Jump to content


Photo

Google redirects and more


  • This topic is locked This topic is locked
24 replies to this topic

#1 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 04 April 2011 - 10:43 PM

Hi,

I just found this forum while looking for help.

I have had the browser redirect virus but it seems to getting much worse now. It will let me visit lots of websites but stops me viewing lots of anti virus rekated websites. This one seems to have slipped through the net I'm glad to say.

I have tried thew three steps process

1) ran TFC and rebooted.

2) Tried to install Ad Aware but the it won't let me.

3) Tried to install Malware Bytes but the it won't let me.

4) Tried ESET and Kaspersky but the it won't let me,


Ran OTL, and the logs are pasted below.

OTL logfile created on: 04/04/2011 21:19:08 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Niall\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.35 Gb Total Space | 150.37 Gb Free Space | 65.56% Space Free | Partition Type: NTFS

Computer Name: F3BFC27E96CB470 | User Name: Niall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Niall\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe (Realtek)
PRC - C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe ()
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Niall\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Super G Wireless Service) -- C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (p17xfilt) -- C:\WINDOWS\system32\drivers\p17xfilt.sys (Sensaura)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (P17xfi) -- C:\WINDOWS\system32\drivers\P17xfi.sys (Creative Technology Ltd.)
DRV - (BDA_Capture_220A) -- C:\WINDOWS\system32\drivers\BDA_Capture_220A.sys (WideViewer Electronics CO., LTD)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (winusb) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (BDA_Loader_220A) -- C:\WINDOWS\system32\drivers\BDA_Loader_220A.sys (WideView Technology Inc.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nvatabus) -- C:\WINDOWS\System32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (GTNDIS5) -- C:\Program Files\Wireless 11bg Netowrk Utility\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 03:00:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/07/08 18:31:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/01/26 00:25:08 | 000,000,000 | ---D | M]

[2011/04/03 23:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/13 18:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2011/01/26 00:25:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2011/01/26 00:25:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/11/29 23:28:06 | 001,334,576 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/11/29 23:28:46 | 000,262,624 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/11/20 15:22:13 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/06/17 21:59:00 | 000,307,713 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/17 21:59:01 | 000,307,576 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/17 21:59:01 | 000,307,677 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/17 21:59:01 | 000,307,552 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/17 21:59:01 | 000,307,682 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/17 21:59:01 | 000,307,689 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/17 21:59:01 | 000,307,656 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/11/20 18:02:00 | 002,752,943 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/11/20 15:22:18 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2007/11/20 15:22:11 | 000,258,487 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007/09/12 11:19:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/09/12 11:22:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2011/03/27 10:50:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IR_SERVER] C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe (Realtek)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries00000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries00000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries00000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries00000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries00000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193432501734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193432490625 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\tmselsnw\cskqvvwk.exe) - C:\Program Files\tmselsnw\cskqvvwk.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Niall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Niall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/07 09:05:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 21:12:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Niall\Desktop\OTL.exe
[2011/04/04 17:29:06 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Niall\Desktop\avg_isct_stb_all_2011_1209.exe
[2011/04/03 21:26:53 | 012,399,552 | ---- | C] (Mozilla) -- C:\Documents and Settings\Niall\Desktop\Firefox Setup 4.0.exe
[2011/04/03 17:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niall\Desktop\tdsskiller
[2011/04/03 17:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/31 21:53:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/29 17:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\tmselsnw
[2011/03/27 20:24:21 | 000,713,227 | ---- | C] (BonzoLLM) -- C:\Documents and Settings\Niall\Desktop\FM Coach Calculator.exe
[2011/03/27 11:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/03/27 11:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niall\Start Menu\Programs\Free Window Registry Repair
[2011/03/27 11:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niall\Application Data\Registry Mechanic
[2011/03/27 10:59:20 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2011/03/27 10:59:20 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2011/03/27 10:59:20 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2011/03/27 10:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Mechanic
[2011/03/27 10:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/03/27 10:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/03/27 10:39:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/27 10:39:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/27 10:39:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/27 10:39:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/23 20:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/03/23 20:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/22 20:50:22 | 000,000,000 | ---D | C] -- C:\dell
[2011/03/19 17:54:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/03/13 21:19:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/13 21:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/13 21:19:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/13 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/13 21:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2002/04/11 02:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/04/04 21:12:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Niall\Desktop\OTL.exe
[2011/04/04 21:07:30 | 000,195,165 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/04 21:07:26 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 21:02:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 20:41:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 20:25:13 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/04/04 15:59:05 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/04/03 23:44:48 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Niall\Desktop\avg_isct_stb_all_2011_1209.exe
[2011/04/03 23:30:59 | 000,158,152 | ---- | M] () -- C:\WINDOWS\Explorermgr.exe
[2011/04/03 22:50:03 | 000,006,701 | ---- | M] () -- C:\Documents and Settings\Niall\resetlog.txp
[2011/04/03 21:07:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Niall\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/03 21:06:09 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/04/03 21:04:00 | 012,399,552 | ---- | M] (Mozilla) -- C:\Documents and Settings\Niall\Desktop\Firefox Setup 4.0.exe
[2011/04/03 17:43:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 19:13:05 | 000,158,152 | ---- | M] () -- C:\Documents and Settings\Niall\Desktop\TFCmgr.exe
[2011/03/27 11:03:46 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Niall\Desktop\Free Window Registry Repair.lnk
[2011/03/27 10:50:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/27 09:42:52 | 000,369,990 | ---- | M] () -- C:\Documents and Settings\Niall\Desktop\how-to-use-combofix.htm
[2011/03/27 08:56:07 | 000,433,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 08:56:07 | 000,067,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/22 20:31:38 | 000,560,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/20 12:29:07 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2011/03/16 12:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/13 21:19:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/04/03 23:30:59 | 000,158,152 | ---- | C] () -- C:\WINDOWS\Explorermgr.exe
[2011/04/03 22:50:03 | 000,006,701 | ---- | C] () -- C:\Documents and Settings\Niall\resetlog.txp
[2011/04/03 21:06:09 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/31 19:13:05 | 000,158,152 | ---- | C] () -- C:\Documents and Settings\Niall\Desktop\TFCmgr.exe
[2011/03/27 11:03:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Niall\Desktop\Free Window Registry Repair.lnk
[2011/03/27 11:00:24 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/03/27 10:59:38 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/03/27 10:59:20 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/03/27 10:39:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/27 10:39:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/27 10:39:15 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/27 10:39:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/27 10:39:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/27 09:42:55 | 000,369,990 | ---- | C] () -- C:\Documents and Settings\Niall\Desktop\how-to-use-combofix.htm
[2011/03/13 21:19:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:53:26 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/10/05 16:40:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/29 00:36:28 | 000,000,788 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2010/06/23 01:53:02 | 001,088,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/18 15:41:56 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/10/18 15:41:53 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2009/10/04 18:16:22 | 000,050,036 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/10 22:06:49 | 000,000,536 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/08/14 16:27:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/05/18 21:36:21 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/05/04 10:16:32 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Niall\Application Data\PnkBstrK.sys
[2009/05/04 10:16:09 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/29 20:26:17 | 000,138,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/06/29 20:26:12 | 000,270,904 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/06/29 20:26:05 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/11/29 23:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 22:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/20 15:23:49 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/17 03:45:44 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2007/10/30 21:46:50 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2007/09/16 17:06:31 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/09/16 17:06:31 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/16 17:06:10 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2007/09/16 17:06:10 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/09/16 17:06:10 | 000,008,251 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2007/09/12 10:19:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/08/15 00:30:15 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Niall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/13 15:26:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Niall\Application Data\$_hpcst$.hpc
[2007/08/08 19:04:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Niall\Local Settings\Application Data\fusioncache.dat
[2007/08/08 13:08:42 | 000,020,475 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2007/08/08 13:08:42 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/08/07 13:13:58 | 000,004,466 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/07 12:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/07 11:48:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SGWA.dll
[2007/08/07 11:48:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/08/07 10:58:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/08/07 10:34:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/07 10:02:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/08/07 10:02:30 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/07 09:07:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/07 09:02:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/07 01:58:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/07 01:56:28 | 000,560,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 00:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 00:43:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/06/29 00:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 00:43:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/06/29 00:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 00:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/29 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 00:43:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/06/29 00:43:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/29 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/22 21:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/15 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 13:00:00 | 000,433,104 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/15 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/03/15 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/03/15 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/03/15 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/03/15 13:00:00 | 000,067,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/03/15 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/03 12:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/03/09 05:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/07/05 15:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

========== LOP Check ==========

[2011/03/27 10:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2007/12/16 03:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/01/25 23:58:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/11/11 14:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/04/04 00:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/04 17:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/25 22:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2007/09/30 20:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2009/03/30 20:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2011/04/04 20:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/20 16:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/13 18:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Atari
[2011/01/25 23:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\AVG10
[2009/08/30 21:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Azgard
[2011/02/24 15:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\BitTorrent
[2010/12/19 01:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Camfrog
[2011/04/03 22:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Dropbox
[2010/03/02 21:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Facebook
[2011/02/16 00:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\FileZilla
[2010/01/13 20:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\FinalBurner Video DVD
[2009/05/06 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\GetRightToGo
[2011/03/27 08:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\ggj2lwoqnv3ulecwks3garvludrqmuc2
[2008/01/31 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Inkscape
[2007/08/13 10:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Interact Commerce
[2008/08/13 18:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Leadertech
[2010/11/06 16:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Microgaming
[2011/01/26 23:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\MSNInstaller
[2010/06/26 16:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\MySQL
[2011/01/26 23:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Netscape
[2007/11/16 20:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Opera
[2007/11/17 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Paltalk
[2011/03/27 11:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Registry Mechanic
[2011/02/13 21:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\Sports Interactive
[2011/03/06 23:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Niall\Application Data\xfjdoqrskeduwzjnxmccmuaqd1ymy11x2
[2007/11/21 00:02:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1186575140.job
[2011/04/04 20:25:13 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/04/04 15:59:05 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >







OTL Extras logfile created on: 04/04/2011 21:15:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Niall\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.35 Gb Total Space | 150.37 Gb Free Space | 65.56% Space Free | Partition Type: NTFS

Computer Name: F3BFC27E96CB470 | User Name: Niall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module -- (Camshare LC)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\Steam\SteamApps\common\railroad tycoon 3\RT3.exe" = C:\Program Files\Steam\SteamApps\common\railroad tycoon 3\RT3.exe:*:Enabled:Railroad Tycoon 3 -- (PopTop Software, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\common\battlefield bad company 2\BFBC2Game.exe" = C:\Program Files\Steam\SteamApps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Steam\SteamApps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\SteamApps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2 -- ()
"C:\Documents and Settings\Niall\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Niall\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Steam\SteamApps\common\football manager 2011\fm.exe" = C:\Program Files\Steam\SteamApps\common\football manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19EEBA23-580F-442A-9D53-D2B874630EEA}" = DVB-T USB DEVICE
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.1.0.130
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2CCD7150-86A4-4BDC-8C81-2B987C93B8FD}" = Application Suite
"{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}" = Adobe Captivate 3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EA3A8A6-4B6B-4288-B8FB-3EB11A403ED3}" = Eye 312
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9AAA6A7C-DBF7-9B7C-8DFC-D1417BF53288}" = MyFonts Order M2246337
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECFDCD2-E425-4D86-AEA0-CA3451EBF974}" = Super G Wireless Adapter
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AC3 Decoder" = AC3 Decoder
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AskPBar Uninstall" = Ask Toolbar
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Boardmaker" = Boardmaker
"Camfrog 5.5" = Camfrog Video Chat 5.5
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Crimson Editor SVN286" = Crimson Editor SVN286
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.1.6
"Fotosizer" = Fotosizer 1.30
"Free Window Registry Repair" = Free Window Registry Repair
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Image Converter One_is1" = 1.009
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"SopCast" = SopCast 3.0.1
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 34220" = Football Manager 2011
"Steam App 7610" = Railroad Tycoon 3
"SysInfo" = Creative System Information
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/04/2011 12:21:14 | Computer Name = F3BFC27E96CB470 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 03/04/2011 12:21:15 | Computer Name = F3BFC27E96CB470 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 03/04/2011 12:44:02 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 12:50:46 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.2180, fault address 0x00001deb.

Error - 03/04/2011 15:58:27 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 16:07:56 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 17:59:11 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 19:23:30 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.2180, fault address 0x00001deb.

Error - 04/04/2011 13:30:57 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.2180, fault address 0x00001deb.

Error - 04/04/2011 16:13:37 | Computer Name = F3BFC27E96CB470 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 03/04/2011 12:21:14 | Computer Name = F3BFC27E96CB470 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 03/04/2011 12:21:15 | Computer Name = F3BFC27E96CB470 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 03/04/2011 12:44:02 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 12:50:46 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.2180, fault address 0x00001deb.

Error - 03/04/2011 15:58:27 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 16:07:56 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 17:59:11 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x001537d0.

Error - 03/04/2011 19:23:30 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.2180, fault address 0x00001deb.

