)\Touchpads\Harsh\NMP_C4.wav 46952 bytes
File I:\Samples (HD2)\Touchpads\Interim\SP_C3.wav 7834 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_C1.wav 423568 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_C2.wav 423568 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_C3.wav 423514 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_C4.wav 423572 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_C5.wav 341824 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_F1.wav 423542 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_F2.wav 430162 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_F3.wav 420220 bytes
File I:\Samples (HD2)\Touchpads\Jacknife\Jacknife_F4.wav 423572 bytes
File I:\Samples (HD2)\Touchpads\JuP_8\JuP_A3.wav 1298682 bytes
File I:\Samples (HD2)\Touchpads\JuP_8\JuP_A4.wav 1284282 bytes
File I:\Samples (HD2)\Touchpads\JuP_8\JuP_C1.wav 1298682 bytes
File I:\Samples (HD2)\Touchpads\JuP_8\JuP_C2.wav 1327482 bytes
File I:\Samples (HD2)\Touchpads\JuP_8\JuP_C3.wav 1292026 bytes
File I:\Samples (HD2)\Touchpads\Lavation\GilBis_C#3.wav 173474 bytes
File I:\Samples (HD2)\Touchpads\Lavation\GilBis_D#2.wav 185984 bytes
File I:\Samples (HD2)\Touchpads\Lavation\GilBis_F1.wav 187698 bytes
File I:\Samples (HD2)\Touchpads\Lavation\GilBs_F1.wav 188018 bytes
File I:\Samples (HD2)\Touchpads\Lavation\GilBs_G#2.wav 188684 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_A1.wav 481112 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_A2.wav 847008 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_A3.wav 847042 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_A4.wav 561374 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_C1.wav 606116 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_C2.wav 846820 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_C3.wav 846774 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_C4.wav 476650 bytes
File I:\Samples (HD2)\Touchpads\MoogBrass\Mbrs_C5.wav 770528 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_C1.wav 1059862 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_C2.wav 1038158 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_C3.wav 1041614 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_C4.wav 1053838 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_C5.wav 1108990 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_F1.wav 1114158 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_F2.wav 1089670 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_F3.wav 1097286 bytes
File I:\Samples (HD2)\Touchpads\Novatorium\Novatorium_F4.wav 1074790 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_C1.wav 1207758 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_C2.wav 1201358 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_C3.wav 1206478 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_C4.wav 1206510 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_C5.wav 1227980 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_F1.wav 1201742 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_F2.wav 1206862 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_F3.wav 1200782 bytes
File I:\Samples (HD2)\Touchpads\ObGyn\ObGyN_F4.wav 1199052 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_C1.wav 571616 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_C2.wav 743646 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_C3.wav 693792 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_C4.wav 868574 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_C5.wav 798942 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_F1.wav 628958 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_F2.wav 727262 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_F3.wav 686304 bytes
File I:\Samples (HD2)\Touchpads\Obleep\bleep_F4.wav 942304 bytes
File I:\Samples (HD2)\Touchpads\Padagra\Padagra_C2.wav 919776 bytes
File I:\Samples (HD2)\Touchpads\Padagra\Padagra_C3.wav 970976 bytes
File I:\Samples (HD2)\Touchpads\Padagra\Padagra_C4.wav 881890 bytes
File I:\Samples (HD2)\Touchpads\Padagra\Padagra_G1.wav 858336 bytes
File I:\Samples (HD2)\Touchpads\Padagra\Padagra_G2.wav 865504 bytes
File I:\Samples (HD2)\Touchpads\Padagra\Padagra_G3.wav 912352 bytes
File I:\Samples (HD2)\Touchpads\Padagra\Padagra_G4.wav 831712 bytes
File I:\Samples (HD2)\Touchpads\PolyHorn\PolyHorn_C1.wav 808168 bytes
File I:\Samples (HD2)\Touchpads\PolyHorn\PolyHorn_C2.wav 811072 bytes
File I:\Samples (HD2)\Touchpads\PolyHorn\PolyHorn_C3.wav 811512 bytes
File I:\Samples (HD2)\Touchpads\PolyHorn\PolyHorn_C4.wav 775830 bytes
File I:\Samples (HD2)\Touchpads\PolyHorn\PolyHorn_F1.wav 811872 bytes
File I:\Samples (HD2)\Touchpads\PolyHorn\PolyHorn_F2.wav 810632 bytes
File I:\Samples (HD2)\Touchpads\PolyHorn\PolyHorn_F3.wav 810712 bytes
File I:\Samples (HD2)\Touchpads\QuietDark\Dark_C3.wav 179184 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_C1.wav 1205024 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_C2.wav 1211240 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_C3.wav 1207680 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_C4.wav 1209520 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_C5.wav 1200350 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_F1.wav 1207390 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_F2.wav 1209312 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_F3.wav 1208096 bytes
File I:\Samples (HD2)\Touchpads\RezSweep\RSweep_F4.wav 1208472 bytes
File I:\Samples (HD2)\Touchpads\RichSweep\ChefRiche_C#4.wav 267046 bytes
File I:\Samples (HD2)\Touchpads\RichSweep\ChefRiche_C#5.wav 184136 bytes
File I:\Samples (HD2)\Touchpads\RichSweep\ChefRiche_F#2.wav 275828 bytes
File I:\Samples (HD2)\Touchpads\RichSweep\ChefRiche_G1.wav 321916 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_C1.wav 529326 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_C2.wav 529316 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_C3.wav 529314 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_C4.wav 529300 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_C5.wav 486982 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_F1.wav 529312 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_F2.wav 537578 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_F3.wav 525154 bytes
File I:\Samples (HD2)\Touchpads\Sawmen\Sawmen_F4.wav 529298 bytes
File I:\Samples (HD2)\Touchpads\Soft\SoftOb_C1.wav 1409246 bytes
File I:\Samples (HD2)\Touchpads\Soft\SoftOb_C2.wav 1977310 bytes
File I:\Samples (HD2)\Touchpads\Soft\SoftOb_C3.wav 2316832 bytes
File I:\Samples (HD2)\Touchpads\Soft\SoftOb_C4.wav 2355936 bytes
File I:\Samples (HD2)\Touchpads\Soft\SoftOb_C5.wav 1604830 bytes
File I:\Samples (HD2)\Touchpads\Soundtrack\ST_C2.wav 870618 bytes
File I:\Samples (HD2)\Touchpads\Soundtrack\ST_C3.wav 992986 bytes
File I:\Samples (HD2)\Touchpads\Soundtrack\ST_C4.wav 960474 bytes
File I:\Samples (HD2)\Touchpads\Soundtrack\ST_G2.wav 923866 bytes
File I:\Samples (HD2)\Touchpads\Soundtrack\ST_G3.wav 907482 bytes
File I:\Samples (HD2)\Touchpads\Soundtrack\ST_G4.wav 872666 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_C1.wav 117974 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_C2.wav 157022 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_C3.wav 144666 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_C4.wav 109782 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_C5.wav 140414 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_F#1.wav 148368 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_F#2.wav 132176 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_F#3.wav 144784 bytes
File I:\Samples (HD2)\Touchpads\SuperFat\SuperFat_F#4.wav 119696 bytes
File I:\Samples (HD2)\Touchpads\Sweeper\Sweeper_C2.wav 1336032 bytes
File I:\Samples (HD2)\Touchpads\Sweeper\Sweeper_C3.wav 1079520 bytes
File I:\Samples (HD2)\Touchpads\Sweeper\Sweeper_C4.wav 1372384 bytes
File I:\Samples (HD2)\Touchpads\Sweeper\Sweeper_F2.wav 1499360 bytes
File I:\Samples (HD2)\Touchpads\Sweeper\Sweeper_F3.wav 1089760 bytes
File I:\Samples (HD2)\Touchpads\Sweeper\Sweeper_F4.wav 1237872 bytes
File I:\Samples (HD2)\Touchpads\SweetSweep\Sweet_C1.wav 1858782 bytes
File I:\Samples (HD2)\Touchpads\SweetSweep\Sweet_C2.wav 1890016 bytes
File I:\Samples (HD2)\Touchpads\SweetSweep\Sweet_C3.wav 1936672 bytes
File I:\Samples (HD2)\Touchpads\SweetSweep\Sweet_C4.wav 1859424 bytes
File I:\Samples (HD2)\Touchpads\SweetSweep\Sweet_C5.wav 1706124 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_A1.wav 1058456 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_A2.wav 1058446 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_A3.wav 762158 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_A4.wav 657828 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_C1.wav 1057946 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_C2.wav 1058496 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_C3.wav 1058462 bytes
File I:\Samples (HD2)\Touchpads\The5th\Th5th_C4.wav 652012 bytes
File I:\Samples (HD2)\Touchpads\Villainy\Villainy_C1.wav 2113168 bytes
File I:\Samples (HD2)\Touchpads\Villainy\Villainy_C2.wav 2107980 bytes
File I:\Samples (HD2)\Touchpads\Villainy\Villainy_C3.wav 2102124 bytes
File I:\Samples (HD2)\Touchpads\Villainy\Villainy_C4.wav 2130132 bytes
File I:\Samples (HD2)\Touchpads\Villainy\Villainy_C5.wav 2109460 bytes
File I:\Samples (HD2)\Touchpads\Warming\WarmingUp_A1.wav 803042 bytes
File I:\Samples (HD2)\Touchpads\Warming\WarmingUp_A2.wav 864482 bytes
File I:\Samples (HD2)\Touchpads\Warming\WarmingUp_A3.wav 874722 bytes
File I:\Samples (HD2)\Touchpads\Warming\WarmingUp_C2.wav 833764 bytes
File I:\Samples (HD2)\Touchpads\Warming\WarmingUp_C3.wav 805090 bytes
File I:\Samples (HD2)\Touchpads\Warming\WarmingUp_F2.wav 911588 bytes
File I:\Samples (HD2)\Touchpads\Warming\WarmingUp_F3.wav 903394 bytes
File I:\Samples (HD2)\Touchpads\Xample\Xample_C1.wav 1045056 bytes
File I:\Samples (HD2)\Touchpads\Xample\Xample_C2.wav 855732 bytes
File I:\Samples (HD2)\Touchpads\Xample\Xample_C3.wav 725898 bytes
File I:\Samples (HD2)\Touchpads\Xample\Xample_C4.wav 700880 bytes
File I:\Samples (HD2)\Touchpads\Xample\Xample_C5.wav 565104 bytes
File I:\Samples (HD2)\Touchpads\Xgen\Xgen_C1.wav 2313970 bytes
File I:\Samples (HD2)\Touchpads\Xgen\Xgen_C2.wav 1245364 bytes
File I:\Samples (HD2)\Touchpads\Xgen\Xgen_C3.wav 2676596 bytes
File I:\Samples (HD2)\Touchpads\Xgen\Xgen_C4.wav 1291304 bytes
File I:\Samples (HD2)\Touchpads\Xgen\Xgen_C5.wav 2113888 bytes
File I:\Samples (HD2)\VGM\surfcity.sfk 44256 bytes
File I:\Samples (HD2)\VGM\surfcityloud.wav 11314206 bytes
File I:\Samples (HD2)\VIP Zone\dreams 0 bytes
File I:\Samples (HD2)\VIP Zone\dreams\examples 0 bytes
File I:\Samples (HD2)\VIP Zone\dreams\examples\loops_of_dreams_demo.mp3 4128165 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free 0 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\003 (140 bpm).wav 303220 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\031 (100 bpm).wav 1697848 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\054 (140 bpm).wav 302972 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\055 (130 bpm).wav 326620 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\065 (130 bpm).wav 353780 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\088 (140 bpm).wav 303384 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\Guitar loop 08 (140 bpm).wav 302968 bytes
File I:\Samples (HD2)\VIP Zone\dreams\free\hihats 034 (140 bpm).wav 303404 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro 0 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Drum kick (hard) 18.wav 71852 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Drum kick (soft) 2.wav 59180 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\elektro punk perk 20.wav 53812 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\elektro punk perk 88.wav 167804 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Liquid hi hat 14.wav 140412 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Liquid hi hat 50.wav 69680 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Neo snare 83.wav 146988 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Neo snare 91.wav 109868 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Nitro Fx 40.wav 449624 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Nitro Fx 6.wav 219288 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Synth ld 22.wav 158332 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Synth ld 37.wav 416768 bytes
File I:\Samples (HD2)\VIP Zone\drumelektro\Synth ld 87.wav 530452 bytes
File I:\Samples (HD2)\VIP Zone\fx 0 bytes
File I:\Samples (HD2)\VIP Zone\fx\free 0 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\001.wav 1460654 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\017.wav 262688 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\022.wav 292688 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\025.wav 1963192 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\030.wav 622660 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\032.wav 1022642 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\038.wav 301588 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\043.wav 699460 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\047.wav 1101274 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\055.wav 57600 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\124.wav 1546940 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\133.wav 1132064 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\142.wav 536548 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\192.wav 242728 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\233.wav 608220 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\Crash 007.wav 805806 bytes
File I:\Samples (HD2)\VIP Zone\fx\free\Guitar 011.wav 1760622 bytes
File I:\Samples (HD2)\VIP Zone\fx2 0 bytes
File I:\Samples (HD2)\VIP Zone\fx2\01.wav 2176900 bytes
File I:\Samples (HD2)\VIP Zone\fx2\011.wav 933978 bytes
File I:\Samples (HD2)\VIP Zone\fx2\02.wav 4212910 bytes
File I:\Samples (HD2)\VIP Zone\fx2\03.wav 1317764 bytes
File I:\Samples (HD2)\VIP Zone\fx2\04.wav 777660 bytes
File I:\Samples (HD2)\VIP Zone\fx2\05.wav 1960844 bytes
File I:\Samples (HD2)\VIP Zone\fx2\06.wav 2133544 bytes
File I:\Samples (HD2)\VIP Zone\fx2\07.wav 460004 bytes
File I:\Samples (HD2)\VIP Zone\fx2\08.wav 141664 bytes
File I:\Samples (HD2)\VIP Zone\fx2\09.wav 90400 bytes
File I:\Samples (HD2)\VIP Zone\fx2\10.wav 1741004 bytes
File I:\Samples (HD2)\VIP Zone\fx2\12.wav 880472 bytes
File I:\Samples (HD2)\VIP Zone\fx2\13.wav 1333674 bytes
File I:\Samples (HD2)\VIP Zone\fx2\14.wav 221336 bytes
File I:\Samples (HD2)\VIP Zone\fx2\15.wav 2117720 bytes
File I:\Samples (HD2)\VIP Zone\tribal 0 bytes
File I:\Samples (HD2)\VIP Zone\tribal\examples 0 bytes