Error - 04/04/2011 13:30:57 | Computer Name = F3BFC27E96CB470 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.2180, fault address 0x00001deb.

Error - 04/04/2011 16:13:37 | Computer Name = F3BFC27E96CB470 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The LMIGuardianSvc service terminated unexpectedly. It has done this
1 time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Maintenance Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Startup and Shutdown Monitor service service terminated
unexpectedly. It has done this 1 time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7031
Description = The Wireless LAN Card service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 04/04/2011 15:56:37 | Computer Name = F3BFC27E96CB470 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >




Please can anyone help me out?

#2 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 04 April 2011 - 11:00 PM

Also managed to get dds logs.....


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Niall at 22:57:48.71 on 04/04/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2447 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe
C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Niall\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\tmselsnw\cskqvvwk.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [IR_SERVER] c:\program files\dvb-t\dvb-t usb device\IR_SERVER.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer.5.36.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193432501734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193432490625
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-20 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-19 47640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-27 632792]
R2 Super G Wireless Service;Wireless LAN Card;c:\program files\wireless 11bg netowrk utility\WLService.exe [2007-8-7 49152]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-13 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S3 BDA_Capture_220A;Digital-TV receiver Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_220A.sys [2007-11-4 17152]
S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 6.7.10.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [2007-11-4 16896]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 fasttrak;fasttrak; [x]
S4 iteraid;iteraid; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 m5287;m5287; [x]
S4 m5289;m5289; [x]
S4 Si3112r;Si3112r; [x]
S4 viasraid;viasraid; [x]
.
=============== Created Last 30 ================
.
2011-04-04 17:35:25 158152 ----a-w- c:\program files\internet explorer\iexploremgr.exe
2011-04-03 22:30:59 158152 ----a-w- c:\windows\Explorermgr.exe
2011-03-29 16:43:12 -------- d-----w- c:\program files\tmselsnw
2011-03-27 10:03:46 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-27 10:02:00 -------- d-----w- c:\docume~1\niall\applic~1\Registry Mechanic
2011-03-27 09:59:20 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-27 09:59:20 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-27 09:59:20 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-27 09:59:20 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-27 09:59:18 -------- d-----w- c:\program files\common files\PC Tools
2011-03-27 09:39:15 98816 ----a-w- c:\windows\sed.exe
2011-03-27 09:39:15 89088 ----a-w- c:\windows\MBR.exe
2011-03-27 09:39:15 256512 ----a-w- c:\windows\PEV.exe
2011-03-27 09:39:15 161792 ----a-w- c:\windows\SWREG.exe
2011-03-22 19:50:22 -------- d-----w- C:\dell
2011-03-19 16:54:28 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-19 16:54:28 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-13 20:19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 20:19:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 20:19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 20:03:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2011-01-25 23:25:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-25 23:25:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 22:58:26.84 ===============

Attached Files



#3 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 04 April 2011 - 11:45 PM

Also managed to get dds logs.....
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Niall at 22:57:48.71 on 04/04/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2447 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe
C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Niall\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\tmselsnw\cskqvvwk.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [IR_SERVER] c:\program files\dvb-t\dvb-t usb device\IR_SERVER.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer.5.36.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193432501734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193432490625
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-20 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-19 47640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-27 632792]
R2 Super G Wireless Service;Wireless LAN Card;c:\program files\wireless 11bg netowrk utility\WLService.exe [2007-8-7 49152]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-13 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S3 BDA_Capture_220A;Digital-TV receiver Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_220A.sys [2007-11-4 17152]
S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 6.7.10.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [2007-11-4 16896]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 fasttrak;fasttrak; [x]
S4 iteraid;iteraid; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 m5287;m5287; [x]
S4 m5289;m5289; [x]
S4 Si3112r;Si3112r; [x]
S4 viasraid;viasraid; [x]
.
=============== Created Last 30 ================
.
2011-04-04 17:35:25 158152 ----a-w- c:\program files\internet explorer\iexploremgr.exe
2011-04-03 22:30:59 158152 ----a-w- c:\windows\Explorermgr.exe
2011-03-29 16:43:12 -------- d-----w- c:\program files\tmselsnw
2011-03-27 10:03:46 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-27 10:02:00 -------- d-----w- c:\docume~1\niall\applic~1\Registry Mechanic
2011-03-27 09:59:20 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-27 09:59:20 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-27 09:59:20 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-27 09:59:20 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-27 09:59:18 -------- d-----w- c:\program files\common files\PC Tools
2011-03-27 09:39:15 98816 ----a-w- c:\windows\sed.exe
2011-03-27 09:39:15 89088 ----a-w- c:\windows\MBR.exe
2011-03-27 09:39:15 256512 ----a-w- c:\windows\PEV.exe
2011-03-27 09:39:15 161792 ----a-w- c:\windows\SWREG.exe
2011-03-22 19:50:22 -------- d-----w- C:\dell
2011-03-19 16:54:28 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-19 16:54:28 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-13 20:19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 20:19:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 20:19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 20:03:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2011-01-25 23:25:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-25 23:25:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 22:58:26.84 ===============









I got Adaware working and it keeps finding the same thing every time my PC restarts. here's the log..............




Logfile created: 04/04/2011 23:40:34
Ad-Aware version: 9.0.2
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Niall

*********************** Definitions database information ***********************
Lavasoft definition file: 150.337
Genotype definition file version: Unknown
Extended engine definition file: 8790.0

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 88758
Objects detected: 12


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 12
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Repaired items:
Description: c:\documents and settings\niall\application data\dropbox\bin\python25.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e6f15b1df94dd3e8075ac59c74d8d266
Description: c:\documents and settings\niall\application data\facebook\npfbplugin_1_0_3.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 04f9055f249a446e0a9ad5ca96e88242
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\4\7ec4bf04-13a6ce1d-n\jmc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f0077eb1ef2a6b691e86501d5a34dace
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\4\7ec4bf04-13a6ce1d-n\msvcp71.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: fd01693b5452c2901ffbfc8194043138
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\4\7ec4bf04-13a6ce1d-n\msvcr71.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 33e21b013835e90536249f52d1afc2fb
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\42\4488892a-5df6f849-n\decora-d3d.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a11b1f714d9a2ad17278a7c052a5ca28
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\42\4488892a-5df6f849-n\decora-sse.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a695071531df82a42462ae4a06b8d78f
Description: c:\documents and settings\niall\desktop\fm coach calculator.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 985916efc89ad0cd132e9464ac6ab853
Description: c:\documents and settings\niall\desktop\otl.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8cdbc07f7a6bfe32e086ab8e29aa95d2
Description: c:\documents and settings\niall\desktop\tfc.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f511d29efcff449b29373378905040cc
Description: c:\documents and settings\niall\local settings\temp\7zsf.tmp\htmlayout.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6081e2a7ba23dac185c3bd71fe43b27c
Description: c:\documents and settings\niall\local settings\temporary internet files\content.ie5\4lyn49qb\otl[1].exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 025cffa337be8a9b54b279bc096a0d8d

Scan and cleaning complete: Finished correctly after 208 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Mon Apr 04 23:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Mon Apr 04 05:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Mon Apr 04 11:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Mon Apr 04 17:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Apr 04 23:11:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: F3BFC27E96CB470
Processor name: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Processor identifier: x86 Family 15 Model 35 Stepping 2
Processor speed: ~2010MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 8962, number of processors 2, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 2204405760 bytes
Physical memory total: 3220676608 bytes
Virtual memory available: 1834917888 bytes
Virtual memory total: 2147352576 bytes
Memory load: 31%
Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Windows startup mode:

Running processes:
PID: 636 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 700 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 724 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 768 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 780 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 940 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1000 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1040 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1136 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1188 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1416 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1472 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1808 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1836 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1848 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1872 name: C:\WINDOWS\system32\CTsvcCDA.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1896 name: C:\WINDOWS\eHome\ehRecvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1972 name: C:\WINDOWS\eHome\ehSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 196 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 260 name: C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 292 name: C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe owner: SYSTEM domain: NT AUTHORITY
PID: 328 name: C:\Program Files\LogMeIn\x86\RaMaint.exe owner: SYSTEM domain: NT AUTHORITY
PID: 516 name: C:\Program Files\LogMeIn\x86\LogMeIn.exe owner: SYSTEM domain: NT AUTHORITY
PID: 588 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 644 name: C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 680 name: C:\WINDOWS\system32\PnkBstrA.exe owner: SYSTEM domain: NT AUTHORITY
PID: 360 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1120 name: C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1172 name: C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1920 name: C:\Program Files\Internet Explorer\iexplore.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1940 name: C:\Program Files\Internet Explorer\iexplore.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1948 name: C:\Program Files\Internet Explorer\iexplore.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2700 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2752 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2864 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2988 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3724 name: C:\WINDOWS\Explorer.EXE owner: Niall domain: F3BFC27E96CB470
PID: 3988 name: C:\WINDOWS\ehome\ehtray.exe owner: Niall domain: F3BFC27E96CB470
PID: 4016 name: C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe owner: Niall domain: F3BFC27E96CB470
PID: 4076 name: C:\WINDOWS\SOUNDMAN.EXE owner: Niall domain: F3BFC27E96CB470
PID: 420 name: C:\WINDOWS\system32\Rundll32.exe owner: Niall domain: F3BFC27E96CB470
PID: 596 name: C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe owner: Niall domain: F3BFC27E96CB470
PID: 624 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Niall domain: F3BFC27E96CB470
PID: 672 name: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe owner: Niall domain: F3BFC27E96CB470
PID: 1060 name: C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe owner: Niall domain: F3BFC27E96CB470
PID: 2108 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Niall domain: F3BFC27E96CB470
PID: 2124 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Niall domain: F3BFC27E96CB470
PID: 2188 name: C:\WINDOWS\PixArt\PAC7302\Monitor.exe owner: Niall domain: F3BFC27E96CB470
PID: 2264 name: C:\Program Files\Steam\Steam.exe owner: Niall domain: F3BFC27E96CB470
PID: 2328 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Niall domain: F3BFC27E96CB470
PID: 2636 name: C:\WINDOWS\system32\ctfmon.exe owner: Niall domain: F3BFC27E96CB470
PID: 2460 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe owner: Niall domain: F3BFC27E96CB470
PID: 3460 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe owner: Niall domain: F3BFC27E96CB470
PID: 1088 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1568 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe owner: Niall domain: F3BFC27E96CB470
PID: 3600 name: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe owner: Niall domain: F3BFC27E96CB470
PID: 184 name: C:\WINDOWS\system32\wuauclt.exe owner: Niall domain: F3BFC27E96CB470
PID: 3376 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Niall domain: F3BFC27E96CB470
PID: 2004 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Niall domain: F3BFC27E96CB470
PID: 1036 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Niall domain: F3BFC27E96CB470

Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: ehTray
imagepath: C:\WINDOWS\ehome\ehtray.exe
Name: Acrobat Assistant 7.0
imagepath: "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
Name: amd_dc_opt
imagepath: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: SoundMan
imagepath: SOUNDMAN.EXE
Name: NVMixerTray
imagepath: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
Name: P17Helper
imagepath: Rundll32 P17.dll,P17Helper
Name: IR_SERVER
imagepath: C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe
Name: TkBellExe
imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Name: LogMeIn GUI
imagepath: "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
Name: CTSysVol
imagepath: C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: PAC7302_Monitor
imagepath: C:\WINDOWS\PixArt\PAC7302\Monitor.exe
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
imagepath: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
imagepath: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
imagepath: C:\Program Files\Microsoft Office\Office10\OSA.EXE
Name:
imagepath: C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\cskqvvwk.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: COMSysApp
displayname: COM+ System Application
Name: Creative Service for CDROM Access
displayname: Creative Service for CDROM Access
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ehRecvr
displayname: Media Center Receiver Service
Name: ehSched
displayname: Media Center Scheduler Service
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: iPod Service
displayname: iPod Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: LMIGuardianSvc
displayname: LMIGuardianSvc
Name: LMIMaint
displayname: LogMeIn Maintenance Service
Name: LogMeIn
displayname: LogMeIn
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PCToolsSSDMonitorSvc
displayname: PC Tools Startup and Shutdown Monitor service
Name: PlugPlay
displayname: Plug and Play
Name: PnkBstrA
displayname: PnkBstrA
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: Super G Wireless Service
displayname: Wireless LAN Card
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration





Please can anyone help me with this?

#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 05 April 2011 - 05:43 AM

Hi,

ComboFix should be run only under supervision of trained helper!

Look for c:\ComboFix.txt file and post back its contents.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 06 April 2011 - 05:05 PM

Combofix Logs......