File I:\Samples (HD2)\VIP Zone\tribal\examples\tribal+vinyl_loops.mp3 660692 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free 0 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\mixed_001_f1 (mixed 140 BPM filter type-1).wav 306688 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\mixed_099_f2 (mixed 140 BPM filter type-2).wav 306688 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\mixed_142 (mixed 140 BPM clean).wav 302798 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\mixed_158 (mixed 140 BPM clean).wav 302798 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\mixed_216_fx (140 BPM fx added).wav 302798 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\mixed_243_fx (140 BPM fx added).wav 302798 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\Percussion_128_85BPM (original tempo clean).wav 498286 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\Percussion_173_140BPM_f1 (140 BPM filter type-1).wav 151502 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\Percussion_219_90BPM (original tempo clean).wav 470606 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\Percussion_264_140BPM (140 BPM clean).wav 302798 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\Percussion_45_140BPM_f2 (140 BPM filter type-2).wav 151502 bytes
File I:\Samples (HD2)\VIP Zone\tribal\free\Percussion_4_107BPM_f1 (original tempo filtered).wav 198094 bytes
File I:\Samples (HD2)\VIP Zone\vinyl 0 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\examples 0 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\examples\loop1+bassline_included.mp3 670723 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\examples\loop2+bassline_included.mp3 534677 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\examples\loop3+bassline_included.mp3 665080 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\examples\vinyl_loops+leads.mp3 4183461 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free 0 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\bb13.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\dl_009_nokick.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\dl_016_nokick.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\dl_057_nokick.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\dl_245.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\dl_246.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\ultra_dl_105.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\ultra_dl_215.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\vinyl_dl_132.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\vinyl_dl_135.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\vinyl_hh02.wav 302618 bytes
File I:\Samples (HD2)\VIP Zone\vinyl\free\vinyl_perc08.wav 302618 bytes
File I:\Samples (HD2)\Weird Stuff\Africa 0 bytes
File I:\Samples (HD2)\Weird Stuff\Africa\africa1.wav 914536 bytes
File I:\Samples (HD2)\Weird Stuff\Africa\africa2.wav 459848 bytes
File I:\Samples (HD2)\Weird Stuff\Africa\africa3.wav 916724 bytes
File I:\Samples (HD2)\Weird Stuff\Africa\africa4.wav 913804 bytes
File I:\Samples (HD2)\Weird Stuff\Africa\africa5.wav 916728 bytes
File I:\Samples (HD2)\Weird Stuff\Africa\africa6.wav 1148816 bytes
File I:\Samples (HD2)\Weird Stuff\Africa\africa7.wav 347448 bytes
File I:\Samples (HD2)\Weird Stuff\Alchemist Kick 8edit.wav 15578 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker 0 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\angel1.wav 305116 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\angel2.wav 298624 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\angel3.wav 615052 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\angel4.wav 290512 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\angel5.wav 1140004 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\angel6.wav 1134328 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\angel7.wav 2262112 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\beensolong1.wav 1077052 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\beensolong2.wav 190152 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\beensolong3.wav 359304 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\beensolong4.wav 133508 bytes
File I:\Samples (HD2)\Weird Stuff\Anita Baker\beensolong5.wav 131952 bytes
File I:\Samples (HD2)\Weird Stuff\ascent1.wav 2519488 bytes
File I:\Samples (HD2)\Weird Stuff\ask_not.mp3 134164 bytes
File I:\Samples (HD2)\Weird Stuff\Band On the Run 0 bytes
File I:\Samples (HD2)\Weird Stuff\Band On the Run\bandontherun1.wav 1041112 bytes
File I:\Samples (HD2)\Weird Stuff\Band On the Run\bandontherun2.wav 1036444 bytes
File I:\Samples (HD2)\Weird Stuff\Band On the Run\bandontherun3.wav 2037836 bytes
File I:\Samples (HD2)\Weird Stuff\Band On the Run\bandontherun4.wav 517468 bytes
File I:\Samples (HD2)\Weird Stuff\bettina.wav 1767452 bytes
File I:\Samples (HD2)\Weird Stuff\bettinab.wav 7052 bytes
File I:\Samples (HD2)\Weird Stuff\Bill Cosby 0 bytes
File I:\Samples (HD2)\Weird Stuff\Bill Cosby\noonecanlove1.wav 283160 bytes
File I:\Samples (HD2)\Weird Stuff\Bill Cosby\noonecanlove2.wav 2217192 bytes
File I:\Samples (HD2)\Weird Stuff\Bill Cosby\noonecanlove3.wav 1669020 bytes
File I:\Samples (HD2)\Weird Stuff\Bill Cosby\noonecanlove4.wav 1109784 bytes
File I:\Samples (HD2)\Weird Stuff\Bill Cosby\noonecanlove5.wav 199272 bytes
File I:\Samples (HD2)\Weird Stuff\Bill Cosby\noonecanlove6.wav 1948056 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland 0 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland\birdland1.wav 209772 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland\birdland2.wav 206216 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland\birdland3.wav 206212 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland\birdland4.wav 202660 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland\birdland5.wav 266644 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland\birdland6.wav 1133984 bytes
File I:\Samples (HD2)\Weird Stuff\Birdland\birdland7.wav 913596 bytes
File I:\Samples (HD2)\Weird Stuff\cafedelspain.wav 1297746 bytes
File I:\Samples (HD2)\Weird Stuff\clairdelune1.wav 438624 bytes
File I:\Samples (HD2)\Weird Stuff\clairdelune2.wav 474188 bytes
File I:\Samples (HD2)\Weird Stuff\Claude Denjean 0 bytes
File I:\Samples (HD2)\Weird Stuff\Claude Denjean\kissthis1.wav 817044 bytes
File I:\Samples (HD2)\Weird Stuff\Claude Denjean\kissthis2.wav 825052 bytes
File I:\Samples (HD2)\Weird Stuff\Claude Denjean\kissthis3.wav 821852 bytes
File I:\Samples (HD2)\Weird Stuff\Claude Denjean\kissthis4.wav 1657384 bytes
File I:\Samples (HD2)\Weird Stuff\Claude Denjean\kissthis5.wav 1666536 bytes
File I:\Samples (HD2)\Weird Stuff\Claude Denjean\kissthis6.wav 85612 bytes
File I:\Samples (HD2)\Weird Stuff\Connors 0 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner13.wav 147572 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner5.wav 99524 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner.wav 180736 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner1.wav 793868 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner10.wav 70424 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner11.wav 70424 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner12.wav 22376 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner14.wav 46740 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner15.wav 392560 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner16.wav 390528 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner17.wav 167880 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner18.wav 236908 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner19.wav 69072 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner2.wav 330296 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner20.wav 70424 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner21.wav 48772 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner22.wav 98852 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner23.wav 97496 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner24.wav 96144 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner25.wav 140128 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner3.wav 88020 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner4.wav 87344 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner6.wav 84636 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner7.wav 61628 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner8.wav 145544 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\lovesinyourcorner9.wav 443992 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix1.wav 627500 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix10.wav 306532 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix11.wav 887004 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix2.wav 691456 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix3.wav 1280296 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix4.wav 632328 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix5.wav 623880 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix6.wav 1274264 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix7.wav 38656 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix8.wav 123124 bytes
File I:\Samples (HD2)\Weird Stuff\Connors\phoenix9.wav 152084 bytes
File I:\Samples (HD2)\Weird Stuff\Cosby 0 bytes
File I:\Samples (HD2)\Weird Stuff\Cosby\grover1.wav 1381636 bytes
File I:\Samples (HD2)\Weird Stuff\Cosby\grover2.wav 963436 bytes
File I:\Samples (HD2)\Weird Stuff\Cosby\grover3.wav 949204 bytes
File I:\Samples (HD2)\Weird Stuff\Cosby\grover4.wav 211332 bytes
File I:\Samples (HD2)\Weird Stuff\Cosby\grover5.wav 1899456 bytes
File I:\Samples (HD2)\Weird Stuff\Cosby\grover6.wav 1844720 bytes
File I:\Samples (HD2)\Weird Stuff\crowdcheer1.wav 1693812 bytes
File I:\Samples (HD2)\Weird Stuff\crowdcheer2.wav 1065416 bytes
File I:\Samples (HD2)\Weird Stuff\crowdcheer3.wav 836652 bytes
File I:\Samples (HD2)\Weird Stuff\hey2.wav 45976 bytes
File I:\Samples (HD2)\Weird Stuff\how.wav 1067000 bytes
File I:\Samples (HD2)\Weird Stuff\how2.wav 1067560 bytes
File I:\Samples (HD2)\Weird Stuff\howdoyousleep.wav 1968472 bytes
File I:\Samples (HD2)\Weird Stuff\howdoyousleep2.wav 656740 bytes
File I:\Samples (HD2)\Weird Stuff\howdoyousleep2b.wav 312568 bytes
File I:\Samples (HD2)\Weird Stuff\howdoyousleep3.wav 1956804 bytes
File I:\Samples (HD2)\Weird Stuff\howdoyousleep4.wav 3256868 bytes
File I:\Samples (HD2)\Weird Stuff\icallmybabypussycat.wav 1228816 bytes
File I:\Samples (HD2)\Weird Stuff\Insensatez 0 bytes
File I:\Samples (HD2)\Weird Stuff\Insensatez\insensatez1.wav 739964 bytes
File I:\Samples (HD2)\Weird Stuff\Insensatez\insensatez2.wav 739964 bytes
File I:\Samples (HD2)\Weird Stuff\Insensatez\insensatez3.wav 708552 bytes
File I:\Samples (HD2)\Weird Stuff\Insensatez\insensatez4.wav 759160 bytes
File I:\Samples (HD2)\Weird Stuff\n64kid.sfk 13680 bytes
File I:\Samples (HD2)\Weird Stuff\n64kid.wav 5229850 bytes
File I:\Samples (HD2)\Weird Stuff\n64kidloud.wav 3504920 bytes
File I:\Samples (HD2)\Weird Stuff\neebsplayspiano.wav 1082088 bytes
File I:\Samples (HD2)\Weird Stuff\New Beginnings 0 bytes
File I:\Samples (HD2)\Weird Stuff\New Beginnings\newbeginnings1.wav 1924824 bytes
File I:\Samples (HD2)\Weird Stuff\New Beginnings\newbeginnings2.wav 1667896 bytes
File I:\Samples (HD2)\Weird Stuff\newkindoflove.wav 780508 bytes
File I:\Samples (HD2)\Weird Stuff\nixonracism.sfk 55108 bytes
File I:\Samples (HD2)\Weird Stuff\nixonracism.wav 21139228 bytes
File I:\Samples (HD2)\Weird Stuff\Other 0 bytes
File I:\Samples (HD2)\Weird Stuff\Other\other001.wav 941356 bytes
File I:\Samples (HD2)\Weird Stuff\Other\other002.wav 665572 bytes
File I:\Samples (HD2)\Weird Stuff\Other\other003.wav 639916 bytes
File I:\Samples (HD2)\Weird Stuff\Other\other004.wav 258368 bytes
File I:\Samples (HD2)\Weird Stuff\Other\other005.wav 401532 bytes
File I:\Samples (HD2)\Weird Stuff\Other\other006.wav 164996 bytes
File I:\Samples (HD2)\Weird Stuff\Palladium 0 bytes
File I:\Samples (HD2)\Weird Stuff\Palladium\palladium1.wav 1558964 bytes
File I:\Samples (HD2)\Weird Stuff\Palladium\palladium2.wav 1716764 bytes
File I:\Samples (HD2)\Weird Stuff\getback.mp3 267493 bytes
File I:\Samples (HD2)\Weird Stuff\getback.wav 2937752 bytes
File I:\Samples (HD2)\Weird Stuff\giveyouup1.wav 1500924 bytes
File I:\Samples (HD2)\Weird Stuff\giveyouup2.wav 1491036 bytes
File I:\Samples (HD2)\Weird Stuff\giveyouup3.wav 3084172 bytes
File I:\Samples (HD2)\Weird Stuff\giveyouup4.wav 3084176 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up 0 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\imgivingup1.wav 747676 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\imgivingup2.wav 158744 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\imgivingup3.wav 454020 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\imgivingup4.wav 113944 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\imgivingup5.wav 99912 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\imgivingup6.wav 177100 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\imgivingup8.wav 86952 bytes
File I:\Samples (HD2)\Weird Stuff\Giving Up\mgivingup7.wav 92348 bytes
File I:\Samples (HD2)\Weird Stuff\Going In Circles 0 bytes
File I:\Samples (HD2)\Weird Stuff\Going In Circles\circles1.wav 2241480 bytes
File I:\Samples (HD2)\Weird Stuff\Going In Circles\circles2.wav 2192156 bytes
File I:\Samples (HD2)\Weird Stuff\Going In Circles\circles3.wav 533356 bytes
File I:\Samples (HD2)\Weird Stuff\Going In Circles\circles4.wav 436772 bytes
File I:\Samples (HD2)\Weird Stuff\Going In Circles\circles5.wav 432284 bytes
File I:\Samples (HD2)\Weird Stuff\gong1.wav 635412 bytes
File I:\Samples (HD2)\Weird Stuff\gong2.wav 627918 bytes
File I:\Samples (HD2)\Weird Stuff\gong3.wav 151756 bytes
File I:\Samples (HD2)\Weird Stuff\goose1.wav 324180 bytes
File I:\Samples (HD2)\Weird Stuff\Guitar 0 bytes
File I:\Samples (HD2)\Weird Stuff\Guitar\guitar001.wav 392652 bytes
File I:\Samples (HD2)\Weird Stuff\gunshots.mp3 78755 bytes
File I:\Samples (HD2)\Weird Stuff\headtotoe1.wav 752028 bytes
File I:\Samples (HD2)\Weird Stuff\headtotoe2.wav 1491980 bytes
File I:\Samples (HD2)\Weird Stuff\headtotoe3.wav 1479952 bytes
File I:\Samples (HD2)\Weird Stuff\Hero 0 bytes
File I:\Samples (HD2)\Weird Stuff\Hero\ahah.wav 497324 bytes
File I:\Samples (HD2)\Weird Stuff\Hero\needahero1.wav 393004 bytes
File I:\Samples (HD2)\Weird Stuff\Hero\needahero2.wav 347792 bytes
File I:\Samples (HD2)\Weird Stuff\Hero\needahero3.wav 368656 bytes
File I:\Samples (HD2)\Weird Stuff\Hero\ooh1.wav 292156 bytes
File I:\Samples (HD2)\Weird Stuff\Hero\ooh2.wav 274768 bytes
File I:\Samples (HD2)\Weird Stuff\Hero\ooh3.wav 295632 bytes
File I:\Samples (HD2)\Weird Stuff\spinners1.wav 862140 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs 0 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab01.wav 221780 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab02.wav 104876 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab03.wav 93644 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab04.wav 181512 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab05.wav 337056 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab06.wav 290392 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab07.wav 450576 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab08.wav 2150084 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab09.wav 253160 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab10.wav 258932 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab11.wav 259896 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab12.wav 104948 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab13.wav 137668 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab14.wav 127084 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab15.wav 880656 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab16.wav 128368 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab17.wav 75088 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab18.wav 69928 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab19.wav 255612 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab20.wav 232564 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab21.wav 199784 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab22.wav 193640 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab23.wav 118864 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab24.wav 190568 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab25.wav 158812 bytes
File I:\Samples (HD2)\Weird Stuff\Stabs\stab26.wav 273536 bytes
File I:\Samples (HD2)\Weird Stuff\Strings 0 bytes
File I:\Samples (HD2)\Weird Stuff\Strings\strings001.wav 314160 bytes
File I:\Samples (HD2)\Weird Stuff\Strings\strings002.wav 621772 bytes
File I:\Samples (HD2)\Weird Stuff\sweetcaroline.mp3 271314 bytes
File I:\Samples (HD2)\Weird Stuff\Talk Talk 0 bytes
File I:\Samples (HD2)\Weird Stuff\Talk Talk\taphead1.wav 2889836 bytes
File I:\Samples (HD2)\Weird Stuff\Talk Talk\taphead2.wav 13313132 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass 0 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\cantlive1.wav 1259720 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\cantlive2.wav 1234844 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\cantlive3.wav 87988 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon1.wav 179648 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon10.wav 520480 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon11.wav 92228 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon12.wav 153792 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon13.wav 467572 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon2.wav 89844 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon3.wav 91208 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon4.wav 93928 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon5.wav 91884 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon6.wav 91208 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon7.wav 89164 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon8.wav 103792 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\keepon9.wav 65352 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou1.wav 231364 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou10.wav 275276 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou11.wav 455192 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou12.wav 230340 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou13.wav 690220 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou2.wav 344884 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou3.wav 97496 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou4.wav 323468 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou5.wav 77152 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou6.wav 130696 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou7.wav 94284 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou8.wav 76080 bytes
File I:\Samples (HD2)\Weird Stuff\Teddy Pendergrass\lovingyou9.wav 274204 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice 0 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice\thatsnice1.wav 449180 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice\thatsnice2.wav 225282 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice\thatsnice4.wav 448508 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice\thatsnicechop1.wav 114012 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice\thatsnicechop2.wav 114008 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice\thatsnicechop3.wav 113928 bytes
File I:\Samples (HD2)\Weird Stuff\That's Nice\thatsnicechop4.wav 114012 bytes
File I:\Samples (HD2)\Weird Stuff\thedreamer.wav 2091040 bytes
File I:\Samples (HD2)\Weird Stuff\underdog.wav 354812 bytes
File I:\Samples (HD2)\Weird Stuff\underdog2.wav 993396 bytes
File I:\Samples (HD2)\Weird Stuff\underdog3.wav 1669824 bytes
File I:\Samples (HD2)\Weird Stuff\voyager.wav 1410232 bytes
File I:\Samples (HD2)\Weird Stuff\weakandpowerless.wav 533572 bytes
File I:\Samples (HD2)\Weird Stuff\whatmore2.wav 271696 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are 0 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare1.wav 122260 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare2.wav 952720 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare3.wav 119128 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare4.wav 90924 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare5.wav 117564 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare6.wav 122264 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare7.wav 90924 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare8.wav 120696 bytes
File I:\Samples (HD2)\Weird Stuff\Where You Are\whereyouare9.wav 120696 bytes
File I:\Samples (HD2)\Weird Stuff\gametap2.wav 3955806 bytes
File I:\Samples (HD2)\Weird Stuff\hey1.wav 46220 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio1.wav 453332 bytes
File I:\Samples (HD2)\Weird Stuff\somevelvetmorning2.mp3 123922 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel 0 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet1.wav 2503936 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet10.wav 1176848 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet11.wav 4788772 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet12.wav 550236 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet13.wav 538776 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet14.wav 227676 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet2.wav 289152 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet3.wav 287876 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet4.wav 281508 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet5.wav 295516 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet6.wav 305704 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet7.wav 295516 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet8.wav 577620 bytes
File I:\Samples (HD2)\Weird Stuff\Dexter Wansel\prophet9.wav 1201044 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu 0 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\Didje_readme.txt 573 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\Digeridu.exs 724 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\LoopDidje1.wav 717744 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\LoopDidje2.wav 541232 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\LoopDidje3.wav 250408 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\LoopDidje4.wav 148712 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\LoopDidje5.wav 302182 bytes
File I:\Samples (HD2)\Weird Stuff\Digeridu\LoopDidje6.wav 283110 bytes
File I:\Samples (HD2)\Weird Stuff\Distortions 0 bytes
File I:\Samples (HD2)\Weird Stuff\Distortions\toos1a.wav 1943332 bytes
File I:\Samples (HD2)\Weird Stuff\Distortions\toos1b.wav 1833244 bytes
File I:\Samples (HD2)\Weird Stuff\dontletthishappen.wav 1453616 bytes
File I:\Samples (HD2)\Weird Stuff\drfunkenstein.wav 498720 bytes
File I:\Samples (HD2)\Weird Stuff\drfunkensteinb.wav 465630 bytes
File I:\Samples (HD2)\Weird Stuff\drfunkensteinc.wav 117734 bytes
File I:\Samples (HD2)\Weird Stuff\Drums 0 bytes
File I:\Samples (HD2)\Weird Stuff\Drums\introgood.wav 366936 bytes
File I:\Samples (HD2)\Weird Stuff\Drums\roll2.wav 116816 bytes
File I:\Samples (HD2)\Weird Stuff\Drums\rollhit.wav 559748 bytes
File I:\Samples (HD2)\Weird Stuff\Edwin Star 0 bytes
File I:\Samples (HD2)\Weird Stuff\Edwin Star\thereyougo1.wav 117292 bytes
File I:\Samples (HD2)\Weird Stuff\Edwin Star\thereyougo2.wav 583088 bytes
File I:\Samples (HD2)\Weird Stuff\Edwin Star\thereyougo3.wav 575788 bytes
File I:\Samples (HD2)\Weird Stuff\Edwin Star\thereyougo4.wav 1165676 bytes
File I:\Samples (HD2)\Weird Stuff\Edwin Star\thereyougo5.wav 1163852 bytes
File I:\Samples (HD2)\Weird Stuff\electricsurfboard1.wav 2235832 bytes
File I:\Samples (HD2)\Weird Stuff\electricsurfboard2.wav 2198980 bytes
File I:\Samples (HD2)\Weird Stuff\electricsurfboard3.wav 2131416 bytes
File I:\Samples (HD2)\Weird Stuff\gametap.sfk 25152 bytes
File I:\Samples (HD2)\Weird Stuff\gametap.wav 9635836 bytes
File I:\Samples (HD2)\Weird Stuff\perfectangel.wav 1957816 bytes
File I:\Samples (HD2)\Weird Stuff\perfectangel2.wav 96940 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman 0 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood3.wav 1227220 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\cantlive1.wav 1634880 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\cantlive2.wav 764340 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\cantlive3.wav 757456 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\cantlive4.wav 764344 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\cantlive5.wav 873036 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove1.wav 183228 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove2.wav 730536 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove3.wav 723792 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove4.wav 734468 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove5.wav 726604 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove6.wav 404624 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove7.wav 719860 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove8.wav 1439112 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\howtolove9.wav 1437988 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood1.wav 262420 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood2.wav 1234840 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood4.wav 554056 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood5.wav 324896 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood6.wav 158508 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood7.wav 120108 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood8.wav 316364 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\lovetoogood9.wav 76532 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow1.wav 284696 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow10.wav 550980 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow11.wav 144284 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow12.wav 133956 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow13.wav 356624 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow14.wav 293112 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow2.wav 1153192 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow3.wav 1155488 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow4.wav 1144776 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow5.wav 1148220 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow6.wav 353180 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow7.wav 200908 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow8.wav 126300 bytes
File I:\Samples (HD2)\Weird Stuff\Phyllis Hyman\youknow9.wav 342852 bytes
File I:\Samples (HD2)\Weird Stuff\Piano 0 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano001.wav 186612 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano002.wav 242988 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano003.wav 384456 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano004 - Part_1.wav 332012 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano004 - Part_2.wav 236972 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano004 - Part_3.wav 362284 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano004 - Part_4.wav 420436 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano004.wav 727452 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano005.wav 222504 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano006.wav 130696 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano007.wav 247220 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano008.wav 81260 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano009.wav 314312 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano010.wav 169536 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano011.wav 146840 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano012.wav 431228 bytes
File I:\Samples (HD2)\Weird Stuff\Piano\piano013.wav 272912 bytes
File I:\Samples (HD2)\Weird Stuff\Reasons 0 bytes
File I:\Samples (HD2)\Weird Stuff\Reasons\reasons1.wav 1032888 bytes
File I:\Samples (HD2)\Weird Stuff\Reasons\reasons2.wav 1014352 bytes
File I:\Samples (HD2)\Weird Stuff\Reasons\reasons3.wav 2046168 bytes
File I:\Samples (HD2)\Weird Stuff\Reasons\reasons4.wav 2062532 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers 0 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark2.wav 105296 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun3.wav 798496 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\brooklyn1.wav 795652 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\brooklyn2.wav 943148 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\brooklyn3.wav 1782336 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\brooklyn4.wav 896220 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\brooklyn5.wav 630272 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\brooklyn6.wav 840348 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark1.wav 150160 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark10.wav 93508 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark11.wav 72800 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark12.wav 134056 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark13.wav 299556 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun4.wav 725592 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun5.wav 489532 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun6.wav 221064 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun7.wav 1015760 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun8.wav 533504 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovewillbring1.wav 802544 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovewillbring2.wav 803424 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\runningaway1.wav 743104 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\runningaway2.wav 732796 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\runningaway3.wav 527708 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\runningaway4.wav 730740 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark3.wav 99548 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark4.wav 202500 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark5.wav 132904 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark6.wav 109612 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark7.wav 262316 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark8.wav 179492 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\ftdupontpark9.wav 102424 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun1.wav 1071592 bytes