ComboFix 11-03-30.03 - Niall 31/03/2011 19:49:03.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2495 [GMT 1:00]
Running from: c:\documents and settings\Niall\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-29 16:43 . 2011-03-29 16:43 -------- d-----w- c:\program files\tmselsnw
2011-03-27 10:03 . 2011-03-27 10:03 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-27 10:02 . 2011-03-27 10:02 -------- d-----w- c:\documents and settings\Niall\Application Data\Registry Mechanic
2011-03-27 09:59 . 2010-09-16 11:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-27 09:59 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-27 09:59 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-27 09:59 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-27 09:59 . 2011-03-27 09:59 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-23 19:48 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-03-23 19:47 . 2011-03-23 19:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-22 19:50 . 2011-03-22 19:50 -------- d-----w- C:\dell
2011-03-19 16:54 . 2004-08-04 00:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-19 16:54 . 2004-08-04 00:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-13 20:19 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 20:19 . 2011-03-13 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 20:19 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 20:03 . 2011-03-13 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 10:19 . 2008-01-07 11:22 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 10:22 . 2008-01-07 11:22 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 242156]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 90112]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 295276]
"P17Helper"="P17.dll" [2005-05-03 64512]
"IR_SERVER"="c:\program files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe" [2007-04-16 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 185896]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 577983]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-15 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 274945]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-16 19:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\railroad tycoon 3\\RT3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Niall\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
.
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 136176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R3 BDA_Capture_220A;Digital-TV receiver Driver 3.0.1.18;c:\windows\system32\Drivers\BDA_Capture_220A.sys [2007-02-27 17152]
R3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 6.7.10.0;c:\windows\system32\Drivers\BDA_Loader_220A.sys [2006-07-10 16896]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R4 fasttrak;fasttrak; [x]
R4 iteraid;iteraid; [x]
R4 m5287;m5287; [x]
R4 m5289;m5289; [x]
R4 Si3112r;Si3112r; [x]
R4 viasraid;viasraid; [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-16 374152]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 Super G Wireless Service;Wireless LAN Card;c:\program files\Wireless 11bg Netowrk Utility\WLService.exe [2004-03-29 49152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2007-11-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series6752D6AD6ACDD4DEC3DB209ADB1B7F17782FA95F186575140.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-03-29 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-27 12:11]
.
2011-03-29 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-03-27 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Niall\Application Data\Mozilla\Firefox\Profiles\le66zqav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: KGen: kgen@elitwork.com - %profile%\extensions\kgen@elitwork.com
FF - Ext: Flash AX Control: npfax@microgaming.co.uk - %profile%\extensions\npfax@microgaming.co.uk
FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com
FF - Ext: Server Spy: ServerSpy@jacquet.eu.org - %profile%\extensions\ServerSpy@jacquet.eu.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 19:57
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Niall\Start Menu\Programs\Startup\cskqvvwk.exe 158152 bytes executable
c:\documents and settings\Niall\Start Menu\Programs\Startup\desktop.ini 84 bytes
c:\documents and settings\Niall\Start Menu\Programs\Startup\Dropbox.lnk 994 bytes
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L250S0 rev.BANC1G10 -> Harddisk0\DR0 -> \Device0000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AD95439]<<
c:\docume~1\Niall\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ad9b7b8]; MOV EAX, [0x8ad9b834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8AE63AB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device000006d[0x8ADE2AC0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8AE63030]
\Driver\nvata[0x8AE64A98] -> IRP_MJ_CREATE -> 0x8AD95439
error: Read Incorrect function.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device000006c -> \??\IDE#DiskMaxtor_6L250S0__________________________BANC1G10#354C353957414744202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"ShortlistDir"=""
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006e
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\"
"ScreenshotsDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\data\\updates\\update-1120\\db\\1120\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games\\Alti.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009eb9
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000019
"StaffSearchFeatureNum"=dword:00000004
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000016
"CompareFeatureNum"=dword:00000001
"ShortlistFeatureNum"=dword:00000004
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:0000001d
"HintsFeatureNum"=dword:00000004
"GenieReportFeatureNum"=dword:00000006
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"ShortlistDir"=""
"LangDB"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"Currency"=dword:00000056
"WindowHeight"=dword:00000359
"WindowWidth"=dword:00000434
"WindowLeft"=dword:00000066
"WindowTop"=dword:00000054
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000085
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000026
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000005a
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:0000004d
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000021
"Position5"=dword:00000008
"Visible5"=dword:00000001
"Width5"=dword:00000027
"Position6"=dword:00000009
"Visible6"=dword:00000001
"Width6"=dword:00000037
"Position7"=dword:0000000b
"Visible7"=dword:00000001
"Width7"=dword:0000001e
"Position8"=dword:0000000c
"Visible8"=dword:00000001
"Width8"=dword:0000001c
"Position9"=dword:0000000d
"Visible9"=dword:00000001
"Width9"=dword:0000004e
"Position10"=dword:0000000e
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000f
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000010
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000011
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000012
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000013
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000014
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000015
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000016
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000017
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000018
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000019
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001a
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001b
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001c
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001d
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001e
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001f
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000020
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000021
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000022
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000023
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000024
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000025
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000026
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000027
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:00000028
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000029
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002a
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:0000002b
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:0000002d
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:0000002e
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002f
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000030
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000031
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000032
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000059
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000005a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000005b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000005c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000005d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000005e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000005f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000060
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000061
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000062
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000063
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000064
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000065
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000066
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000067
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000068
"Visible62"=dword:00000001
"Width62"=dword:0000002e
"Position63"=dword:00000069
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000006a
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000006b
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000006c
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000006d
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000006e
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000006f
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000070
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000071
"Visible71"=dword:00000001
"Width71"=dword:00000021
"Position72"=dword:00000072
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000073
"Visible73"=dword:00000001
"Width73"=dword:0000005f
"Position74"=dword:00000074
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000075
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000076
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000077
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000078
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000079
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000007a
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000007b
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000007c
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000007d
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000007e
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000007f
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000080
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000081
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000082
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000083
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000084
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000085
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000086
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000087
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000088
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000089
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000008a
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000008b
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000008c
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000008d
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000008e
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000008f
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000090
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000091
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000092
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000093
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:00000094
"Visible106"=dword:00000001
"Width106"=dword:0000004e
"Position107"=dword:0000000a
"Visible107"=dword:00000001
"Width107"=dword:00000027
"Position108"=dword:00000033
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:00000034
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000035
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000036
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000037
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000038
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000039
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:0000003a
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:0000003b
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:0000003c
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:0000003d
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:0000003e
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:0000003f
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:00000040
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:00000041
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:00000042
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:00000043
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:00000044
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:00000045
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:00000046
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000047
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000048
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000049
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:0000004a
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:0000004b
"Visible132"=dword:00000000
"Width132"=dword:0000000a
"Position133"=dword:0000004c
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:0000004d
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:0000004e
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:0000004f
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:00000050
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:00000051
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:00000052
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:00000053
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:00000054
"Visible141"=dword:00000000
"Width141"=dword:0000000a
"Position142"=dword:00000055
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:00000056
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000057
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:00000058
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000005
"Visible146"=dword:00000001
"Width146"=dword:00000038
"Position147"=dword:00000006
"Visible147"=dword:00000001
"Width147"=dword:00000024
"Position148"=dword:00000095
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:0000002b
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:0000006c
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006e
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000069
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:0000006a
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000069
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000068
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"ShortlistDir"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000003
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,d3,d4,82,89,31,77,af,22,d2,e4,a5,74,e2,0d,87,1c,3f,1f,20,a3,
2f,4f,5c,d4,ca,ad,25,4b,40,b8,0b,61,a4,8c,34,e7,c4,54,91,7f,e9,48,a6,02,e6,\
"rkeysecu"=hex:11,da,88,d0,ae,e2,0f,9a,76,5b,73,45,30,3f,d0,4f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-31 20:01:13
ComboFix-quarantined-files.txt 2011-03-31 19:01
ComboFix2.txt 2011-03-27 21:25
ComboFix3.txt 2011-03-27 09:54
.
Pre-Run: 139,788,087,296 bytes free
Post-Run: 139,764,015,104 bytes free
.
- - End Of File - - 51A1415E87D59FDCC8C2323B17721B49

#6 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 06 April 2011 - 05:05 PM

Combofix Logs......

ComboFix 11-03-30.03 - Niall 31/03/2011 19:49:03.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2495 [GMT 1:00]
Running from: c:\documents and settings\Niall\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-29 16:43 . 2011-03-29 16:43 -------- d-----w- c:\program files\tmselsnw
2011-03-27 10:03 . 2011-03-27 10:03 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-27 10:02 . 2011-03-27 10:02 -------- d-----w- c:\documents and settings\Niall\Application Data\Registry Mechanic
2011-03-27 09:59 . 2010-09-16 11:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-27 09:59 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-27 09:59 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-27 09:59 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-27 09:59 . 2011-03-27 09:59 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-23 19:48 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-03-23 19:47 . 2011-03-23 19:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-22 19:50 . 2011-03-22 19:50 -------- d-----w- C:\dell
2011-03-19 16:54 . 2004-08-04 00:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-19 16:54 . 2004-08-04 00:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-13 20:19 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 20:19 . 2011-03-13 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 20:19 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 20:03 . 2011-03-13 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 10:19 . 2008-01-07 11:22 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 10:22 . 2008-01-07 11:22 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ------w- c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 242156]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 90112]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 295276]
"P17Helper"="P17.dll" [2005-05-03 64512]
"IR_SERVER"="c:\program files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe" [2007-04-16 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 185896]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 577983]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-15 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 274945]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-16 19:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\railroad tycoon 3\\RT3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Niall\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
.
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 136176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R3 BDA_Capture_220A;Digital-TV receiver Driver 3.0.1.18;c:\windows\system32\Drivers\BDA_Capture_220A.sys [2007-02-27 17152]
R3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 6.7.10.0;c:\windows\system32\Drivers\BDA_Loader_220A.sys [2006-07-10 16896]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R4 fasttrak;fasttrak; [x]
R4 iteraid;iteraid; [x]
R4 m5287;m5287; [x]
R4 m5289;m5289; [x]
R4 Si3112r;Si3112r; [x]
R4 viasraid;viasraid; [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-16 374152]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 Super G Wireless Service;Wireless LAN Card;c:\program files\Wireless 11bg Netowrk Utility\WLService.exe [2004-03-29 49152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2007-11-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series6752D6AD6ACDD4DEC3DB209ADB1B7F17782FA95F186575140.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-03-29 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-27 12:11]
.
2011-03-29 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-03-27 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Niall\Application Data\Mozilla\Firefox\Profiles\le66zqav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: KGen: kgen@elitwork.com - %profile%\extensions\kgen@elitwork.com
FF - Ext: Flash AX Control: npfax@microgaming.co.uk - %profile%\extensions\npfax@microgaming.co.uk
FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com
FF - Ext: Server Spy: ServerSpy@jacquet.eu.org - %profile%\extensions\ServerSpy@jacquet.eu.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 19:57
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Niall\Start Menu\Programs\Startup\cskqvvwk.exe 158152 bytes executable
c:\documents and settings\Niall\Start Menu\Programs\Startup\desktop.ini 84 bytes
c:\documents and settings\Niall\Start Menu\Programs\Startup\Dropbox.lnk 994 bytes
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L250S0 rev.BANC1G10 -> Harddisk0\DR0 -> \Device0000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AD95439]<<
c:\docume~1\Niall\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ad9b7b8]; MOV EAX, [0x8ad9b834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8AE63AB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device000006d[0x8ADE2AC0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8AE63030]
\Driver\nvata[0x8AE64A98] -> IRP_MJ_CREATE -> 0x8AD95439
error: Read Incorrect function.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device000006c -> \??\IDE#DiskMaxtor_6L250S0__________________________BANC1G10#354C353957414744202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"ShortlistDir"=""
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006e
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\"
"ScreenshotsDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\data\\updates\\update-1120\\db\\1120\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games\\Alti.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009eb9
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000019
"StaffSearchFeatureNum"=dword:00000004
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000016
"CompareFeatureNum"=dword:00000001
"ShortlistFeatureNum"=dword:00000004
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:0000001d
"HintsFeatureNum"=dword:00000004
"GenieReportFeatureNum"=dword:00000006
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"ShortlistDir"=""
"LangDB"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"Currency"=dword:00000056
"WindowHeight"=dword:00000359
"WindowWidth"=dword:00000434
"WindowLeft"=dword:00000066
"WindowTop"=dword:00000054
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000085
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000026
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000005a
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:0000004d
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000021
"Position5"=dword:00000008
"Visible5"=dword:00000001
"Width5"=dword:00000027
"Position6"=dword:00000009
"Visible6"=dword:00000001
"Width6"=dword:00000037
"Position7"=dword:0000000b
"Visible7"=dword:00000001
"Width7"=dword:0000001e
"Position8"=dword:0000000c
"Visible8"=dword:00000001
"Width8"=dword:0000001c
"Position9"=dword:0000000d
"Visible9"=dword:00000001
"Width9"=dword:0000004e
"Position10"=dword:0000000e
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000f
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000010
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000011
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000012
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000013
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000014
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000015
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000016
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000017
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000018
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000019
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001a
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001b
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001c
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001d
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001e
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001f
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000020
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000021
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000022
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000023
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000024
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000025
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000026
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000027
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:00000028
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000029
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002a
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:0000002b
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:0000002d
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:0000002e
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002f
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000030
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000031
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000032
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000059
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000005a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000005b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000005c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000005d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000005e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000005f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000060
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000061
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000062
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000063
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000064
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000065
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000066
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000067
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000068
"Visible62"=dword:00000001
"Width62"=dword:0000002e
"Position63"=dword:00000069
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000006a
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000006b
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000006c
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000006d
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000006e
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000006f
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000070
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000071
"Visible71"=dword:00000001
"Width71"=dword:00000021
"Position72"=dword:00000072
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000073
"Visible73"=dword:00000001
"Width73"=dword:0000005f
"Position74"=dword:00000074
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000075
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000076
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000077
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000078
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000079
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000007a
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000007b
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000007c
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000007d
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000007e
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000007f
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000080
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000081
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000082
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000083
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000084
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000085
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000086
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000087
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000088
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000089
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000008a
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000008b
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000008c
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000008d
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000008e
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000008f
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000090
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000091
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000092
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000093
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:00000094
"Visible106"=dword:00000001
"Width106"=dword:0000004e
"Position107"=dword:0000000a
"Visible107"=dword:00000001
"Width107"=dword:00000027
"Position108"=dword:00000033
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:00000034
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000035
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000036
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000037
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000038
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000039
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:0000003a
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:0000003b
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:0000003c
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:0000003d
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:0000003e
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:0000003f
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:00000040
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:00000041
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:00000042
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:00000043
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:00000044
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:00000045
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:00000046
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000047
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000048
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000049
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:0000004a
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:0000004b
"Visible132"=dword:00000000
"Width132"=dword:0000000a
"Position133"=dword:0000004c
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:0000004d
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:0000004e
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:0000004f
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:00000050
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:00000051
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:00000052
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:00000053
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:00000054
"Visible141"=dword:00000000
"Width141"=dword:0000000a
"Position142"=dword:00000055
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:00000056
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000057
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:00000058
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000005
"Visible146"=dword:00000001
"Width146"=dword:00000038
"Position147"=dword:00000006
"Visible147"=dword:00000001
"Width147"=dword:00000024
"Position148"=dword:00000095
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:0000002b
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:0000006c
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006e
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000069
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:0000006a
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000069
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000068
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"ShortlistDir"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000003
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,d3,d4,82,89,31,77,af,22,d2,e4,a5,74,e2,0d,87,1c,3f,1f,20,a3,
2f,4f,5c,d4,ca,ad,25,4b,40,b8,0b,61,a4,8c,34,e7,c4,54,91,7f,e9,48,a6,02,e6,\
"rkeysecu"=hex:11,da,88,d0,ae,e2,0f,9a,76,5b,73,45,30,3f,d0,4f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-31 20:01:13
ComboFix-quarantined-files.txt 2011-03-31 19:01
ComboFix2.txt 2011-03-27 21:25
ComboFix3.txt 2011-03-27 09:54
.
Pre-Run: 139,788,087,296 bytes free
Post-Run: 139,764,015,104 bytes free
.
- - End Of File - - 51A1415E87D59FDCC8C2323B17721B49