File I:\Samples (HD2)\Weird Stuff\Roy Ayers\lovesthesun2.wav 1058864 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus 0 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus\atmidnight1.wav 667508 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus\atmidnight2.wav 309200 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus\atmidnight3.wav 384872 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus\atmidnight4.wav 682388 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus\atmidnight5.wav 92532 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus\atmidnight6.wav 256164 bytes
File I:\Samples (HD2)\Weird Stuff\Rufus\atmidnight7.wav 123576 bytes
File I:\Samples (HD2)\Weird Stuff\saturdaynightspecial1.wav 889552 bytes
File I:\Samples (HD2)\Weird Stuff\saw.wav 333994 bytes
File I:\Samples (HD2)\Weird Stuff\saw2.sfk 15140 bytes
File I:\Samples (HD2)\Weird Stuff\saw2.wav 5789372 bytes
File I:\Samples (HD2)\Weird Stuff\September 0 bytes
File I:\Samples (HD2)\Weird Stuff\September\september1.wav 708916 bytes
File I:\Samples (HD2)\Weird Stuff\September\september2.wav 703564 bytes
File I:\Samples (HD2)\Weird Stuff\September\september3.wav 690176 bytes
File I:\Samples (HD2)\Weird Stuff\September\september4.wav 1230400 bytes
File I:\Samples (HD2)\Weird Stuff\smoke.wav 1010772 bytes
File I:\Samples (HD2)\Weird Stuff\sohardguitar.wav 373748 bytes
File I:\Samples (HD2)\Weird Stuff\somevelvetmorning.mp3 123976 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio10.wav 163622 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio2.wav 932520 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio3.wav 871464 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio4.wav 864064 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio5.wav 1692928 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio6.wav 3342340 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio7.wav 938072 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio8.wav 362676 bytes
File I:\Samples (HD2)\Weird Stuff\janitizio9.wav 3339234 bytes
File I:\Samples (HD2)\Weird Stuff\lifeisahighway.wav 1601740 bytes
File I:\Samples (HD2)\Weird Stuff\likeiloveyou1.wav 244708 bytes
File I:\Samples (HD2)\Weird Stuff\likeiloveyou2.wav 196772 bytes
File I:\Samples (HD2)\Weird Stuff\Love Love Love 0 bytes
File I:\Samples (HD2)\Weird Stuff\Love Love Love\lovelovelove1.wav 1842172 bytes
File I:\Samples (HD2)\Weird Stuff\Love Love Love\lovelovelove2.wav 1813648 bytes
File I:\Samples (HD2)\Weird Stuff\Love Love Love\lovelovelove3.wav 904808 bytes
File I:\Samples (HD2)\Weird Stuff\Love Love Love\lovelovelove3chop.wav 481548 bytes
File I:\Samples (HD2)\Weird Stuff\lovefoolosophy1.wav 1348072 bytes
File I:\Samples (HD2)\Weird Stuff\lullabychorus.wav 8697272 bytes
File I:\Samples (HD2)\Weird Stuff\lullabyintro.wav 2078676 bytes
File I:\Samples (HD2)\Weird Stuff\lullabyla.wav 3410048 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd1.aif 17450 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd1.aif.sfk 100 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd1.wav 17432 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd2.aif 17088 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd2.aif.sfk 100 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd2.wav 17070 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd3.aif 18154 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd3.aif.sfk 100 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd3.wav 18136 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd4.aif 18012 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd4.aif.sfk 100 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd4.wav 17994 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd5.aif 26534 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd5.aif.sfk 116 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd5.wav 26516 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd6.aif 28322 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd6.aif.sfk 120 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd6.wav 28304 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd7.aif 28436 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd7.aif.sfk 120 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\2BASSDRUM folder\bd7.wav 28418 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal1.aif 52990 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal1.aif.sfk 168 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal1.wav 52972 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal2.aif 68068 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal2.aif.sfk 200 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal2.wav 68050 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal3.aif 84314 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal3.aif.sfk 232 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal3.wav 84296 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal4.aif 84332 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal4.aif.sfk 232 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal4.wav 84314 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal5.aif 84338 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal5.aif.sfk 232 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal5.wav 84320 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal6.aif 84324 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal6.aif.sfk 232 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal6.wav 84306 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal7.aif 84322 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal7.aif.sfk 232 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\CYMBAL folder\cymbal7.wav 84304 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat1.aif 84316 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat1.aif.sfk 232 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat1.wav 84298 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat2.aif 52712 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat2.aif.sfk 168 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat2.wav 52694 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat3.aif 44228 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat3.aif.sfk 152 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat3.wav 44210 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat4.aif 45412 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat4.aif.sfk 156 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat4.wav 45394 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat5.aif 43132 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat5.aif.sfk 152 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat5.wav 43114 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat6.aif 53718 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat6.aif.sfk 172 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat6.wav 53700 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat7.aif 59374 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat7.aif.sfk 180 bytes
File I:\Samples (HD2)\Hollowsun\drum\DRM1samplepack p2\HI-HAT folder\hi hat7.wav 59356 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX hat closed.wav 17700 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX cabasa hard.wav 17146 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX cabasa soft.wav 15818 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX clap.wav 29028 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX crash.wav 104590 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX drums.akp 6500 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX hat medium.wav 18226 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX hat open.wav 18920 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX kick hard.wav 6342 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX kick medium.wav 9218 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX kick soft.wav 8054 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX ride hard.wav 91002 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX ride soft.wav 68924 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX snare hard.wav 18530 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX snare medium.wav 18618 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX snare soft.wav 21446 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX tom high.wav 61420 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX tom low.wav 84584 bytes
File I:\Samples (HD2)\Hollowsun\drum\Oberheim DX\Oberheim DX tom medium.wav 66178 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 clap.wav.wav 14844 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 closedhat.wav.wav 14256 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 cowbell.wav.wav 14844 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 crash.wav.wav 115246 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 hi conga.wav.wav 11170 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 hi cowbell.wav.wav 14992 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 hi tom.wav.wav 29838 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 kick.wav.wav 7936 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 low conga.wav.wav 14992 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 low tom.wav.wav 30426 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 mid tom.wav.wav 32044 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 openhat.wav.wav 29398 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 ride.wav.wav 58798 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 sidestick.wav.wav 7494 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 snare.wav.wav 14844 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\505 timbale.wav.wav 29838 bytes
File I:\Samples (HD2)\Hollowsun\drum\505\Roland TR505.akp 5796 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\Acetone Rhythm Ace.akp 4740 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Cl Hat.wav 4842 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Clave.wav 10376 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Cowbell.wav 21772 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Cymbal.wav 24618 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Guiro.wav 29458 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Hi Bongo.wav 8708 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Kick.wav 23536 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Lo Bongo.wav 10716 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Lo Conga.wav 15088 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Maracas.wav 3890 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Rim.wav 938 bytes
File I:\Samples (HD2)\Hollowsun\drum\Acetone Rhythm Ace\RA Snare.wav 10504 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 BRASS SNR 1.wav 33936 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\Alesis HR16.akp 17764 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 10-DBL TOM.wav 56720 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 10-TOM 1.wav 72720 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 14-DBL TOM.wav 86672 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 16-TOM 1.wav 72848 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 20 SWIFT KIK.wav 18576 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 22 60 KIK.wav 16528 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 22 DBLHD KIK.wav 30480 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 22 DBLHD-KIK.wav 34576 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 22 DEEP KIK.wav 40464 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 22 GATED KIK.wav 40464 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 22 POWER KIK.wav 10512 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 24 POWER KIK.wav 27280 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 AGOGO.wav 20112 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 CLAVE.wav 5106 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 COWBELL.wav 23740 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 CRASH CYM.wav 160016 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 ELECT TOM.wav 40848 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 ELECTRO KIK1.wav 14608 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 ELECTRO KIK2.wav 26512 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 ELECTSNR 1.wav 24592 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 FOOT HAT.wav 16784 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 GATE SNR 1.wav 40464 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 H CONGA.wav 60944 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 HAT A.wav 16656 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 L CONGA.wav 66832 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 MED HAT.wav 36752 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 OPN HAT.wav 66704 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 RIDE CYMB.wav 52806 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 RIDE-BELL.wav 49602 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 RIM.wav 22288 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 SHAKER.wav 18960 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 STICK.wav 16656 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 TIMBALE.wav 55056 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 W BLOCK1.wav 12944 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 W BLOCK2.wav 23056 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 WOOD SNR 1.wav 34576 bytes
File I:\Samples (HD2)\Hollowsun\drum\Alesis HR16\HR16 WOOD SNR 2.wav 40592 bytes