#7 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 07 April 2011 - 05:53 PM

Can anyone help please? :(

This is the only malware removal forum the virus hasn't blocked from my PC :(

#8 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 07 April 2011 - 08:28 PM

Managed to get an Adaware full scan. Here's the logs......

Logfile created: 07/04/2011 17:52:06
Ad-Aware version: 9.0.2
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Niall

*********************** Definitions database information ***********************
Lavasoft definition file: 150.337
Genotype definition file version: Unknown
Extended engine definition file: 8790.0

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 89881
Objects detected: 280


Type Detected
==========================
Processes.......: 3
Registry entries: 4
Hostfile entries: 0
Files...........: 271
Folders.........: 0
LSPs............: 0
Cookies.........: 2
Browser hijacks.: 0
MRU objects.....: 0



Skipped items:
Description: HKLM:Software\Microsoft\Windows\CurrentVersion\Run:QuickTime Task Family Name: unknown Engine: 1 Clean status: Success Item ID: 1 Family ID: 0
Description: HKLM:Software\Microsoft\Windows\CurrentVersion\Run:amd_dc_opt Family Name: unknown Engine: 1 Clean status: Success Item ID: 1 Family ID: 0
Description: HKCR:CLSID\{AE7CD045-E861-484f-8273-0445EE161910}: Family Name: unknown Engine: 1 Clean status: Success Item ID: 1 Family ID: 0
Description: HKLM:Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\\{AE7CD045-E861-484f-8273-0445EE161910}: Family Name: unknown Engine: 1 Clean status: Success Item ID: 1 Family ID: 0
Description: Adobe LM Service Family Name: unknown Engine: 1 Clean status: Success Item ID: 0 Family ID: 0
Description: FLEXnet Licensing Service Family Name: unknown Engine: 1 Clean status: Success Item ID: 0 Family ID: 0

Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Repaired items:
Description: c:\program files\adobe\adobe acrobat 7.0\acrobat\acroiefavclient.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3a71d8e6d966f42e82349cbc5c1b3cda
Description: c:\program files\adobe\adobe acrobat 7.0\acrobat\acroiefavclient.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3a71d8e6d966f42e82349cbc5c1b3cda
Description: c:\program files\quicktime\qttask.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8385e4bc162b0be8e66713a9c2f945d0
Description: c:\program files\amd\dual-core optimizer\amd_dc_opt.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e0c68ad5206f6a648f158074b29f8290
Description: c:\program files\common files\adobe systems shared\service\adobelmsvc.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ac69ac934c83cd4585c2fe6253a1fbc6
Description: c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 9094cc9e4deded5d86d0fb180fcb20c6
Description: c:\program files\macromedia\dreamweaver 8\dreamweaver.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 88fd345a300701ed89f1c2a01231e772
Description: c:\program files\creative\mediasource5\go\ctcmsgou.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: cb18ae105e651cdc7646cda1cb5da5ae
Description: c:\program files\adobe\adobe utilities\extendscript toolkit\extendscript toolkit.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 527fbeb44a6da0f63295732dcea981cb
Description: c:\program files\adobe\adobe bridge\bridge.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ee4eec84762e403518b9e5715fdebd11
Description: c:\program files\adobe\adobe help center\ahc.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 901b91f89275f129c9883bc879486718
Description: c:\program files\adobe\adobe illustrator cs2\support files\contents\windows\illustrator.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 81ab6c682f84e820253a888c4d2c187f
Description: c:\program files\adobe\adobe photoshop cs2\imageready.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 070c7c2fc6f6282cef6d4faee88cb656
Description: c:\program files\adobe\adobe indesign cs2\indesign.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 40b9123f8ff796636c049bee157320ab
Description: c:\program files\ashongsoft\imageconverterone\imgcp.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 5904f544b478f7f3c82c4bed73e5252b
Description: c:\program files\creative\mediasource5\audcvtu.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1a6144fea2ce24f8bf099f8d4c03b89a
Description: c:\program files\creative\sbaudigy\diagnostics\diagnos3.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e40b450396362dad1611cbdb29156dd0
Description: c:\program files\creative\sbaudigy\program\restore.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 66a337c0278c8602a9342823acded39f
Description: c:\program files\creative\sbaudigy\smart recorder\smartrec.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bcdf3d2b332fff002ddfd4f0f04cd6fb
Description: c:\program files\creative\sbaudigy\speaker settings\spkset.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 84cf1581370fdcee6a43ace3b2a9ac66
Description: c:\program files\creative\sbaudigy\sfbm\sfbm.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ca0abbde8ab79863ece09a5b1e8c75bb
Description: c:\program files\creative\sbaudigy\wavestudio 7\ctwave.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 62bd25852e614064f8e44b8251b4bc67
Description: c:\program files\divx\divx codec\config.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 21591848fbf951872d570aa9e9bf6b96
Description: c:\program files\divx\divx codec\divx ekg.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1f7ecec9a2f3b34bda7f95b29f304bb6
Description: c:\program files\divx\divx converter\converter.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0d50fa419910070d72ddddfde2433524
Description: c:\program files\divx\divx player\divx player.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 536c00f4bbd4b1820ed71be386d2d22b
Description: c:\program files\ea games\battlefield 2\support\easyinfo.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 4dfa9be01f0bfdb256d257aea8f832f1
Description: c:\program files\ea games\battlefield 2\bf2serverlauncher.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3c6835b12ad0bf27ba87e0df022fcd3c
Description: c:\program files\ea games\battlefield 2\bf2.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 47f07247d2a9d61dbe0eeee707092829
Description: c:\program files\ea games\battlefield 2\support\ereg.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 108e2d8f8293b86e117742b789257bcf
Description: c:\program files\installshield installation information\{6ea3a8a6-4b6b-4288-b8fb-3eb11a403ed3}\setup.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1e73bfb5b5ea17569c6925e4b954b104
Description: c:\program files\hewlett-packard\digital imaging\album\hpqaprnt.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 77f316ea475fff272a4d85f8301d3beb
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqdirec.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 877d7d70442180fa8926f2da29c4b32a
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqvwr08.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3a4d827d74917d3782b400b4937e28ee
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 24dccb61e53281da8bc2ef556a21fe02
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqwrg.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1af2ed1e2e232d0a4abccddb79b0d55b
Description: c:\program files\hewlett-packard\digital imaging\{7c8bb31c-e09e-4c7d-bbf1-45e33b467fe1}\setup\hpzscr01.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 472389a08ca9ac07c33ae51531631948
Description: c:\program files\hewlett-packard\memories disc\hpod.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1b22c940e2dcc83d939c545f165dbd32
Description: c:\program files\nvidia corporation\nvmixer\nvmixer.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 41418c5a73ba280ac0a744e720481d2b
Description: c:\program files\common files\real\update_ob\r1puninst.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: aa898d4149eca6fd7ed2d705189a6151
Description: c:\program files\common files\adobe\calibration\adobe gamma loader.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: fc3b442629f0038ba6ad68951b5e23e6
Description: c:\program files\winamp\winamp.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 13e80c884dbbcd9913983ccdf4c7d6ed
Description: c:\program files\windows plus\audio converter\audioconverter.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0bf742b918c486ef63e844bf1793cf24
Description: c:\program files\windows plus\cdlm\cdlm.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: fc69ca11a1afdcda734c6a2ba2d69c8a
Description: c:\program files\windows plus\dancer\dancer.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 62252647b2f34c58cc7cf4838284ad7c
Description: c:\program files\windows plus\party mode\partymode.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 9861e5999fb5a7308f3411cbc301c1cc
Description: c:\program files\messenger\msmsgs.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: db6ca886781f2f8156bc2f8e65c851b8
Description: c:\program files\winrar\winrar.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 56ab0fe05b235d1ded9d081426f3b907
Description: c:\program files\installshield installation information\{cecfdcd2-e425-4d86-aea0-ca3451ebf974}\setup.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f4708f8e7d36a1e6dcd09cffba65aed2
Description: c:\documents and settings\niall\application data\dropbox\bin\python25.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 16e0b6aa3495cb04d9b5d79e368a6e25
Description: c:\documents and settings\niall\application data\facebook\npfbplugin_1_0_3.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8aafe1c8409ef5e2a8513bf044bca288
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\4\7ec4bf04-13a6ce1d-n\jmc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 593b3360dba5473c3258b1aa21099712
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\4\7ec4bf04-13a6ce1d-n\msvcp71.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 9514baa0aae4680a8cf9d31f279ffe60
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\4\7ec4bf04-13a6ce1d-n\msvcr71.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 73db52afae7fac6abb3c460b5118fcda
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\42\4488892a-5df6f849-n\decora-d3d.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c073654420e8a9f28bfe1ffa5a2f9699
Description: c:\documents and settings\niall\application data\sun\java\deployment\systemcache\6.0\42\4488892a-5df6f849-n\decora-sse.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ea8864f99da9ba28e00f9a1258acdef3
Description: c:\documents and settings\niall\desktop\fm coach calculator.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: eb61f7634bdb7fce6d9aa85ea5862c34
Description: c:\documents and settings\niall\desktop\otl.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 63e7e33ccc1e6ec2e41251c5725fc1c0
Description: c:\documents and settings\niall\desktop\tfc.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 49eba28493829c0d255eee33acad23f5
Description: c:\documents and settings\niall\local settings\temp\7zsf.tmp\htmlayout.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 4d0a922929eebcdac6dec835f540e1f0
Description: c:\documents and settings\niall\local settings\temporary internet files\content.ie5\4lyn49qb\otl[1].exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0a3e1740d41037641a0621e86a3ea2dc
Description: c:\documents and settings\niall\my documents\bittorrent downloads\rct3\rct3\autorun.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1fb49b2510ea351280fa498749365d14
Description: c:\documents and settings\niall\my documents\bittorrent downloads\rct3\rct3\directx\dsetup.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 49ef64dbb877539e1c6dde6e20000e26
Description: c:\documents and settings\niall\my documents\bittorrent downloads\rct3\rct3\directx\dsetup32.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 25b3493f5b9008a0cbf192daef17327f
Description: c:\documents and settings\niall\my documents\bittorrent downloads\rct3\rct3\directx\dxsetup.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b829dc3be6eed172b763e665686a5395
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\nvack.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 10c37854c072ca1c785fa27969a63131
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\nvasio.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ac8920ed300f6393164f8d33dea9509d
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\nvcoad.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b5366590219a760c0e2e92a35fd312e7
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\nvcoam.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8081b56ae1d903cd6887ec3796553f48
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\nvopenal.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8f5b4c7dc99ece045b8f289f0f55dfb6
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\nvuaudio.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bcf0291ff284f3f6e961ccc110705673
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\nvumpu.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b865be32cd20a27d7e223f928a465642
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audiodrv\openal32.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3d374017bb9c379c77f9b46effa242e4
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\audioutl\setup.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: fd7fe955f75f807d1b9f241478353b34
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ethernet\bdco1.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 76a489b86e69176d70c5aac99be41f59
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ethernet\fdco1.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a33df2b6641285cef5055dc6cd3f1620
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ethernet\nvconrm.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2b899eee21a680b00aed3a0342e4f24d
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ethernet\nvunrm.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6a5f404bb80b43277722af96e04631ef
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\legacy\idecoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a4d6119ed008227fb0e602f7f3c2603e
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\legacy\nvcoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c597b8ac93a845b2fd1bd725fd4c7b82
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\legacy\nvraidco.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a5be2bdd7456e8d8ad0bcb2f218bf985
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\legacy\nvuide.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e8e518c242ae0f124d46cda627b243ed
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\raidtool\nvraidman.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0f553e4bf840ffd56fe4b06f57c7d921
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\raidtool\nvraidservice.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c25d3e73f159722a446210bd035d673c
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\raidtool\nvraidwizard.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: be1100b9f64e58efe223d3c5b580625a
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\raidtool\nvsataconnection.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2b3d180260941bcfa8c393620307879f
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\sataraid\idecoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ea55610279eadecc7307bce75ba0ccd8
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\sataraid\nvraidco.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 90f3e514619b53634b287a8c6e5029c3
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\sata_ide\idecoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8a7856f2c68906016665f036aee6ca61
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\sata_ide\nvcoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b9a88a36dd073c05ab12faf2f087acde
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\win2k\sata_ide\nvuide.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7f1880a2f50ec15f950fa0e6d10bbaa6
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\legacy\idecoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 4c120957047d1f024ad2b190d904f3f9
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\legacy\nvcoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ec42cb7780e34e8efa5f4d5270c6847d
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\legacy\nvraidco.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bb51e782549d74661b709387b907ce1e
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\legacy\nvuide.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3b407fef6c6755bcdcfbd48148cadd16
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\raidtool\nvraidman.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: d02e5ef566381239f1f8ff0ba98c875b
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\raidtool\nvraidservice.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 452a9f562504b3d7315935491f47b944
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\raidtool\nvraidwizard.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0f04c7d7e321b11c4e0134a32b027949
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\raidtool\nvsataconnection.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 48783dfddf3c533f3658011563045f19
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\sataraid\idecoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: d084d43e37950e3ebd95c3c758374495
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\sataraid\nvraidco.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 65cc7673fd4c91e128fd4c13b53350ea
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\sata_ide\idecoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3ce033545f9c321b2a82752059855670
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\sata_ide\nvcoi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6ee3dfcfd692c282cab6eb081cef440c
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\ide\winxp\sata_ide\nvuide.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e0a91fca00ba9ba1aefa182354676a52
Description: c:\documents and settings\niall\my documents\nvidia\nforcewin2kxp\8.22\smbus\nvusmb.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b1338a38508450e72baee682df4a44fa
Description: c:\documents and settings\niall\my documents\nvidia\win2kxp\162.18\nvudisp.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 768296d946343a4b3c73667a410ecbe6
Description: c:\documents and settings\niall\my documents\nvidia\win2kxp\77.30\nvudisp.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6b983d1e118b7b720aad423355759291
Description: c:\documents and settings\niall\my documents\nvidia\win2kxp\81.98\nvudisp.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f78bd1c330dc3e5aad68888093647bc7
Description: c:\program files\ac3filter\ac3config.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7d81e9058a048dd480b01074a0164109
Description: c:\program files\emerald editor community\crimson editor svn286\cedt.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7416ae348b4d4ea6035a42e04408ab8f
Description: c:\program files\free window registry repair\unwise.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 205557f8db42d13862ed9f0c49bde1fd
Description: c:\program files\mediatwins software\ac3 decoder\ac3dec.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: afa8bf86a920a86f2556f9868e2ffa9c
Description: c:\program files\mediatwins software\ac3 decoder\freshupdate.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6bd7eccd0a484e5f4a24210fcdb02939
Description: c:\program files\sopcast\sopcast.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f6e0acc59b39d6a7daa9900d14ae41c3
Description: c:\program files\adobe\adobe acrobat 7.0\acrobat elements\contextmenu.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3e532d84416b8a9253339e463856d4b8
Description: c:\program files\adobe\adobe acrobat 7.0\acrobat\acrobat.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f94d4515b3b9f4a4dca7c4f4f9ca89d4
Description: c:\program files\adobe\adobe acrobat 7.0\acrobat\acrobatinfo.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: dfcf24ce0f61df1f2de074ae44aa03a3
Description: c:\program files\adobe\adobe acrobat 7.0\designer 7.0\filesystembrowser.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e0c0ba23739cd8655109e751b49301ed
Description: c:\program files\adobe\adobe acrobat 7.0\designer 7.0\formdesigner.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6edbfbc417e27b2602099f495abe2c3e
Description: c:\program files\adobe\adobe acrobat 7.0\distillr\acrodist.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bdcf73cf34ce5c49c6f01a21d326d218
Description: c:\program files\adobe\adobe acrobat 7.0\pdfmaker\common\adobepdfmakerx.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ef20b45c222742689672b7f3ee181346
Description: c:\program files\adobe\adobe acrobat 7.0\pdfmaker\common\pdfmakerapi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 333670582d5c91554a65e5750f617a9d
Description: c:\program files\adobe\adobe captivate 3\avi2swf.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 450b5a5c1886b6c7565ab0911c9581c6
Description: c:\program files\adobe\adobe captivate 3\fullmotionrecorder.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: df4008bdaac930ca4b61a2fced603ae7
Description: c:\program files\adobe\adobe captivate 3\nsaudio.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 768f9ef4ace1cb483a3be16c118ce18c
Description: c:\program files\adobe\adobe captivate 3\ppsuplo.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 925cb521fc9622f43a4545f598109320
Description: c:\program files\adobe\adobe captivate 3\recorder.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 746d71541c53b7a1d19ca9353d3f6dd0
Description: c:\program files\ashongsoft\imageconverterone\extmenu.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 81147e4812f8992e0af17c7395b05001
Description: c:\program files\common files\apple\mobile device support\bin\outlookchangenotifieraddin.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f97e1774ba2c85f4a6f52e73e9c44a66
Description: c:\program files\common files\designer\msaddndr.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 237c989479b92f050dc8ad1e27384d83
Description: c:\program files\common files\hewlett-packard\scanjet\hpgscnsv.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0274b11916d1d1c57f5c163aba21ca7d
Description: c:\program files\common files\installshield\engine\6\intel 32\ctor.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 843fe9bb8dcfe49d42c4618f80401fd6
Description: c:\program files\common files\installshield\engine\6\intel 32\iuser.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e0abb78b90236711c55dd833a0881564
Description: c:\program files\common files\installshield\engine\6\intel 32\objectps.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1d0ba67c6d4b09f15da9c70583eb7979
Description: c:\program files\common files\installshield\iscript\iscript.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0e26b42dd385a892041e8302e83fe3c4
Description: c:\program files\common files\microsoft shared\mssearch\bin\srchadm.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c577936b1c5f601d6988056787c686d1
Description: c:\program files\common files\microsoft shared\web folders\pkmaxctl.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a0462bdfe13db9ebe860f2639901b3fd
Description: c:\program files\common files\microsoft shared\web folders\pkmcdo.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 88e863baa65eddd193f66e6e3e8171c8
Description: c:\program files\common files\microsoft shared\web folders\pkmcore.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 273ac9277341e75674f2b920f1fb095b
Description: c:\program files\common files\microsoft shared\web folders\pkmforms.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 093c679e2faf6bb184e0ebb9764a20d0
Description: c:\program files\common files\microsoft shared\web folders\promdemo.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bf8ac741df488c4862066d6571f9f874
Description: c:\program files\common files\microsoft shared\web folders\secmgr.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: eb112c93d0064c72d2b315aed5c10c88
Description: c:\program files\common files\microsoft shared\web folders\vaiddmgr.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 78ff4dc5e2c65b3ae7207cee7ab29417
Description: c:\program files\common files\nvidia shared\audio\nvaudiomod.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3edc96399c3a9acc32617ab9e403434c
Description: c:\program files\common files\nvidia shared\audio\nvaudiowizard.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: af2e3c4bcfa2df572b79234d68140fe9
Description: c:\program files\common files\real\gtoolbar\barcontrol.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c950222a0b7d13aefa19573c4e3967d8
Description: c:\program files\common files\system\ole db\msdaipp.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e70618d452b6680f982313a57fe3d49c
Description: c:\program files\creative\sbaudigy\wavestudio 7\ctaudcln.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 10fce552f1c430183083055fe1cd532a
Description: c:\program files\creative\shared files\auchnmap.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e7735c0bd421fa5ee63115939ac1fe73
Description: c:\program files\creative\shared files\cddbcontrolcreative.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: cba9cbb379536786a818dd0a7253d7a4
Description: c:\program files\creative\shared files\cddbuicreative.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 998256631bf91bd13c3b22660ae8489d
Description: c:\program files\creative\shared files\ctneo6.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6cc55556bf63916b6960957f3ba7457e
Description: c:\program files\creative\shared files\mdaqmgru.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: fa1e18fa5234a0b330601bb37307401f
Description: c:\program files\creative\sharedll\cadi\ctaudspi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 9e158e8840f4f27b76dab542c763cce3
Description: c:\program files\creative\sharedll\cadi\ctcadi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 30e79ab0ecf425fb2df832748c24affd
Description: c:\program files\creative\sharedll\cadi\ctdmzspi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 704a16903dd689ac3c0b63188a3cd143
Description: c:\program files\creative\sharedll\cadi\ctksspi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2e07ec6c9a115fb115860f4e0db8ada7
Description: c:\program files\creative\sharedll\cadi\ctmbspi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bca988498f002e7ef727a394619716e8
Description: c:\program files\creative\sharedll\cadi\ctpreset.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bd36eb68b024afe0cb509ed88f3834c3
Description: c:\program files\creative\sharedll\cadi\ctpresetw.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 68bd41628b515050f1fea16d94f35354
Description: c:\program files\creative\sharedll\cadi\ctpxspi.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bce50fe53d0803bb575f14bbaff41671
Description: c:\program files\creative\sharedll\cadi\ctsf.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: d7a62bf903b6d1bb20dcec32306b60a1
Description: c:\program files\creative\sharedll\cadi\notiman.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8e32f87e6b6b74ddc2cfcc3214707bb2
Description: c:\program files\creative\sharedll\cadi\notiman.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a03bee4b60da6f7ce4db9133f3c7b419
Description: c:\program files\divx\divx content uploader\npupload.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3930b84888f5952c75a8c25b4629b622
Description: c:\program files\finalburner\viscom3gpenc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b29153298965647043f08d9b2151634e
Description: c:\program files\finalburner\viscomaudioencoder.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 997502edc22f618940e2462508dae73c
Description: c:\program files\finalburner\viscomdata1.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 47162d88fdd36a6350e464c9ee1d7827
Description: c:\program files\finalburner\viscomdata2.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 84b82cf2a7bdb159bdc65b929436bd99
Description: c:\program files\finalburner\viscomdata3.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1fbdab370585a3d89485ade6d5a1acc7
Description: c:\program files\finalburner\viscomflvdec_licenseto_astonsoft.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8123672926d74ee9d7d8a2420f7b5cf6
Description: c:\program files\finalburner\viscomflvenc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f991e829bd7d284bffa3a510ad43ec74
Description: c:\program files\finalburner\viscomframe.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2263fa8828cebd7ef874b9a28c0782e1
Description: c:\program files\finalburner\viscomqtde.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1f82c5dba5c9d173083d2e2db1f505de
Description: c:\program files\finalburner\viscomqtenc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 35ab32478a520622fcbdacdfa591532d
Description: c:\program files\finalburner\viscomtran.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 79bc3b946befa52686753731e75a7c5c
Description: c:\program files\finalburner\viscomwave.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 065b05cbf082f5ca4f15b02e1c9d0c19
Description: c:\program files\hewlett-packard\digital imaging\bin\hpiscn.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c4789f3dfa93dda64deb7dfee31fcd5b
Description: c:\program files\hewlett-packard\digital imaging\bin\hpiscnps.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: d98a24293bd92718766d0b2b2b491d92
Description: c:\program files\hewlett-packard\digital imaging\bin\hposva08.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 5d55617dac41cf43e701f484b6cf9cc0
Description: c:\program files\hewlett-packard\digital imaging\bin\hposvi08.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 830c34dcb201d4cfbae57760242958b2
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqadrbk.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: fddd1556aa7aa801fb07edf7845a20dc
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqconn.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 9521027bdc3bb35027d47de6b7aa420e
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqeaio.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0e606d3adc5c942e021dc9acdc96f532
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqehttp.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c67eec3ed964a31bc7335eb33020198e
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqeps.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a7be5295bbc5c438487036e2922986fd
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqes001.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3f1cfe8c6a9d578b09769c89beda05fd
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqesrvc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 08ae2bd3c03fdbf6eba131a9f5553f72
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqeswiz.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: eee19e5d75c89e793dbbc610f5bd9f5f
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqeutil.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3c61be44b717c0ca5bd4cc5eb209921b
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqips08.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c43e9aab2e37b0cc9d91332b67fa376d
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqmet08.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8ddac0bc5d8534764f667c55bf6cfefd
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqprint.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1a159ab2ccffd5440f608ec34c444031
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqsessn.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 674163787df49afbf5be63fbc8386e66
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqsrvcs.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 215bc82ce1d8bb90da0fb9e0aa4bbac0
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqss001.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 01205f5ac1fcfec57e6a5ddba7bbcd40
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqss002.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 783f5a79822d9167a03c08baa3b2b7b6
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqstate.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 4f89d3dcc92b1fe3a5b146d0bd3a6824
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqswiz.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 34e95023fddfe2891e15282d7e6bb85b
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqutil.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 50c0dc7e7e72d85e6dd7b9d207a3e48b
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqvwocx.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 66ecb5787c4a6d1bd960a7d3809bd569
Description: c:\program files\hewlett-packard\digital imaging\bin\hpqxml.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2bc457e4ce879484e446c608f49131b2
Description: c:\program files\hewlett-packard\digital imaging\bin\hpxtopps.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: accbbfb49287be2eb7d4852b76a25091
Description: c:\program files\hewlett-packard\digital imaging\bin\twainctrl.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8df165e074e3628d072793ad3044ec8f
Description: c:\program files\hewlett-packard\digital imaging\docproc\dpcps.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ee4f5de9840f16c3792210e43153f6b0
Description: c:\program files\hewlett-packard\digital imaging\docproc\dpeocrps.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 5e3b8c04c925af11c43a9ee436ab31e8
Description: c:\program files\hewlett-packard\digital imaging\unload\hpqintnt.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 73938ca01bbd24f76df12d712c38fa0c
Description: c:\program files\hewlett-packard\digital imaging\unload\hpqunld.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 85ce74e3092ff4cc00165c01abb5a48b
Description: c:\program files\hewlett-packard\digital imaging\{7c8bb31c-e09e-4c7d-bbf1-45e33b467fe1}\drivers\scanner\hpgtpusd.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 4556e44b68f07af6e785f118a697e77f
Description: c:\program files\hewlett-packard\hpis\common\actl_5.01.00.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 69e97dc568ebba044d1a284a601c2536
Description: c:\program files\hewlett-packard\hpis\common\motiveplugin_5.02.00.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2d082131290fb771875c5952dd031670
Description: c:\program files\hewlett-packard\memories disc\hpodcore.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ade8f12eed5c73e2619f2e1c1ef040e0
Description: c:\program files\hewlett-packard\memories disc\hpodimg.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 47aa373b16c9bd1823ce254c1ab4646a
Description: c:\program files\hewlett-packard\memories disc\hpodloc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f2faffdb60a7a1afafb31251d71a1467
Description: c:\program files\hewlett-packard\memories disc\hpodpc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3af5d9e3c076f95e2630a502a7160f92
Description: c:\program files\hewlett-packard\memories disc\hpodprt.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 1596855a6d61b1cd18c0a9ee86899446
Description: c:\program files\hewlett-packard\memories disc\hpodsdk.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 38a85909ce84fa4cb53bb23e81d60527
Description: c:\program files\hewlett-packard\memories disc\hpodwiz.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2a263de31b445b115888b0dc2a643917
Description: c:\program files\hewlett-packard\memories disc\hpodxml.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0310a0fa49f75416aea5ed4d00548b25
Description: c:\program files\hewlett-packard\memories disc\hpprint.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 85e8c9350d7a8e478345bfda39fec4e3
Description: c:\program files\itunes\ipodupdaterext.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a7f04c3354a46b74596ec4c9a4592a1c
Description: c:\program files\itunes\itunesoutlookaddin.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 5fb204f6937c01b3d3f682b5b045dd56
Description: c:\program files\messenger\msgsc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: efd983c301b9be70f86894cef8f6210b
Description: c:\program files\microsoft office\office10\1033\msolang.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: cf2e950ce7585220f202e91e497a9f4d
Description: c:\program files\microsoft office\office10\mimedir.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e7d5d8677a6c9d6b1ade6365dd889528
Description: c:\program files\microsoft office\office10\msowcf.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 631a39470d95b5dd6c39f7a8aafdf322
Description: c:\program files\microsoft office\office10\refedit.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a4c89055b5ab466460a8a078be91d75b
Description: c:\program files\movie maker\mui409\addontfx\wmm2fxpz.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 3ebb44261a0686bccc8e89346319221f
Description: c:\program files\msn\msncorefiles\oobe\obemetal.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 897beb3d8ec8c17e2b338a2bcf87d9f5
Description: c:\program files\quicktime\qtocontrol.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b1c37632531a86992b1771b312a7cf4c
Description: c:\program files\quicktime\qtolibrary.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ba62f171968880c866472b8648a066fe
Description: c:\program files\quicktime\qtsystem\exportcontroller.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 676532b9d178786bb8bb8bd4fe92a043
Description: c:\program files\quicktime\qtsystem\exportcontrollerps.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8e57b5e49d3430d0f4227f7a82d9fb64
Description: c:\program files\quicktime\qtuipanelcontrol.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0af84aedfb61f912f239eed49f97a885
Description: c:\program files\real\realplayer\ierjplug.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: aa32fd749ca52f1cc12cd0f9bc470b36
Description: c:\program files\real\realplayer\rpau3260.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c04a48cab654a5c12250714f0d6a51b3
Description: c:\program files\real\realplayer\rpplugprot.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: aad28274d1b213c86d4b6a875051c130
Description: c:\program files\real\realplayer\rpshellextension.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 201953bc98930322dff1412213bad524
Description: c:\program files\winamp\plugins\cddbcontrolwinamp.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: daab983f3942194a7f868af436fe9475
Description: c:\program files\winamp\plugins\cddbuiwinamp.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 11bb378da7f5d5379769c2a68f7ff3db
Description: c:\program files\windows media player\wmlaunch.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ee773370fb63d699305a91d82977201c
Description: c:\program files\windows plus\audio converter\acplugin.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6dafe99f45bb68af66656401509d08f2
Description: c:\program files\windows plus\audio converter\acshellext3.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ef4dd1c6afd7557a2215add642304355
Description: c:\program files\windows plus\cdlm\cdlmplugin.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 58c291db889332e9f885d2d930d7501e
Description: c:\program files\winrar\rarext.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: eb04020c1999a2d630eb016cf3b9dd92
Description: c:\program files\yahoo!\shared\ybskinselect.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 477c99a91ee30a5303cc36ec0fc4d9e9
Description: c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 779826c9040a83bb8ce8efe37016ffa2
Description: c:\progra~1\common~1\instal~1\driver\10\intel3~1\objpscnv.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7d5e89b25c6de26ca3f143435ed37a7f
Description: c:\progra~1\common~1\instal~1\driver\9\intel3~1\idriver.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2cee08fe42bf2cff2a352ed7abc62049
Description: c:\progra~1\common~1\instal~1\driver\9\intel3~1\idriver2.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: d63c56c41a93b01758f144facd384b26
Description: c:\progra~1\common~1\instal~1\driver\9\intel3~1\objpscnv.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 42ac5bc2e330e7d1b49ef011e1cd7a20
Description: c:\progra~1\common~1\instal~1\update~1\agent.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 98985f95843d11c972fc93937b22d59d
Description: c:\progra~1\common~1\instal~1\update~1\isdm.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c1a65434db06b3db9ef3c8ff7adf74f1
Description: c:\progra~1\common~1\micros~1\cdo\cdoex.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e4050ca353bb2356539c4e27dc96a6d7
Description: c:\progra~1\common~1\micros~1\msinfo\offprv10.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2b815aee9ba6f2d9cf438ffae523005a
Description: c:\progra~1\common~1\micros~1\msinfo\offprv10.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: af72cfad6cdf363b82f93d6988e56ed0
Description: c:\progra~1\common~1\micros~1\proof\1033\msgr3en.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 82d3d5e17f8cbba725976f8baf3786ec
Description: c:\progra~1\common~1\micros~1\webfol~1\msonsext.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 6c8d6db9f137daf29dc7359393c47399
Description: c:\progra~1\common~1\xingsh~1\mpegen~1\xmencmp3.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a3fe21e54cde3fccc124a3f31859e925
Description: c:\progra~1\creative\sharedll\pfmod.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ba9dc6aa061618f232c1d3143293a475
Description: c:\progra~1\hewlet~1\digita~1\bin\hpqdirec.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 877d7d70442180fa8926f2da29c4b32a
Description: c:\progra~1\hewlet~1\digita~1\bin\hpqdstcp.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 0a40107088ac99e853d3e4e7e6600328
Description: c:\progra~1\hewlet~1\digita~1\bin\hpqfru07.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: d55075914408340165b5fb5af1d23e68
Description: c:\progra~1\hewlet~1\digita~1\bin\hpqscnvw.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c6a7646ad11ec19e53022b5122ea67f8
Description: c:\progra~1\hewlet~1\digita~1\bin\hpxmlpdf.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f91c0a6596f85db0141bf6fe54af7d96
Description: c:\progra~1\hewlet~1\digita~1\docproc\docproc.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: bebd84dfa0265f3c2a4eeeda6d698d33
Description: c:\progra~1\hewlet~1\hpis\bin\motive~1.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 5a221f4dbfd394f6e204c1a64cde7952
Description: c:\progra~1\hewlet~1\hpis\common\motive~1.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 18f6af8271b46d717e81f344cf364b17
Description: c:\progra~1\hewlet~1\memori~1\hpodlog.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 772ab579dd7b917d7f923671ea0da021
Description: c:\progra~1\micros~2\office10\fpdtc.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b0e8f182a71a2dda69c0359c5491ab25
Description: c:\progra~1\micros~2\office10\multiq.dll Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 8a529c97c7b589ec5bf013ba93b30078
Description: c:\progra~1\window~3\wmpenc.exe Family Name: Virus.Win32.Ramnit.b (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: acc3bead708102cb7d759f22b640a2ca