---- EOF - GMER 1.0.15 ----


Thanks!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 12 January 2010 - 10:02 AM

Hello pringles06,

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


I notice the presence of RegCure Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html


COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 pringles06

pringles06
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 13 January 2010 - 12:10 AM

ComboFix log:

ComboFix 10-01-12.04 - Cole 01/12/2010 23:25:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.123 [GMT -5:00]
Running from: i:\documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\4974339.exe
c:\documents and settings\Cole\Application Data\drvcleaner.exe
c:\documents and settings\Cole\Application Data\errsafer.exe
c:\documents and settings\Cole\Application Data\Install.dat
c:\documents and settings\Cole\Start Menu\Programs\Startup\Scheduler.lnk
c:\progra~1\AWS\WEATHE~1\MINIbu~1.dll
c:\progra~1\COMMON~1\{88707~1
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\program files\INSTALL.LOG
c:\program files\WinBudget
c:\program files\WinBudget\bin\crap.1187453986.old
c:\program files\WinBudget\bin\crap.1191434837.old
c:\program files\WinBudget\bin\matrix.dll.1189092945.old
c:\recycler\S-1-5-21-524218953-3970292298-1057702091-1003
C:\sstray.exe
c:\windows\4974339.exe
c:\windows\BackUp
c:\windows\patch.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\sstray.exe
c:\windows\system32\wnststr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLE_MOBILE_DEVICE
-------\Legacy_IPRIP
-------\Service_Apple Mobile Device
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- C:\spoolerlogs
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\Cole\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\PACE Anti-Piracy
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\InterLok
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\documents and settings\Cole\Application Data\Antares
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32 . 2010-01-11 22:32 -------- d-----w- c:\documents and settings\Cole\Application Data\SynthMaker
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 18:39 . 2010-01-07 18:42 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Temp
2010-01-07 15:24 . 2010-01-07 15:24 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53 . 2007-11-13 17:31 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53 . 2007-11-14 21:20 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53 . 2007-11-14 21:20 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53 . 2007-11-14 21:20 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53 . 2006-08-16 12:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53 . 2006-08-16 12:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53 . 2010-01-06 15:53 -------- d-----w- c:\program files\M-Audio
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\documents and settings\Cole\Application Data\InstallShield
2010-01-06 03:01 . 2010-01-06 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 14:14 . 2010-01-05 14:15 -------- dc-h--w- c:\windows\ie8
2010-01-05 04:31 . 2010-01-05 04:31 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07 . 2010-01-05 02:07 -------- d-----w- c:\program files\SoulseekNS
2010-01-05 01:02 . 2010-01-05 01:02 -------- d-sh--w- c:\documents and settings\Cole\IECompatCache
2010-01-05 01:01 . 2010-01-05 01:01 -------- d-sh--w- c:\documents and settings\Cole\PrivacIE
2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11 . 2010-01-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10 . 2010-01-01 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-01 15:08 . 2010-01-01 15:08 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 15:06 . 2010-01-01 15:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 09:33 . 2010-01-01 09:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47 . 2009-12-31 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 14:47 . 2010-01-05 02:27 -------- d-----w- c:\program files\RegCure
2009-12-31 14:37 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 14:34 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31 . 2003-03-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-12-31 14:29 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19 . 2009-12-31 14:19 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19 . 2009-12-31 14:48 -------- d-----w- c:\program files\Registry Patrol
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22 . 2009-12-31 06:22 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Outsim
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Cole\IETldCache
2009-12-30 23:56 . 2010-01-05 05:25 -------- d-----w- c:\windows\ie8updates
2009-12-30 23:49 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:49 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:48 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44 . 2010-01-05 01:30 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:24 . 2009-12-30 23:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04 . 2004-08-04 05:56 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:02 . 2004-08-04 05:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01 . 2004-08-04 05:56 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01 . 2004-08-04 05:56 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01 . 2004-08-04 05:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01 . 2004-08-04 05:56 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01 . 2004-08-04 05:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01 . 2004-08-04 05:56 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01 . 2004-08-04 05:56 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01 . 2010-01-01 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 22:55 . 2009-12-30 22:55 -------- d-----w- c:\windows\EHome
2009-12-30 19:44 . 2009-12-30 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43 . 2009-12-30 19:44 -------- d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35 . 2009-12-30 19:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44 . 2009-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 04:40 . 2007-10-22 18:36 -------- d-----w- c:\documents and settings\Cole\Application Data\uTorrent
2010-01-13 04:40 . 2006-12-20 09:13 10 ----a-w- c:\windows\popcinfo.dat
2010-01-06 15:53 . 2000-04-29 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:09 . 2004-05-31 23:02 -------- d-----w- c:\program files\Soulseek
2010-01-05 02:00 . 2004-05-31 16:41 -------- d-----w- c:\program files\MA311 PCI Adapter Configuration Utility
2010-01-04 17:01 . 2004-10-11 00:26 -------- d-----w- c:\documents and settings\Cole\Application Data\Skype
2010-01-04 05:49 . 2004-06-01 02:27 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
2010-01-01 15:13 . 2004-06-01 02:26 -------- d-----w- c:\program files\iTunes
2010-01-01 15:12 . 2005-10-11 14:06 -------- d-----w- c:\program files\iPod
2010-01-01 15:10 . 2006-07-17 01:21 -------- d-----w- c:\program files\QuickTime
2010-01-01 14:25 . 2004-06-13 14:17 -------- d-----w- c:\program files\Warcraft III
2010-01-01 14:23 . 2007-01-18 02:14 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
2010-01-01 14:14 . 2000-04-29 10:30 -------- d-----w- c:\program files\aim
2010-01-01 14:14 . 2006-10-11 12:18 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-01-01 14:12 . 2007-08-26 18:58 -------- d-----w- c:\program files\QuickVideo weeCam
2010-01-01 05:44 . 2000-04-29 11:01 -------- d-----w- c:\program files\BigFix
2009-12-31 14:07 . 2006-06-26 02:35 -------- d-----w- c:\program files\StepMania
2009-12-31 14:07 . 2007-01-04 02:27 -------- d-----w- c:\program files\PartyGaming.Net
2009-12-31 14:07 . 2007-10-03 22:15 -------- d-----w- c:\program files\Project64 1.6
2009-12-31 05:02 . 2004-10-16 22:36 -------- d-----w- c:\program files\Image-Line
2009-12-30 23:52 . 2004-04-20 17:31 -------- d-----w- c:\program files\eMachines Bay Reader
2009-12-30 23:52 . 2000-04-29 10:48 -------- d-----w- c:\program files\Microsoft Works
2009-12-30 23:33 . 2004-06-05 19:00 47552 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 23:07 . 2000-04-29 10:03 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-30 19:35 . 2004-07-15 19:07 -------- d-----w- c:\program files\Java
2009-10-29 07:45 . 2005-10-21 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2009-12-30 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2009-12-30 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-12-30 23:03 263552 ----a-w- c:\windows\system32\drivers\http.sys
2004-11-19 02:42 . 2004-09-01 02:27 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42 . 2004-09-01 02:27 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2001-11-18 02:29 . 2004-09-01 02:27 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21 . 2004-09-01 02:27 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35 . 2004-09-01 02:27 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15 . 2004-09-01 02:27 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04 . 2004-09-01 02:27 3717 ----a-w- c:\program files\license.txt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2001-09-14 16:34 . 2004-11-19 02:41 684032 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

2000-04-29 10:30 . 2005-08-05 20:08 67160 c:\program files\aim\bak\aim.exe

2007-08-08 18:04 . 2004-11-19 03:41 684032 k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
2007-08-08 18:04 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

2007-08-08 18:05 . 2005-08-05 21:08 67160 k:\c\C backup\C\Program Files\aim\bak\aim.exe
2007-08-08 18:05 . 2006-08-01 22:35 67112 k:\c\C backup\C\Program Files\aim\aim.exe

2007-08-08 18:08 . 2005-10-11 17:02 180269 k:\c\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

2007-08-08 18:08 . 2004-11-19 03:42 73728 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

2007-08-08 18:08 . 2004-11-02 23:59 218240 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
2007-08-08 18:08 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

2007-08-08 18:10 . 2004-11-19 03:42 135168 k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
2007-08-08 18:10 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

2007-08-08 18:30 . 2006-06-14 22:24 278528 k:\c\C backup\C\Program Files\iTunes\bak\iTunesHelper.exe
2007-08-08 18:31 . 2009-11-12 21:33 141600 k:\c\C backup\C\Program Files\iTunes\iTunesHelper.exe

2007-08-08 18:31 . 2004-11-19 03:41 36864 k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe
2007-08-08 18:31 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

2007-08-08 18:35 . 2004-11-19 03:41 32768 k:\c\C backup\C\Program Files\Microsoft Works\bak\WkDetect.exe
2007-08-08 18:35 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Microsoft Works\WkDetect.exe

2007-08-08 18:42 . 2006-07-17 02:21 282624 k:\c\C backup\C\Program Files\QuickTime\bak\qttask.exe
2007-08-08 18:42 . 2009-11-11 04:08 417792 k:\c\C backup\C\Program Files\QuickTime\QTTask.exe

2007-08-08 19:07 . 2004-11-19 03:41 114688 k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
2007-08-08 19:07 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

2007-08-08 19:35 . 2004-08-27 05:43 56320 k:\c\C backup\C\WINDOWS\system32\bak\DeltTray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bhqfs"="c:\documents and settings\Cole\Application Data\??crosoft.NET\r?ndll32.exe" [?]
"Steam"="" [N/A]
"Usrr"="c:\docume~1\Cole\APPLIC~1\SCURIT~1\wuaclt.exe" [N/A]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-11-19 741376]
"nForce Tray Options"="sstray.exe" [N/A]
"CHotkey"="zHotkey.exe" [2004-11-19 496640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"DeltTray"="DeltTray.exe" [N/A]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"EarthLink Installer"="" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{88707C22-0828-1033-0330-040805030001}"="c:\program files\Common Files\{88707C22-0828-1033-0330-040805030001}\Update.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-31 113664]
Configuration Utility.lnk - c:\program files\MA311 PCI Adapter Configuration Utility\wlanutil.exe [2010-1-4 890368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
"Midi1"=usbmn1x1.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys [x]
R3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS [x]
R3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\Drivers\mscnr.sys [x]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2004-12-28 13504]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2004-12-28 22304]
S2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2001-04-14 188276]
S3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\DRIVERS\ma311n51.sys [2002-05-01 54784]

.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006Core.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006UA.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-12 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-13 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2000-04-29 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mightymarg.sectionz.com/
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{BD2E2BB5-9604-918D-7FE6-C39EFE4504CF} - c:\windows\System32\jvhvw.dll
BHO-{BD2E2BB5-9604-918D-7FE6-C39EFE4504CF} - c:\windows\System32\jvhvw.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 23:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 13 January 2010 - 02:21 AM

Please make sure you posted me the whole Combofix log, it should be longer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 pringles06

pringles06
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 13 January 2010 - 08:47 AM

oops. sorry!

ComboFix 10-01-12.04 - Cole 01/12/2010 23:25:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.123 [GMT -5:00]
Running from: i:\documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\4974339.exe
c:\documents and settings\Cole\Application Data\drvcleaner.exe
c:\documents and settings\Cole\Application Data\errsafer.exe
c:\documents and settings\Cole\Application Data\Install.dat
c:\documents and settings\Cole\Start Menu\Programs\Startup\Scheduler.lnk
c:\progra~1\AWS\WEATHE~1\MINIbu~1.dll
c:\progra~1\COMMON~1\{88707~1
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\program files\INSTALL.LOG
c:\program files\WinBudget
c:\program files\WinBudget\bin\crap.1187453986.old
c:\program files\WinBudget\bin\crap.1191434837.old
c:\program files\WinBudget\bin\matrix.dll.1189092945.old
c:\recycler\S-1-5-21-524218953-3970292298-1057702091-1003
C:\sstray.exe
c:\windows\4974339.exe
c:\windows\BackUp
c:\windows\patch.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\sstray.exe
c:\windows\system32\wnststr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLE_MOBILE_DEVICE
-------\Legacy_IPRIP
-------\Service_Apple Mobile Device
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- C:\spoolerlogs
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\Cole\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\PACE Anti-Piracy
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\InterLok
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\documents and settings\Cole\Application Data\Antares
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32 . 2010-01-11 22:32 -------- d-----w- c:\documents and settings\Cole\Application Data\SynthMaker
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 18:39 . 2010-01-07 18:42 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Temp
2010-01-07 15:24 . 2010-01-07 15:24 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53 . 2007-11-13 17:31 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53 . 2007-11-14 21:20 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53 . 2007-11-14 21:20 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53 . 2007-11-14 21:20 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53 . 2006-08-16 12:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53 . 2006-08-16 12:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53 . 2010-01-06 15:53 -------- d-----w- c:\program files\M-Audio
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\documents and settings\Cole\Application Data\InstallShield
2010-01-06 03:01 . 2010-01-06 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 14:14 . 2010-01-05 14:15 -------- dc-h--w- c:\windows\ie8
2010-01-05 04:31 . 2010-01-05 04:31 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07 . 2010-01-05 02:07 -------- d-----w- c:\program files\SoulseekNS
2010-01-05 01:02 . 2010-01-05 01:02 -------- d-sh--w- c:\documents and settings\Cole\IECompatCache
2010-01-05 01:01 . 2010-01-05 01:01 -------- d-sh--w- c:\documents and settings\Cole\PrivacIE
2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11 . 2010-01-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10 . 2010-01-01 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-01 15:08 . 2010-01-01 15:08 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 15:06 . 2010-01-01 15:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 09:33 . 2010-01-01 09:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47 . 2009-12-31 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 14:47 . 2010-01-05 02:27 -------- d-----w- c:\program files\RegCure
2009-12-31 14:37 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 14:34 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31 . 2003-03-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-12-31 14:29 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19 . 2009-12-31 14:19 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19 . 2009-12-31 14:48 -------- d-----w- c:\program files\Registry Patrol
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22 . 2009-12-31 06:22 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Outsim
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Cole\IETldCache
2009-12-30 23:56 . 2010-01-05 05:25 -------- d-----w- c:\windows\ie8updates
2009-12-30 23:49 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:49 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:48 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44 . 2010-01-05 01:30 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:24 . 2009-12-30 23:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04 . 2004-08-04 05:56 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:02 . 2004-08-04 05:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01 . 2004-08-04 05:56 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01 . 2004-08-04 05:56 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01 . 2004-08-04 05:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01 . 2004-08-04 05:56 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01 . 2004-08-04 05:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01 . 2004-08-04 05:56 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01 . 2004-08-04 05:56 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01 . 2010-01-01 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 22:55 . 2009-12-30 22:55 -------- d-----w- c:\windows\EHome
2009-12-30 19:44 . 2009-12-30 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43 . 2009-12-30 19:44 -------- d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35 . 2009-12-30 19:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44 . 2009-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 04:40 . 2007-10-22 18:36 -------- d-----w- c:\documents and settings\Cole\Application Data\uTorrent
2010-01-13 04:40 . 2006-12-20 09:13 10 ----a-w- c:\windows\popcinfo.dat
2010-01-06 15:53 . 2000-04-29 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:09 . 2004-05-31 23:02 -------- d-----w- c:\program files\Soulseek
2010-01-05 02:00 . 2004-05-31 16:41 -------- d-----w- c:\program files\MA311 PCI Adapter Configuration Utility
2010-01-04 17:01 . 2004-10-11 00:26 -------- d-----w- c:\documents and settings\Cole\Application Data\Skype
2010-01-04 05:49 . 2004-06-01 02:27 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
2010-01-01 15:13 . 2004-06-01 02:26 -------- d-----w- c:\program files\iTunes
2010-01-01 15:12 . 2005-10-11 14:06 -------- d-----w- c:\program files\iPod
2010-01-01 15:10 . 2006-07-17 01:21 -------- d-----w- c:\program files\QuickTime
2010-01-01 14:25 . 2004-06-13 14:17 -------- d-----w- c:\program files\Warcraft III
2010-01-01 14:23 . 2007-01-18 02:14 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
2010-01-01 14:14 . 2000-04-29 10:30 -------- d-----w- c:\program files\aim
2010-01-01 14:14 . 2006-10-11 12:18 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-01-01 14:12 . 2007-08-26 18:58 -------- d-----w- c:\program files\QuickVideo weeCam
2010-01-01 05:44 . 2000-04-29 11:01 -------- d-----w- c:\program files\BigFix
2009-12-31 14:07 . 2006-06-26 02:35 -------- d-----w- c:\program files\StepMania
2009-12-31 14:07 . 2007-01-04 02:27 -------- d-----w- c:\program files\PartyGaming.Net
2009-12-31 14:07 . 2007-10-03 22:15 -------- d-----w- c:\program files\Project64 1.6
2009-12-31 05:02 . 2004-10-16 22:36 -------- d-----w- c:\program files\Image-Line
2009-12-30 23:52 . 2004-04-20 17:31 -------- d-----w- c:\program files\eMachines Bay Reader
2009-12-30 23:52 . 2000-04-29 10:48 -------- d-----w- c:\program files\Microsoft Works
2009-12-30 23:33 . 2004-06-05 19:00 47552 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 23:07 . 2000-04-29 10:03 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-30 19:35 . 2004-07-15 19:07 -------- d-----w- c:\program files\Java
2009-10-29 07:45 . 2005-10-21 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2009-12-30 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2009-12-30 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-12-30 23:03 263552 ----a-w- c:\windows\system32\drivers\http.sys
2004-11-19 02:42 . 2004-09-01 02:27 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42 . 2004-09-01 02:27 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2001-11-18 02:29 . 2004-09-01 02:27 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21 . 2004-09-01 02:27 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35 . 2004-09-01 02:27 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15 . 2004-09-01 02:27 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04 . 2004-09-01 02:27 3717 ----a-w- c:\program files\license.txt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2001-09-14 16:34 . 2004-11-19 02:41 684032 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