Scan and cleaning complete: Finished correctly after 761 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Mon Apr 04 23:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Mon Apr 04 05:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Mon Apr 04 11:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Mon Apr 04 17:11:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Apr 04 23:11:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: F3BFC27E96CB470
Processor name: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Processor identifier: x86 Family 15 Model 35 Stepping 2
Processor speed: ~2010MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 8962, number of processors 2, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 2262327296 bytes
Physical memory total: 3220676608 bytes
Virtual memory available: 1771044864 bytes
Virtual memory total: 2147352576 bytes
Memory load: 29%
Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Windows startup mode:

Running processes:
PID: 636 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 700 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 724 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 768 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 780 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 928 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 992 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1036 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1156 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1184 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1472 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1808 name: C:\WINDOWS\Explorer.EXE owner: Niall domain: F3BFC27E96CB470
PID: 1948 name: C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1984 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Niall domain: F3BFC27E96CB470
PID: 2016 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Niall domain: F3BFC27E96CB470
PID: 2024 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Niall domain: F3BFC27E96CB470
PID: 580 name: C:\WINDOWS\ehome\ehtray.exe owner: Niall domain: F3BFC27E96CB470
PID: 588 name: C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe owner: Niall domain: F3BFC27E96CB470
PID: 680 name: C:\WINDOWS\SOUNDMAN.EXE owner: Niall domain: F3BFC27E96CB470
PID: 124 name: C:\WINDOWS\system32\Rundll32.exe owner: Niall domain: F3BFC27E96CB470
PID: 900 name: C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe owner: Niall domain: F3BFC27E96CB470
PID: 936 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Niall domain: F3BFC27E96CB470
PID: 1104 name: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe owner: Niall domain: F3BFC27E96CB470
PID: 1076 name: C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe owner: Niall domain: F3BFC27E96CB470
PID: 1216 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Niall domain: F3BFC27E96CB470
PID: 1264 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Niall domain: F3BFC27E96CB470
PID: 1332 name: C:\WINDOWS\PixArt\PAC7302\Monitor.exe owner: Niall domain: F3BFC27E96CB470
PID: 1364 name: C:\Program Files\Steam\Steam.exe owner: Niall domain: F3BFC27E96CB470
PID: 1504 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Niall domain: F3BFC27E96CB470
PID: 1312 name: C:\WINDOWS\system32\ctfmon.exe owner: Niall domain: F3BFC27E96CB470
PID: 1764 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe owner: Niall domain: F3BFC27E96CB470
PID: 1744 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe owner: Niall domain: F3BFC27E96CB470
PID: 2216 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe owner: Niall domain: F3BFC27E96CB470
PID: 2388 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2428 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2448 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2480 name: C:\WINDOWS\system32\CTsvcCDA.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2508 name: C:\WINDOWS\eHome\ehRecvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2560 name: C:\WINDOWS\eHome\ehSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2688 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2776 name: C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3036 name: C:\Program Files\LogMeIn\x86\RaMaint.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3072 name: C:\Program Files\LogMeIn\x86\LogMeIn.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3160 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3212 name: C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3252 name: C:\WINDOWS\system32\PnkBstrA.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3356 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3468 name: C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3504 name: C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3980 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4036 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1360 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1672 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2168 name: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe owner: Niall domain: F3BFC27E96CB470
PID: 3008 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3308 name: C:\WINDOWS\eHome\ehmsas.exe owner: Niall domain: F3BFC27E96CB470
PID: 3628 name: C:\WINDOWS\system32\wuauclt.exe owner: Niall domain: F3BFC27E96CB470
PID: 3596 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Niall domain: F3BFC27E96CB470
PID: 4028 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Niall domain: F3BFC27E96CB470
PID: 3024 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: Niall domain: F3BFC27E96CB470
PID: 1648 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2872 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Niall domain: F3BFC27E96CB470

Startup items:
Name: ehTray
imagepath: C:\WINDOWS\ehome\ehtray.exe
Name: Acrobat Assistant 7.0
imagepath: "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
Name: amd_dc_opt
imagepath: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: SoundMan
imagepath: SOUNDMAN.EXE
Name: NVMixerTray
imagepath: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
Name: P17Helper
imagepath: Rundll32 P17.dll,P17Helper
Name: IR_SERVER
imagepath: C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe
Name: TkBellExe
imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Name: LogMeIn GUI
imagepath: "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
Name: CTSysVol
imagepath: C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: PAC7302_Monitor
imagepath: C:\WINDOWS\PixArt\PAC7302\Monitor.exe
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
imagepath: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
imagepath: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
imagepath: C:\Program Files\Microsoft Office\Office10\OSA.EXE

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: COMSysApp
displayname: COM+ System Application
Name: Creative Service for CDROM Access
displayname: Creative Service for CDROM Access
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ehRecvr
displayname: Media Center Receiver Service
Name: ehSched
displayname: Media Center Scheduler Service
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: iPod Service
displayname: iPod Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: LMIGuardianSvc
displayname: LMIGuardianSvc
Name: LMIMaint
displayname: LogMeIn Maintenance Service
Name: LogMeIn
displayname: LogMeIn
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PCToolsSSDMonitorSvc
displayname: PC Tools Startup and Shutdown Monitor service
Name: PlugPlay
displayname: Plug and Play
Name: PnkBstrA
displayname: PnkBstrA
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: Super G Wireless Service
displayname: Wireless LAN Card
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration

#9 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 08 April 2011 - 09:31 AM

Hi,

Sorry for a delayed reply. Didn't get any notification of your post (seems that email notification failure is coming a bit like a habit on this forum).


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#10 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 09 April 2011 - 10:00 AM

Hi there,

Thanks efor the reply.

The virus won't let me visit that website. Could you email me the .exe?

I can visit most websites but not anything to do with viruses.

:(

#11 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 09 April 2011 - 10:20 AM

Hi,

Do you have any other computer handy that you could use to download the file with?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#12 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 09 April 2011 - 11:01 AM

Got it from another PC....


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-09 11:01:49
Windows 5.1.2600 Service Pack 2
Running: bchox9gv.exe; Driver: C:\DOCUME~1\Niall\LOCALS~1\Temp\kxacifod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xBA2E1A0C]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8DE0380, 0x34C81F, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2030FF3F
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20307A40
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2030FDBB
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2030C9AD
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2030D423
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2030D74D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!send 71AB428A 5 Bytes JMP 2030D3D5
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2030D8AA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2030D6DE
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2030D7C2
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2030DA66
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2030D985
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[524] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2030D833
.text C:\WINDOWS\ehome\ehtray.exe[628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\ehome\ehtray.exe[628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\ehome\ehtray.exe[628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\ehome\ehtray.exe[628] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
? C:\WINDOWS\System32\smss.exe[636] time/date stamp mismatch;
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[664] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[664] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[664] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[664] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
? C:\WINDOWS\system32\csrss.exe[700] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\csrss.exe[700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
? C:\WINDOWS\system32\winlogon.exe[724] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\winlogon.exe[724] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!send 71AB428A 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\services.exe[768] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!send 71AB428A 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2004D833
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!send 71AB428A 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2004D833
.text C:\WINDOWS\SOUNDMAN.EXE[900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\SOUNDMAN.EXE[900] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\SOUNDMAN.EXE[900] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\SOUNDMAN.EXE[900] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
? C:\WINDOWS\system32\svchost.exe[936] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202DFF3F
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D7A40
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202DFDBB
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202DC9AD
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202DD423
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202DD74D
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!send 71AB428A 5 Bytes JMP 202DD3D5
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202DD8AA
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202DD6DE
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202DD7C2
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202DDA66
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202DD985
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202DD833
? C:\WINDOWS\system32\svchost.exe[996] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202DFF3F
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D7A40
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202DFDBB
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202DC9AD
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202DD423
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202DD74D
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!send 71AB428A 5 Bytes JMP 202DD3D5
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202DD8AA
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202DD6DE
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202DD7C2
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202DDA66
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202DD985
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202DD833
? C:\WINDOWS\System32\svchost.exe[1036] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202DFF3F
.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D7A40
.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202DFDBB
.text C:\WINDOWS\System32\svchost.exe[1036] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202DC9AD
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202DD423
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202DD74D
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!send 71AB428A 5 Bytes JMP 202DD3D5
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202DD8AA
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202DD6DE
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202DD7C2
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202DDA66
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202DD985
.text C:\WINDOWS\System32\svchost.exe[1036] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202DD833
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 202DEB92
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 202DE132
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 202DEBEC
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!HttpSendRequestA 771C6269 5 Bytes JMP 202DE09E
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetReadFile 771C8114 5 Bytes JMP 202DEAD7
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 202DE012
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 202DEBBF
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 202DEC13
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 202DE7B8
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 202DE105
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetReadFileExA 771F8206 5 Bytes JMP 202DE915
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 202DE9BC
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!HttpSendRequestW 77211E04 5 Bytes JMP 202DE0D3
.text C:\WINDOWS\System32\svchost.exe[1036] WININET.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 202DE058
.text C:\WINDOWS\system32\Rundll32.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\Rundll32.exe[1064] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\Rundll32.exe[1064] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\Rundll32.exe[1064] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe[1096] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe[1096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe[1096] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1104] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1104] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1104] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1128] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1144] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[1144] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
? C:\WINDOWS\system32\svchost.exe[1156] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!send 71AB428A 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\svchost.exe[1184] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202DFF3F
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D7A40
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202DFDBB
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202DC9AD
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202DD423
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202DD74D
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!send 71AB428A 5 Bytes JMP 202DD3D5
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202DD8AA
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202DD6DE
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202DD7C2
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202DDA66
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202DD985
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202DD833
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2001EB92
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2001E132
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2001EBEC
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2001E09E
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetReadFile 771C8114 5 Bytes JMP 2001EAD7
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2001E012
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2001EBBF
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2001EC13
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2001E7B8
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2001E105
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2001E915
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2001E9BC
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2001E0D3
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] WININET.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2001E058
.text C:\Program Files\iTunes\iTunesHelper.exe[1240] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\RUNDLL32.EXE[1324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\RUNDLL32.EXE[1324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\RUNDLL32.EXE[1324] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\RUNDLL32.EXE[1324] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[1328] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[1328] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[1328] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Steam\Steam.exe[1360] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Steam\Steam.exe[1360] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Steam\Steam.exe[1360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\Steam\Steam.exe[1360] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\Steam\Steam.exe[1360] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2001EB92
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2001E132
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2001EBEC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2001E09E
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetReadFile 771C8114 5 Bytes JMP 2001EAD7
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2001E012
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2001EBBF
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2001EC13
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2001E7B8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2001E105
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2001E915
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2001E9BC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2001E0D3
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1364] wininet.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2001E058
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2030FF3F
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1372] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20307A40
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1372] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2030FDBB
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1372] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2030C9AD
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[1376] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202DFF3F
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[1376] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D7A40
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[1376] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202DFDBB
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[1376] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202DC9AD
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\spoolsv.exe[1472] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\ctfmon.exe[1568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\ctfmon.exe[1568] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\ctfmon.exe[1568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\ctfmon.exe[1568] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1852] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
? C:\WINDOWS\Explorer.EXE[1860] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\Explorer.EXE[1860] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2004EB92
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2004E132
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2004EBEC
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2004E09E
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetReadFile 771C8114 5 Bytes JMP 2004EAD7
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2004E012
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2004EBBF
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2004EC13
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2004E7B8
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2004E105
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2004E915
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2004E9BC
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2004E0D3
.text C:\WINDOWS\Explorer.EXE[1860] WININET.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2004E058
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202DFF3F
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202D7A40
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202DFDBB
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202DC9AD
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202DD423
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202DD74D
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!send 71AB428A 5 Bytes JMP 202DD3D5
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202DD8AA
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202DD6DE
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202DD7C2
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202DDA66
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202DD985
.text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[1892] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202DD833
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\Mozilla Firefox\firefox.exe[2008] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2036] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2007FF3F
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20077A40
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2007FDBB
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2007C9AD
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2007EB92
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2007E132
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2007EBEC
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2007E09E
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetReadFile 771C8114 5 Bytes JMP 2007EAD7
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2007E012
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2007EBBF
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2007EC13
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2007E7B8
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2007E105
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2007E915
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2007E9BC
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2007E0D3
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WININET.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2007E058
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2007D423
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2007D74D
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!send 71AB428A 5 Bytes JMP 2007D3D5
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2007D8AA
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2007D6DE
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2007D7C2
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2007DA66
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2007D985
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2007D833
.text C:\Program Files\iPod\bin\iPodService.exe[2192] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\iPod\bin\iPodService.exe[2192] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\iPod\bin\iPodService.exe[2192] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\iPod\bin\iPodService.exe[2192] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2216] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2030FF3F
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2216] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20307A40
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2216] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2030FDBB
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2216] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2030C9AD
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2007FF3F
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20077A40
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2007FDBB
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2007C9AD
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2007EB92
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2007E132
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2007EBEC
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2007E09E
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetReadFile 771C8114 5 Bytes JMP 2007EAD7
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2007E012
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2007EBBF
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2007EC13
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2007E7B8
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2007E105
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2007E915
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2007E9BC
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2007E0D3
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WININET.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2007E058
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2007D423
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2007D74D
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!send 71AB428A 5 Bytes JMP 2007D3D5
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2007D8AA
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2007D6DE
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2007D7C2
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2007DA66
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2007D985
.text C:\Program Files\Internet Explorer\iexplore.exe[2324] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2007D833
.text C:\WINDOWS\system32\dllhost.exe[2356] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\dllhost.exe[2356] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\dllhost.exe[2356] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\dllhost.exe[2356] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
? C:\WINDOWS\system32\svchost.exe[2544] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[2544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\svchost.exe[2544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\svchost.exe[2544] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\svchost.exe[2544] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2588] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\Bonjour\mDNSResponder.exe[2608] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\CTsvcCDA.exe[2644] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\CTsvcCDA.exe[2644] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\CTsvcCDA.exe[2644] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\CTsvcCDA.exe[2644] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\eHome\ehRecvr.exe[2672] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\eHome\ehRecvr.exe[2672] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\eHome\ehRecvr.exe[2672] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\eHome\ehRecvr.exe[2672] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\eHome\ehSched.exe[2756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\eHome\ehSched.exe[2756] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\eHome\ehSched.exe[2756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\eHome\ehSched.exe[2756] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\Java\jre6\bin\jqs.exe[2892] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[2964] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[2964] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[2964] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[2964] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Documents and Settings\Niall\Desktop\bchox9gv.exe[3012] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2007FF3F
.text C:\Documents and Settings\Niall\Desktop\bchox9gv.exe[3012] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20077A40
.text C:\Documents and Settings\Niall\Desktop\bchox9gv.exe[3012] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2007FDBB
.text C:\Documents and Settings\Niall\Desktop\bchox9gv.exe[3012] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2007C9AD
.text C:\WINDOWS\System32\alg.exe[3124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\System32\alg.exe[3124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\System32\alg.exe[3124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\System32\alg.exe[3124] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\WINDOWS\System32\alg.exe[3124] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2001EB92
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2001E132
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2001EBEC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2001E09E
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetReadFile 771C8114 5 Bytes JMP 2001EAD7
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2001E012
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2001EBBF
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2001EC13
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2001E7B8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2001E105
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2001E915
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2001E9BC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2001E0D3
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[3200] wininet.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2001E058
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2001EB92
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2001E132
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2001EBEC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2001E09E
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetReadFile 771C8114 5 Bytes JMP 2001EAD7
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2001E012
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2001EBBF
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2001EC13
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2001E7B8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2001E105
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2001E915
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2001E9BC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2001E0D3
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[3244] WININET.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2001E058
.text C:\WINDOWS\system32\nvsvc32.exe[3328] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\nvsvc32.exe[3328] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\nvsvc32.exe[3328] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\nvsvc32.exe[3328] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[3348] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[3348] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[3348] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[3348] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2001D423
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2001D74D
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!send 71AB428A 5 Bytes JMP 2001D3D5
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2001D8AA
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2001D6DE
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2001D7C2
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2001DA66
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2001D985
.text C:\WINDOWS\system32\PnkBstrA.exe[3392] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2001D833
? C:\WINDOWS\system32\svchost.exe[3532] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[3532] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\svchost.exe[3532] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\svchost.exe[3532] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\svchost.exe[3532] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\eHome\ehmsas.exe[3556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2030FF3F
.text C:\WINDOWS\eHome\ehmsas.exe[3556] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20307A40
.text C:\WINDOWS\eHome\ehmsas.exe[3556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2030FDBB
.text C:\WINDOWS\eHome\ehmsas.exe[3556] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2030C9AD
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe[3560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe[3560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe[3560] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FDBB
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe[3560] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FF3F
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047A40
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FDBB
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 2004D423
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 2004D74D
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!send 71AB428A 5 Bytes JMP 2004D3D5
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2004D8AA
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2004D6DE
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2004D7C2
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2004DA66
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 2004D985
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 2004D833
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C9AD
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!HttpOpenRequestA 771C36CD 5 Bytes JMP 2004EB92
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2004E132
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetOpenUrlA 771C5B8D 5 Bytes JMP 2004EBEC
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!HttpSendRequestA 771C6269 5 Bytes JMP 2004E09E
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetReadFile 771C8114 5 Bytes JMP 2004EAD7
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 2004E012
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!HttpOpenRequestW 771CF41E 5 Bytes JMP 2004EBBF
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetOpenUrlW 771D5B7A 5 Bytes JMP 2004EC13
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetQueryDataAvailable 771D8A47 5 Bytes JMP 2004E7B8
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetWriteFile 771F7CBF 5 Bytes JMP 2004E105
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetReadFileExA 771F8206 5 Bytes JMP 2004E915
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!InternetReadFileExW 771F8C56 5 Bytes JMP 2004E9BC
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!HttpSendRequestW 77211E04 5 Bytes JMP 2004E0D3
.text C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe[3596] WININET.dll!HttpSendRequestExA 77211F09 5 Bytes JMP 2004E058
.text C:\WINDOWS\system32\wuauclt.exe[3980] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2030FF3F
.text C:\WINDOWS\system32\wuauclt.exe[3980] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20307A40
.text C:\WINDOWS\system32\wuauclt.exe[3980] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2030FDBB
.text C:\WINDOWS\system32\wuauclt.exe[3980] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2030C9AD
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4044] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2030FF3F
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4044] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20307A40
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2030FDBB
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4044] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2030C9AD