2000-04-29 10:30 . 2005-08-05 20:08 67160 c:\program files\aim\bak\aim.exe

2007-08-08 18:04 . 2004-11-19 03:41 684032 k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
2007-08-08 18:04 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

2007-08-08 18:05 . 2005-08-05 21:08 67160 k:\c\C backup\C\Program Files\aim\bak\aim.exe
2007-08-08 18:05 . 2006-08-01 22:35 67112 k:\c\C backup\C\Program Files\aim\aim.exe

2007-08-08 18:08 . 2005-10-11 17:02 180269 k:\c\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

2007-08-08 18:08 . 2004-11-19 03:42 73728 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

2007-08-08 18:08 . 2004-11-02 23:59 218240 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
2007-08-08 18:08 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

2007-08-08 18:10 . 2004-11-19 03:42 135168 k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
2007-08-08 18:10 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

2007-08-08 18:30 . 2006-06-14 22:24 278528 k:\c\C backup\C\Program Files\iTunes\bak\iTunesHelper.exe
2007-08-08 18:31 . 2009-11-12 21:33 141600 k:\c\C backup\C\Program Files\iTunes\iTunesHelper.exe

2007-08-08 18:31 . 2004-11-19 03:41 36864 k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe
2007-08-08 18:31 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

2007-08-08 18:35 . 2004-11-19 03:41 32768 k:\c\C backup\C\Program Files\Microsoft Works\bak\WkDetect.exe
2007-08-08 18:35 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Microsoft Works\WkDetect.exe

2007-08-08 18:42 . 2006-07-17 02:21 282624 k:\c\C backup\C\Program Files\QuickTime\bak\qttask.exe
2007-08-08 18:42 . 2009-11-11 04:08 417792 k:\c\C backup\C\Program Files\QuickTime\QTTask.exe

2007-08-08 19:07 . 2004-11-19 03:41 114688 k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
2007-08-08 19:07 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

2007-08-08 19:35 . 2004-08-27 05:43 56320 k:\c\C backup\C\WINDOWS\system32\bak\DeltTray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bhqfs"="c:\documents and settings\Cole\Application Data\??crosoft.NET\r?ndll32.exe" [?]
"Steam"="" [N/A]
"Usrr"="c:\docume~1\Cole\APPLIC~1\SCURIT~1\wuaclt.exe" [N/A]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-11-19 741376]
"nForce Tray Options"="sstray.exe" [N/A]
"CHotkey"="zHotkey.exe" [2004-11-19 496640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"DeltTray"="DeltTray.exe" [N/A]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"EarthLink Installer"="" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{88707C22-0828-1033-0330-040805030001}"="c:\program files\Common Files\{88707C22-0828-1033-0330-040805030001}\Update.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-31 113664]
Configuration Utility.lnk - c:\program files\MA311 PCI Adapter Configuration Utility\wlanutil.exe [2010-1-4 890368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
"Midi1"=usbmn1x1.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys [x]
R3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS [x]
R3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\Drivers\mscnr.sys [x]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2004-12-28 13504]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2004-12-28 22304]
S2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2001-04-14 188276]
S3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\DRIVERS\ma311n51.sys [2002-05-01 54784]

.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006Core.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006UA.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-12 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-13 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2000-04-29 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mightymarg.sectionz.com/
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{BD2E2BB5-9604-918D-7FE6-C39EFE4504CF} - c:\windows\System32\jvhvw.dll
BHO-{BD2E2BB5-9604-918D-7FE6-C39EFE4504CF} - c:\windows\System32\jvhvw.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 23:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\windows\zHotkey.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-13 00:09:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 05:09

Pre-Run: 3,562,029,056 bytes free
Post-Run: 5,627,088,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 4BDAF4AC89130108AF39F4B29CE56BF7

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 13 January 2010 - 10:33 AM

Hello pringles06,
CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bhqfs"=-
"Usrr"=-

Folder::
c:\documents and settings\Cole\Application Data\??crosoft.NET
c:\docume~1\Cole\APPLIC~1\SCURIT~1
c:\program files\aim\bak
k:\c\C backup\C\Program Files\aim\bak
k:\c\C backup\C\Program Files\Common Files\Symantec Shared\bak
c:\program files\Adaptec\Easy CD Creator 5\DirectCD\bak
k:\c\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
k:\c\C backup\C\WINDOWS\system32\bak

AWF::
k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
k:\c\C backup\C\Program Files\iTunes\bak\iTunesHelper.exe
k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe
k:\c\C backup\C\Program Files\Microsoft Works\bak\WkDetect.exe
k:\c\C backup\C\Program Files\QuickTime\bak\qttask.exe
k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 pringles06

pringles06
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 13 January 2010 - 06:46 PM

ComboFix 10-01-13.07 - Cole 01/13/2010 17:38:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.155 [GMT -5:00]
Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cole\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Cole\APPLIC~1\SCURIT~1
c:\docume~1\Cole\APPLIC~1\SCURIT~1\SCURIT~1\ctxad-502.0000
c:\docume~1\Cole\APPLIC~1\SCURIT~1\SCURIT~1\ctxad-502.0001
c:\docume~1\Cole\APPLIC~1\SCURIT~1\SCURIT~1\ctxad-502.0002
c:\program files\Adaptec\Easy CD Creator 5\DirectCD\bak
c:\program files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
c:\program files\aim\bak
c:\program files\aim\bak\aim.exe
k:\c\C backup\C\Program Files\aim\bak
k:\c\C backup\C\Program Files\aim\bak\aim.exe
k:\c\C backup\C\Program Files\Common Files\Symantec Shared\bak
k:\c\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
k:\c\C backup\C\WINDOWS\system32\bak
k:\c\C backup\C\WINDOWS\system32\bak\DeltTray.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- C:\spoolerlogs
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\Cole\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\PACE Anti-Piracy
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\InterLok
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\documents and settings\Cole\Application Data\Antares
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32 . 2010-01-11 22:32 -------- d-----w- c:\documents and settings\Cole\Application Data\SynthMaker
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 18:39 . 2010-01-07 18:42 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Temp
2010-01-07 15:24 . 2010-01-07 15:24 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53 . 2007-11-13 17:31 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53 . 2007-11-14 21:20 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53 . 2007-11-14 21:20 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53 . 2007-11-14 21:20 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53 . 2006-08-16 12:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53 . 2006-08-16 12:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53 . 2010-01-06 15:53 -------- d-----w- c:\program files\M-Audio
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\documents and settings\Cole\Application Data\InstallShield
2010-01-06 03:01 . 2010-01-06 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 14:14 . 2010-01-05 14:15 -------- dc-h--w- c:\windows\ie8
2010-01-05 04:31 . 2010-01-05 04:31 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07 . 2010-01-05 02:07 -------- d-----w- c:\program files\SoulseekNS
2010-01-05 01:02 . 2010-01-05 01:02 -------- d-sh--w- c:\documents and settings\Cole\IECompatCache
2010-01-05 01:01 . 2010-01-05 01:01 -------- d-sh--w- c:\documents and settings\Cole\PrivacIE
2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11 . 2010-01-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10 . 2010-01-01 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-01 15:08 . 2010-01-01 15:08 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 15:06 . 2010-01-01 15:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 09:33 . 2010-01-01 09:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47 . 2009-12-31 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 14:47 . 2010-01-05 02:27 -------- d-----w- c:\program files\RegCure
2009-12-31 14:37 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 14:34 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31 . 2003-03-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-12-31 14:29 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19 . 2009-12-31 14:19 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19 . 2009-12-31 14:48 -------- d-----w- c:\program files\Registry Patrol
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22 . 2009-12-31 06:22 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Outsim
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Cole\IETldCache
2009-12-30 23:56 . 2010-01-05 05:25 -------- d-----w- c:\windows\ie8updates
2009-12-30 23:49 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:49 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:48 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44 . 2010-01-05 01:30 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:24 . 2009-12-30 23:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04 . 2004-08-04 05:56 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:02 . 2004-08-04 05:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01 . 2004-08-04 05:56 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01 . 2004-08-04 05:56 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01 . 2004-08-04 05:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01 . 2004-08-04 05:56 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01 . 2004-08-04 05:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01 . 2004-08-04 05:56 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01 . 2004-08-04 05:56 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01 . 2010-01-01 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 22:55 . 2009-12-30 22:55 -------- d-----w- c:\windows\EHome
2009-12-30 19:44 . 2009-12-30 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43 . 2009-12-30 19:44 -------- d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35 . 2009-12-30 19:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44 . 2009-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 22:50 . 2006-12-20 09:13 10 ----a-w- c:\windows\popcinfo.dat
2010-01-13 22:49 . 2000-04-29 10:30 -------- d-----w- c:\program files\aim
2010-01-13 22:13 . 2007-10-22 18:36 -------- d-----w- c:\documents and settings\Cole\Application Data\uTorrent
2010-01-06 15:53 . 2000-04-29 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:09 . 2004-05-31 23:02 -------- d-----w- c:\program files\Soulseek
2010-01-05 02:00 . 2004-05-31 16:41 -------- d-----w- c:\program files\MA311 PCI Adapter Configuration Utility
2010-01-04 17:01 . 2004-10-11 00:26 -------- d-----w- c:\documents and settings\Cole\Application Data\Skype
2010-01-04 05:49 . 2004-06-01 02:27 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
2010-01-01 15:13 . 2004-06-01 02:26 -------- d-----w- c:\program files\iTunes
2010-01-01 15:12 . 2005-10-11 14:06 -------- d-----w- c:\program files\iPod
2010-01-01 15:10 . 2006-07-17 01:21 -------- d-----w- c:\program files\QuickTime
2010-01-01 14:25 . 2004-06-13 14:17 -------- d-----w- c:\program files\Warcraft III
2010-01-01 14:23 . 2007-01-18 02:14 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
2010-01-01 14:14 . 2006-10-11 12:18 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-01-01 14:12 . 2007-08-26 18:58 -------- d-----w- c:\program files\QuickVideo weeCam
2010-01-01 05:44 . 2000-04-29 11:01 -------- d-----w- c:\program files\BigFix
2009-12-31 14:07 . 2006-06-26 02:35 -------- d-----w- c:\program files\StepMania
2009-12-31 14:07 . 2007-01-04 02:27 -------- d-----w- c:\program files\PartyGaming.Net
2009-12-31 14:07 . 2007-10-03 22:15 -------- d-----w- c:\program files\Project64 1.6
2009-12-31 05:02 . 2004-10-16 22:36 -------- d-----w- c:\program files\Image-Line
2009-12-30 23:52 . 2004-04-20 17:31 -------- d-----w- c:\program files\eMachines Bay Reader
2009-12-30 23:52 . 2000-04-29 10:48 -------- d-----w- c:\program files\Microsoft Works
2009-12-30 23:33 . 2004-06-05 19:00 47552 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 23:07 . 2000-04-29 10:03 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-30 19:35 . 2004-07-15 19:07 -------- d-----w- c:\program files\Java
2009-10-29 07:45 . 2005-10-21 18:51 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2009-12-30 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2009-12-30 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-12-30 23:03 263552 ----a-w- c:\windows\system32\drivers\http.sys
2004-11-19 02:42 . 2004-09-01 02:27 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42 . 2004-09-01 02:27 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2001-11-18 02:29 . 2004-09-01 02:27 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21 . 2004-09-01 02:27 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35 . 2004-09-01 02:27 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15 . 2004-09-01 02:27 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04 . 2004-09-01 02:27 3717 ----a-w- c:\program files\license.txt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-08 18:04 . 2004-11-19 03:41 684032 k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
2007-08-08 18:04 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

2007-08-08 18:08 . 2005-10-11 17:02 180269 k:\c\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

2007-08-08 18:08 . 2004-11-02 23:59 218240 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
2007-08-08 18:08 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

2007-08-08 18:10 . 2004-11-19 03:42 135168 k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
2007-08-08 18:10 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

2007-08-08 18:30 . 2006-06-14 22:24 278528 k:\c\C backup\C\Program Files\iTunes\bak\iTunesHelper.exe
2007-08-08 18:31 . 2009-11-12 21:33 141600 k:\c\C backup\C\Program Files\iTunes\iTunesHelper.exe

2007-08-08 18:31 . 2004-11-19 03:41 36864 k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe
2007-08-08 18:31 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

2007-08-08 18:35 . 2004-11-19 03:41 32768 k:\c\C backup\C\Program Files\Microsoft Works\bak\WkDetect.exe
2007-08-08 18:35 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Microsoft Works\WkDetect.exe

2007-08-08 18:42 . 2006-07-17 02:21 282624 k:\c\C backup\C\Program Files\QuickTime\bak\qttask.exe
2007-08-08 18:42 . 2009-11-11 04:08 417792 k:\c\C backup\C\Program Files\QuickTime\QTTask.exe

2007-08-08 19:07 . 2004-11-19 03:41 114688 k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
2007-08-08 19:07 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" [N/A]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-11-19 741376]
"nForce Tray Options"="sstray.exe" [N/A]
"CHotkey"="zHotkey.exe" [2004-11-19 496640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"DeltTray"="DeltTray.exe" [N/A]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"EarthLink Installer"="" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{88707C22-0828-1033-0330-040805030001}"="c:\program files\Common Files\{88707C22-0828-1033-0330-040805030001}\Update.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-31 113664]
Configuration Utility.lnk - c:\program files\MA311 PCI Adapter Configuration Utility\wlanutil.exe [2010-1-4 890368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
"Midi1"=usbmn1x1.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/4/2004 2:20 PM 188276]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [5/31/2004 11:41 AM 54784]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?]
S3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\Drivers\mscnr.sys --> c:\windows\system32\Drivers\mscnr.sys [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [12/28/2004 4:48 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [12/28/2004 4:48 PM 22304]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006Core.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006UA.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-13 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2000-04-29 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 17:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\windows\zHotkey.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-13 18:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 23:44
ComboFix2.txt 2010-01-13 05:09

Pre-Run: 5,564,985,344 bytes free
Post-Run: 5,579,272,192 bytes free

- - End Of File - - 55BD7E04EA752B87809F45565177AC82

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 14 January 2010 - 09:48 AM

Hello pringles06,

I forgot that Combofix doesn't like to move files on reboot from one drive to another, so we will have to do this a bit different.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
File::
k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe
k:\c\C backup\C\Program Files\iTunes\iTunesHelper.exe
k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
k:\c\C backup\C\Program Files\Microsoft Works\WkDetect.exe
k:\c\C backup\C\Program Files\QuickTime\QTTask.exe
k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Folder::
k:\c\C backup\C\Program Files\Common Files\Real\Update_OB\bak
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please let me know how things are running now.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 pringles06

pringles06
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 14 January 2010 - 03:53 PM

ComboFix 10-01-13.07 - Cole 01/14/2010 14:45:18.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.223 [GMT -5:00]
Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cole\Desktop\CFScript.txt

FILE ::
"k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
"k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe"
"k:\c\C backup\C\Program Files\iTunes\iTunesHelper.exe"
"k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe"
"k:\c\C backup\C\Program Files\Microsoft Works\WkDetect.exe"
"k:\c\C backup\C\Program Files\QuickTime\QTTask.exe"
"k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
k:\c\C backup\C\Program Files\Common Files\Real\Update_OB\bak
k:\c\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
k:\c\C backup\C\Program Files\iTunes\iTunesHelper.exe
k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
k:\c\C backup\C\Program Files\Microsoft Works\WkDetect.exe
k:\c\C backup\C\Program Files\QuickTime\QTTask.exe
k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- C:\spoolerlogs
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\Cole\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\PACE Anti-Piracy
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\InterLok
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\documents and settings\Cole\Application Data\Antares
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32 . 2010-01-11 22:32 -------- d-----w- c:\documents and settings\Cole\Application Data\SynthMaker
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 18:39 . 2010-01-07 18:42 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Temp
2010-01-07 15:24 . 2010-01-07 15:24 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53 . 2007-11-13 17:31 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53 . 2007-11-14 21:20 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53 . 2007-11-14 21:20 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53 . 2007-11-14 21:20 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53 . 2006-08-16 12:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53 . 2006-08-16 12:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53 . 2010-01-06 15:53 -------- d-----w- c:\program files\M-Audio
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\documents and settings\Cole\Application Data\InstallShield
2010-01-06 03:01 . 2010-01-06 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 14:14 . 2010-01-05 14:15 -------- dc-h--w- c:\windows\ie8
2010-01-05 04:31 . 2010-01-05 04:31 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07 . 2010-01-05 02:07 -------- d-----w- c:\program files\SoulseekNS
2010-01-05 01:02 . 2010-01-05 01:02 -------- d-sh--w- c:\documents and settings\Cole\IECompatCache
2010-01-05 01:01 . 2010-01-05 01:01 -------- d-sh--w- c:\documents and settings\Cole\PrivacIE
2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11 . 2010-01-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10 . 2010-01-01 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-01 15:08 . 2010-01-01 15:08 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 15:06 . 2010-01-01 15:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 09:33 . 2010-01-01 09:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47 . 2009-12-31 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 14:47 . 2010-01-05 02:27 -------- d-----w- c:\program files\RegCure
2009-12-31 14:37 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 14:34 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31 . 2003-03-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-12-31 14:29 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19 . 2009-12-31 14:19 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19 . 2009-12-31 14:48 -------- d-----w- c:\program files\Registry Patrol
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22 . 2009-12-31 06:22 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Outsim
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Cole\IETldCache
2009-12-30 23:56 . 2010-01-05 05:25 -------- d-----w- c:\windows\ie8updates
2009-12-30 23:49 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:49 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:48 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44 . 2010-01-05 01:30 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:24 . 2009-12-30 23:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04 . 2004-08-04 05:56 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:02 . 2004-08-04 05:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01 . 2004-08-04 05:56 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01 . 2004-08-04 05:56 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01 . 2004-08-04 05:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01 . 2004-08-04 05:56 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01 . 2004-08-04 05:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01 . 2004-08-04 05:56 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01 . 2004-08-04 05:56 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01 . 2010-01-01 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 22:55 . 2009-12-30 22:55 -------- d-----w- c:\windows\EHome
2009-12-30 19:44 . 2009-12-30 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43 . 2009-12-30 19:44 -------- d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35 . 2009-12-30 19:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44 . 2009-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 18:06 . 2006-12-20 09:13 10 ----a-w- c:\windows\popcinfo.dat
2010-01-13 22:49 . 2000-04-29 10:30 -------- d-----w- c:\program files\aim
2010-01-13 22:13 . 2007-10-22 18:36 -------- d-----w- c:\documents and settings\Cole\Application Data\uTorrent
2010-01-06 15:53 . 2000-04-29 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:09 . 2004-05-31 23:02 -------- d-----w- c:\program files\Soulseek
2010-01-05 02:00 . 2004-05-31 16:41 -------- d-----w- c:\program files\MA311 PCI Adapter Configuration Utility
2010-01-04 17:01 . 2004-10-11 00:26 -------- d-----w- c:\documents and settings\Cole\Application Data\Skype
2010-01-04 05:49 . 2004-06-01 02:27 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
2010-01-01 15:13 . 2004-06-01 02:26 -------- d-----w- c:\program files\iTunes
2010-01-01 15:12 . 2005-10-11 14:06 -------- d-----w- c:\program files\iPod
2010-01-01 15:10 . 2006-07-17 01:21 -------- d-----w- c:\program files\QuickTime
2010-01-01 14:25 . 2004-06-13 14:17 -------- d-----w- c:\program files\Warcraft III
2010-01-01 14:14 . 2006-10-11 12:18 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-01-01 14:12 . 2007-08-26 18:58 -------- d-----w- c:\program files\QuickVideo weeCam
2010-01-01 05:44 . 2000-04-29 11:01 -------- d-----w- c:\program files\BigFix
2009-12-31 14:07 . 2007-10-03 22:15 -------- d-----w- c:\program files\Project64 1.6
2009-12-31 05:02 . 2004-10-16 22:36 -------- d-----w- c:\program files\Image-Line
2009-12-30 23:52 . 2004-04-20 17:31 -------- d-----w- c:\program files\eMachines Bay Reader
2009-12-30 23:52 . 2000-04-29 10:48 -------- d-----w- c:\program files\Microsoft Works
2009-12-30 23:33 . 2004-06-05 19:00 47552 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 23:07 . 2000-04-29 10:03 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-30 19:35 . 2004-07-15 19:07 -------- d-----w- c:\program files\Java
2009-12-30 19:34 . 2009-12-30 19:34 152576 ----a-w- c:\documents and settings\Cole\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-30 19:32 . 2009-12-30 19:32 79488 ----a-w- c:\documents and settings\Cole\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-04 15:03 . 2009-12-04 15:03 251376 ----a-w- c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2005-10-21 18:51 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2009-12-30 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2009-12-30 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-12-30 23:03 263552 ----a-w- c:\windows\system32\drivers\http.sys
2004-11-19 02:42 . 2004-09-01 02:27 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42 . 2004-09-01 02:27 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2001-11-18 02:29 . 2004-09-01 02:27 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21 . 2004-09-01 02:27 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35 . 2004-09-01 02:27 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15 . 2004-09-01 02:27 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04 . 2004-09-01 02:27 3717 ----a-w- c:\program files\license.txt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-10-11 16:02 . 2005-10-11 16:02 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2004-10-09 20:30 . 2004-11-19 02:42 73728 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2004-11-02 22:59 . 2004-11-02 22:59 218240 c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

2004-03-11 22:18 . 2004-11-19 02:42 135168 c:\program files\eMachines Bay Reader\bak\shwiconem.exe

2006-06-14 21:24 . 2006-06-14 21:24 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-11-12 21:33 . 2009-11-12 21:33 141600 c:\program files\iTunes\iTunesHelper.exe

2068-02-23 04:44 . 2004-11-19 02:40 36864 c:\program files\Java\j2re1.4.2_04\bin\bak\jusched.exe
2007-01-16 00:16 . 2007-01-16 00:46 38924 c:\program files\Java\j2re1.4.2_04\bin\jusched.exe

2000-07-14 03:00 . 2004-11-19 02:41 32768 c:\program files\Microsoft Works\bak\WkDetect.exe

2006-07-17 01:21 . 2006-07-17 01:21 282624 c:\program files\QuickTime\bak\qttask.exe
2009-11-11 04:08 . 2009-11-11 04:08 417792 c:\program files\QuickTime\QTTask.exe

2004-10-23 14:41 . 2004-11-19 02:41 114688 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2001-09-14 16:34 . 2004-11-19 02:41 684032 c:\qoobox\Quarantine\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe.vir

2000-04-29 10:30 . 2005-08-05 20:08 67160 c:\qoobox\Quarantine\C\Program Files\aim\bak\aim.exe.vir

2010-01-13 22:53 . 2005-08-05 21:08 67160 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\aim\bak\aim.exe.vir

2010-01-14 19:55 . 2005-10-11 17:02 180269 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir

2010-01-13 22:53 . 2004-11-19 03:42 73728 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir

2010-01-13 22:53 . 2004-08-27 05:43 56320 c:\qoobox\Quarantine\k\C\C backup\C\WINDOWS\system32\bak\DeltTray.exe.vir

2005-07-15 17:39 . 2004-08-27 04:43 56320 c:\windows\system32\bak\DeltTray.exe

2007-08-08 18:04 . 2004-11-19 03:41 684032 k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

2007-08-08 18:08 . 2004-11-02 23:59 218240 k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

2007-08-08 18:10 . 2004-11-19 03:42 135168 k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
2007-08-08 18:10 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

2007-08-08 18:30 . 2006-06-14 22:24 278528 k:\c\C backup\C\Program Files\iTunes\bak\iTunesHelper.exe

2007-08-08 18:31 . 2004-11-19 03:41 36864 k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe

2007-08-08 18:35 . 2004-11-19 03:41 32768 k:\c\C backup\C\Program Files\Microsoft Works\bak\WkDetect.exe

2007-08-08 18:42 . 2006-07-17 02:21 282624 k:\c\C backup\C\Program Files\QuickTime\bak\qttask.exe

2007-08-08 19:07 . 2004-11-19 03:41 114688 k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" [N/A]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-11-19 741376]
"nForce Tray Options"="sstray.exe" [N/A]
"CHotkey"="zHotkey.exe" [2004-11-19 496640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"DeltTray"="DeltTray.exe" [N/A]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"EarthLink Installer"="" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{88707C22-0828-1033-0330-040805030001}"="c:\program files\Common Files\{88707C22-0828-1033-0330-040805030001}\Update.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-31 113664]
Configuration Utility.lnk - c:\program files\MA311 PCI Adapter Configuration Utility\wlanutil.exe [2010-1-4 890368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
"Midi1"=usbmn1x1.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/4/2004 2:20 PM 188276]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [5/31/2004 11:41 AM 54784]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?]
S3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\Drivers\mscnr.sys --> c:\windows\system32\Drivers\mscnr.sys [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [12/28/2004 4:48 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [12/28/2004 4:48 PM 22304]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006Core.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006UA.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-13 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2000-04-29 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-4Front Bass Module VSTi_is1 - c:\program files\Steinberg\VSTPlugins\unins001.exe
AddRemove-4Front Piano Module VSTi_is1 - c:\program files\Steinberg\VSTPlugins\unins000.exe
AddRemove-FabFilter One 2.01 - c:\program files\Steinberg\Uninst.exe
AddRemove-Lounge Lizard 1.01 - c:\progra~1\STEINB~1\VSTPLU~1\UNWISE.EXE
AddRemove-rgcAudio z3ta Plus v1.40 - c:\progra~1\STEINB~1\VSTPLU~1\RGCAUD~1\Z3TA_U~1\UNWISE.EXE
AddRemove-MrRay - c:\program files\Steinberg\VSTplugins\MrRay\uninstall.exe
AddRemove-Steinberg Hypersonic v1.0 - c:\progra~1\STEINB~1\VSTPLU~1\HYPERS~1\HYPERS~1\UNINST~1\HYPERS~1\UNWISE.EXE
AddRemove-Synth1 - c:\program files\Steinberg\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 14:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-14 15:03:45
ComboFix-quarantined-files.txt 2010-01-14 20:03
ComboFix2.txt 2010-01-13 23:44
ComboFix3.txt 2010-01-13 05:09

Pre-Run: 6,075,088,896 bytes free
Post-Run: 6,030,635,008 bytes free

- - End Of File - - 93D152FFBEEAFB8077BB4EE2E96BC84D

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 14 January 2010 - 04:20 PM

Hello pringles06,

There we go again, lets hope we got all of it now. Its unbelievable for such an old infection to be so stubborn :(

Let me know how things are running now.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
File::
k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

Folder::
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Common Files\Symantec Shared\bak
c:\program files\Common Files\Symantec Shared\Security Center\bak
c:\program files\eMachines Bay Reader\bak
c:\program files\Java\j2re1.4.2_04\bin\bak
c:\program files\Microsoft Works\bak
c:\program files\Viewpoint\Viewpoint Manager\bak

AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
c:\windows\system32\bak\deltray.exe
k:\c\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
k:\c\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\directcd.exe
k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
k:\c\C backup\C\Program Files\iTunes\bak\iTunesHelper.exe
k:\c\C backup\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe
k:\c\C backup\C\Program Files\Microsoft Works\bak\WkDetect.exe
k:\c\C backup\C\Program Files\QuickTime\bak\qttask.exe
k:\c\C backup\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 pringles06

pringles06
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 14 January 2010 - 05:04 PM

I appreciate the help. I haven't really put it to the test yet, but I can if you want. Here's the last ComboFix log:

ComboFix 10-01-13.07 - Cole 01/14/2010 16:33:33.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.164 [GMT -5:00]
Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cole\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

FILE ::
"k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Common Files\Symantec Shared\bak
c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
c:\program files\Common Files\Symantec Shared\Security Center\bak
c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
c:\program files\Java\j2re1.4.2_04\bin\bak
c:\program files\Java\j2re1.4.2_04\bin\bak\jusched.exe
c:\program files\Microsoft Works\bak
c:\program files\Microsoft Works\bak\WkDetect.exe
c:\program files\Viewpoint\Viewpoint Manager\bak
c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- C:\spoolerlogs
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\Cole\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\PACE Anti-Piracy
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\InterLok
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\documents and settings\Cole\Application Data\Antares
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32 . 2010-01-11 22:32 -------- d-----w- c:\documents and settings\Cole\Application Data\SynthMaker
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 18:39 . 2010-01-07 18:42 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Temp
2010-01-07 15:24 . 2010-01-07 15:24 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53 . 2007-11-13 17:31 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53 . 2007-11-14 21:20 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53 . 2007-11-14 21:20 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53 . 2007-11-14 21:20 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53 . 2006-08-16 12:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53 . 2006-08-16 12:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53 . 2010-01-06 15:53 -------- d-----w- c:\program files\M-Audio
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\documents and settings\Cole\Application Data\InstallShield
2010-01-06 03:01 . 2010-01-06 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 14:14 . 2010-01-05 14:15 -------- dc-h--w- c:\windows\ie8
2010-01-05 04:31 . 2010-01-05 04:31 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07 . 2010-01-05 02:07 -------- d-----w- c:\program files\SoulseekNS
2010-01-05 01:02 . 2010-01-05 01:02 -------- d-sh--w- c:\documents and settings\Cole\IECompatCache
2010-01-05 01:01 . 2010-01-05 01:01 -------- d-sh--w- c:\documents and settings\Cole\PrivacIE
2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11 . 2010-01-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10 . 2010-01-01 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-01 15:08 . 2010-01-01 15:08 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 15:06 . 2010-01-01 15:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 09:33 . 2010-01-01 09:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47 . 2009-12-31 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 14:47 . 2010-01-05 02:27 -------- d-----w- c:\program files\RegCure
2009-12-31 14:37 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 14:34 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31 . 2003-03-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-12-31 14:29 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19 . 2009-12-31 14:19 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19 . 2009-12-31 14:48 -------- d-----w- c:\program files\Registry Patrol
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22 . 2009-12-31 06:22 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Outsim
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Cole\IETldCache
2009-12-30 23:56 . 2010-01-05 05:25 -------- d-----w- c:\windows\ie8updates
2009-12-30 23:49 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:49 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:48 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44 . 2010-01-05 01:30 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:24 . 2009-12-30 23:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04 . 2004-08-04 05:56 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:02 . 2004-08-04 05:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01 . 2004-08-04 05:56 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01 . 2004-08-04 05:56 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01 . 2004-08-04 05:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01 . 2004-08-04 05:56 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01 . 2004-08-04 05:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01 . 2004-08-04 05:56 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01 . 2004-08-04 05:56 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01 . 2010-01-01 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 22:55 . 2009-12-30 22:55 -------- d-----w- c:\windows\EHome
2009-12-30 19:44 . 2009-12-30 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43 . 2009-12-30 19:44 -------- d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35 . 2009-12-30 19:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44 . 2009-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 21:45 . 2006-12-20 09:13 10 ----a-w- c:\windows\popcinfo.dat
2010-01-14 21:44 . 2000-04-29 10:48 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 21:44 . 2000-04-29 10:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 22:49 . 2000-04-29 10:30 -------- d-----w- c:\program files\aim
2010-01-13 22:13 . 2007-10-22 18:36 -------- d-----w- c:\documents and settings\Cole\Application Data\uTorrent
2010-01-06 15:53 . 2000-04-29 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:09 . 2004-05-31 23:02 -------- d-----w- c:\program files\Soulseek
2010-01-05 02:00 . 2004-05-31 16:41 -------- d-----w- c:\program files\MA311 PCI Adapter Configuration Utility
2010-01-04 17:01 . 2004-10-11 00:26 -------- d-----w- c:\documents and settings\Cole\Application Data\Skype
2010-01-04 05:49 . 2004-06-01 02:27 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
2010-01-01 15:13 . 2004-06-01 02:26 -------- d-----w- c:\program files\iTunes
2010-01-01 15:12 . 2005-10-11 14:06 -------- d-----w- c:\program files\iPod
2010-01-01 15:10 . 2006-07-17 01:21 -------- d-----w- c:\program files\QuickTime
2010-01-01 14:25 . 2004-06-13 14:17 -------- d-----w- c:\program files\Warcraft III
2010-01-01 14:14 . 2006-10-11 12:18 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-01-01 14:12 . 2007-08-26 18:58 -------- d-----w- c:\program files\QuickVideo weeCam
2010-01-01 05:44 . 2000-04-29 11:01 -------- d-----w- c:\program files\BigFix
2009-12-31 14:07 . 2007-10-03 22:15 -------- d-----w- c:\program files\Project64 1.6
2009-12-31 05:02 . 2004-10-16 22:36 -------- d-----w- c:\program files\Image-Line
2009-12-30 23:52 . 2004-04-20 17:31 -------- d-----w- c:\program files\eMachines Bay Reader
2009-12-30 23:33 . 2004-06-05 19:00 47552 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 23:07 . 2000-04-29 10:03 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-30 19:35 . 2004-07-15 19:07 -------- d-----w- c:\program files\Java
2009-10-29 07:45 . 2005-10-21 18:51 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2009-12-30 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2009-12-30 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-12-30 23:03 263552 ----a-w- c:\windows\system32\drivers\http.sys
2004-11-19 02:42 . 2004-09-01 02:27 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42 . 2004-09-01 02:27 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2001-11-18 02:29 . 2004-09-01 02:27 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21 . 2004-09-01 02:27 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35 . 2004-09-01 02:27 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15 . 2004-09-01 02:27 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04 . 2004-09-01 02:27 3717 ----a-w- c:\program files\license.txt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-03-11 22:18 . 2004-11-19 02:42 135168 c:\program files\eMachines Bay Reader\bak\shwiconem.exe

2006-06-14 21:24 . 2006-06-14 21:24 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-11-12 21:33 . 2009-11-12 21:33 141600 c:\program files\iTunes\iTunesHelper.exe

2006-07-17 01:21 . 2006-07-17 01:21 282624 c:\program files\QuickTime\bak\qttask.exe
2009-11-11 04:08 . 2009-11-11 04:08 417792 c:\program files\QuickTime\QTTask.exe

2001-09-14 16:34 . 2004-11-19 02:41 684032 c:\qoobox\Quarantine\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe.vir

2000-04-29 10:30 . 2005-08-05 20:08 67160 c:\qoobox\Quarantine\C\Program Files\aim\bak\aim.exe.vir

2005-10-11 16:02 . 2005-10-11 16:02 180269 c:\qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir

2004-10-09 20:30 . 2004-11-19 02:42 73728 c:\qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir

2004-11-02 22:59 . 2004-11-02 22:59 218240 c:\qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe.vir

2068-02-23 04:44 . 2004-11-19 02:40 36864 c:\qoobox\Quarantine\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe.vir

2000-07-14 03:00 . 2004-11-19 02:41 32768 c:\qoobox\Quarantine\C\Program Files\Microsoft Works\bak\WkDetect.exe.vir

2004-10-23 14:41 . 2004-11-19 02:41 114688 c:\qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe.vir

2010-01-13 22:53 . 2005-08-05 21:08 67160 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\aim\bak\aim.exe.vir

2010-01-14 19:55 . 2005-10-11 17:02 180269 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir

2010-01-13 22:53 . 2004-11-19 03:42 73728 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir

2010-01-13 22:53 . 2004-08-27 05:43 56320 c:\qoobox\Quarantine\k\C\C backup\C\WINDOWS\system32\bak\DeltTray.exe.vir

2007-08-08 18:10 . 2004-11-19 03:42 135168 k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
2007-08-08 18:10 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" [N/A]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-11-19 741376]
"nForce Tray Options"="sstray.exe" [N/A]
"CHotkey"="zHotkey.exe" [2004-11-19 496640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"DeltTray"="DeltTray.exe" [N/A]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"EarthLink Installer"="" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{88707C22-0828-1033-0330-040805030001}"="c:\program files\Common Files\{88707C22-0828-1033-0330-040805030001}\Update.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-31 113664]
Configuration Utility.lnk - c:\program files\MA311 PCI Adapter Configuration Utility\wlanutil.exe [2010-1-4 890368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
"Midi1"=usbmn1x1.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/4/2004 2:20 PM 188276]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [5/31/2004 11:41 AM 54784]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?]
S3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\Drivers\mscnr.sys --> c:\windows\system32\Drivers\mscnr.sys [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [12/28/2004 4:48 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [12/28/2004 4:48 PM 22304]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006Core.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006UA.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-14 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2000-04-29 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 16:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1872)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\wdfmgr.exe
c:\windows\zHotkey.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-01-14 17:03:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 22:03
ComboFix2.txt 2010-01-14 20:03
ComboFix3.txt 2010-01-13 23:44
ComboFix4.txt 2010-01-13 05:09

Pre-Run: 6,048,985,088 bytes free
Post-Run: 6,059,347,968 bytes free

- - End Of File - - B6E1D5999FCECFF1EF81A485499E9B4D

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 PM

Posted 15 January 2010 - 01:55 AM

Hello pringles06,

Still some stuff left :(

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
AWF::
c:\program files\eMachines Bay Reader\bak\shwiconem.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe

File::
k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users