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#13 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 09 April 2011 - 11:16 AM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#14 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 10 April 2011 - 12:00 PM

got the logs.....

2011/04/10 11:58:32.0061 1256 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/10 11:58:33.0155 1256 ================================================================================
2011/04/10 11:58:33.0155 1256 SystemInfo:
2011/04/10 11:58:33.0155 1256
2011/04/10 11:58:33.0155 1256 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/10 11:58:33.0155 1256 Product type: Workstation
2011/04/10 11:58:33.0155 1256 ComputerName: F3BFC27E96CB470
2011/04/10 11:58:33.0155 1256 UserName: Niall
2011/04/10 11:58:33.0155 1256 Windows directory: C:\WINDOWS
2011/04/10 11:58:33.0155 1256 System windows directory: C:\WINDOWS
2011/04/10 11:58:33.0155 1256 Processor architecture: Intel x86
2011/04/10 11:58:33.0155 1256 Number of processors: 2
2011/04/10 11:58:33.0155 1256 Page size: 0x1000
2011/04/10 11:58:33.0155 1256 Boot type: Normal boot
2011/04/10 11:58:33.0155 1256 ================================================================================
2011/04/10 11:58:33.0327 1256 Initialize success
2011/04/10 11:58:43.0827 3492 ================================================================================
2011/04/10 11:58:43.0827 3492 Scan started
2011/04/10 11:58:43.0827 3492 Mode: Manual;
2011/04/10 11:58:43.0827 3492 ================================================================================
2011/04/10 11:58:44.0343 3492 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/10 11:58:44.0390 3492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/10 11:58:44.0483 3492 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/10 11:58:44.0546 3492 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/10 11:58:44.0624 3492 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/04/10 11:58:44.0749 3492 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/10 11:58:44.0796 3492 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/04/10 11:58:44.0999 3492 ALCXWDM (36223c0ff66afd94d1d73fcb8fdfe91e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/10 11:58:45.0218 3492 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/04/10 11:58:45.0327 3492 AR5211 (817e13f577a757519a4eb05195009e3d) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/04/10 11:58:45.0515 3492 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/10 11:58:45.0561 3492 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/10 11:58:45.0655 3492 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/10 11:58:45.0718 3492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/10 11:58:45.0780 3492 BDA_Capture_220A (c975e7b4466dac975ef6cb6b79b0b329) C:\WINDOWS\system32\Drivers\BDA_Capture_220A.sys
2011/04/10 11:58:45.0811 3492 BDA_Loader_220A (f01462daddcf46f00e84d295c5b8fc0b) C:\WINDOWS\system32\Drivers\BDA_Loader_220A.sys
2011/04/10 11:58:45.0858 3492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/10 11:58:45.0999 3492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/10 11:58:46.0061 3492 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/10 11:58:46.0124 3492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/10 11:58:46.0171 3492 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/10 11:58:46.0233 3492 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/10 11:58:46.0421 3492 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/04/10 11:58:46.0468 3492 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/04/10 11:58:46.0608 3492 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/10 11:58:46.0686 3492 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/10 11:58:46.0749 3492 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/10 11:58:46.0780 3492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/10 11:58:46.0827 3492 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/10 11:58:46.0858 3492 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/10 11:58:46.0905 3492 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/10 11:58:47.0015 3492 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/10 11:58:47.0030 3492 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/10 11:58:47.0061 3492 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/10 11:58:47.0093 3492 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/10 11:58:47.0124 3492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/10 11:58:47.0155 3492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/10 11:58:47.0202 3492 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/10 11:58:47.0249 3492 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/10 11:58:47.0311 3492 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/10 11:58:47.0343 3492 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\PROGRA~1\WIRELE~1\GTNDIS5.SYS
2011/04/10 11:58:47.0390 3492 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/10 11:58:47.0499 3492 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/04/10 11:58:47.0640 3492 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/10 11:58:47.0702 3492 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/10 11:58:47.0765 3492 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/10 11:58:47.0827 3492 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/10 11:58:47.0952 3492 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/10 11:58:47.0999 3492 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/10 11:58:48.0093 3492 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/10 11:58:48.0140 3492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/10 11:58:48.0202 3492 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/10 11:58:48.0265 3492 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/10 11:58:48.0358 3492 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/10 11:58:48.0405 3492 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/10 11:58:48.0452 3492 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/10 11:58:48.0499 3492 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/10 11:58:48.0530 3492 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/10 11:58:48.0577 3492 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/10 11:58:48.0655 3492 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/10 11:58:48.0733 3492 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/10 11:58:48.0890 3492 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/04/10 11:58:48.0968 3492 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/04/10 11:58:49.0030 3492 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/04/10 11:58:49.0093 3492 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/04/10 11:58:49.0233 3492 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/10 11:58:49.0280 3492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/10 11:58:49.0343 3492 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/10 11:58:49.0374 3492 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/10 11:58:49.0421 3492 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/10 11:58:49.0483 3492 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/04/10 11:58:49.0561 3492 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/10 11:58:49.0655 3492 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/10 11:58:49.0718 3492 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/10 11:58:49.0765 3492 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/10 11:58:49.0796 3492 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/10 11:58:49.0827 3492 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/10 11:58:49.0874 3492 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/10 11:58:49.0905 3492 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/10 11:58:49.0936 3492 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/04/10 11:58:49.0968 3492 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/10 11:58:49.0999 3492 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/10 11:58:50.0077 3492 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/10 11:58:50.0124 3492 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/10 11:58:50.0155 3492 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/10 11:58:50.0202 3492 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/10 11:58:50.0296 3492 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/10 11:58:50.0311 3492 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/10 11:58:50.0358 3492 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/10 11:58:50.0390 3492 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/10 11:58:50.0436 3492 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/10 11:58:50.0483 3492 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/10 11:58:50.0546 3492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/10 11:58:50.0780 3492 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/10 11:58:50.0983 3492 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/04/10 11:58:51.0015 3492 nvatabus (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\drivers\nvatabus.sys
2011/04/10 11:58:51.0046 3492 nvax (f3d3015e52f2732042197d4edcaac2cb) C:\WINDOWS\system32\drivers\nvax.sys
2011/04/10 11:58:51.0093 3492 NVENETFD (97724affdd7a5a47c3bc07ccd1b88745) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/10 11:58:51.0124 3492 nvnetbus (82c2b3a89b9edfa6287c5aba1a4e6a99) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/10 11:58:51.0155 3492 nvnforce (6d6fd2b7035d415621acaf1e555c8b90) C:\WINDOWS\system32\drivers\nvapu.sys
2011/04/10 11:58:51.0405 3492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/10 11:58:51.0452 3492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/10 11:58:51.0515 3492 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/04/10 11:58:51.0608 3492 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys
2011/04/10 11:58:51.0780 3492 P17xfi (eeff3286ae591a4958199068f4f80461) C:\WINDOWS\system32\drivers\P17xfi.sys
2011/04/10 11:58:51.0905 3492 p17xfilt (61cf1511c119951283394e8b380d8683) C:\WINDOWS\system32\drivers\p17xfilt.sys
2011/04/10 11:58:52.0077 3492 PAC7302 (5fae249a5635a52970652ca8eb216515) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/04/10 11:58:52.0171 3492 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/10 11:58:52.0233 3492 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/10 11:58:52.0311 3492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/10 11:58:52.0358 3492 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/10 11:58:52.0436 3492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/10 11:58:52.0468 3492 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/10 11:58:52.0733 3492 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/10 11:58:52.0765 3492 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/10 11:58:52.0811 3492 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/10 11:58:52.0827 3492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/10 11:58:52.0874 3492 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/10 11:58:52.0921 3492 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/04/10 11:58:53.0171 3492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/10 11:58:53.0202 3492 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/10 11:58:53.0249 3492 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/10 11:58:53.0280 3492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/10 11:58:53.0343 3492 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/10 11:58:53.0358 3492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/10 11:58:53.0421 3492 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/10 11:58:53.0483 3492 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/10 11:58:53.0546 3492 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/10 11:58:53.0624 3492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/10 11:58:53.0686 3492 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/10 11:58:53.0718 3492 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/10 11:58:53.0749 3492 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/10 11:58:53.0874 3492 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/10 11:58:53.0968 3492 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/10 11:58:54.0015 3492 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/10 11:58:54.0093 3492 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/10 11:58:54.0218 3492 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/10 11:58:54.0296 3492 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/10 11:58:54.0327 3492 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/10 11:58:54.0546 3492 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/10 11:58:54.0655 3492 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/10 11:58:54.0733 3492 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/10 11:58:54.0780 3492 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/10 11:58:54.0811 3492 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/10 11:58:54.0921 3492 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/10 11:58:54.0983 3492 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/10 11:58:55.0046 3492 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/10 11:58:55.0140 3492 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/10 11:58:55.0171 3492 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/10 11:58:55.0249 3492 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/10 11:58:55.0296 3492 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/10 11:58:55.0311 3492 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/10 11:58:55.0358 3492 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/10 11:58:55.0405 3492 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/10 11:58:55.0452 3492 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/10 11:58:55.0499 3492 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/04/10 11:58:55.0561 3492 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/10 11:58:55.0671 3492 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/10 11:58:55.0702 3492 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/10 11:58:55.0811 3492 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/10 11:58:55.0952 3492 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/10 11:58:55.0999 3492 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2011/04/10 11:58:56.0077 3492 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/10 11:58:56.0140 3492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/10 11:58:56.0218 3492 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/10 11:58:56.0280 3492 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/10 11:58:56.0374 3492 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/10 11:59:00.0515 3492 ================================================================================
2011/04/10 11:59:00.0515 3492 Scan finished
2011/04/10 11:59:00.0515 3492 ================================================================================
2011/04/10 11:59:15.0421 2228 Deinitialize success

#15 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 10 April 2011 - 01:24 PM

Hi,

Please post fresh dds logs.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#16 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 10 April 2011 - 01:45 PM

Here....

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Niall at 13:44:52.95 on 10/04/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2320 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wireless 11bg Netowrk Utility\WLService.exe
C:\Program Files\Wireless 11bg Netowrk Utility\WLanCfgAG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Niall\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\tmselsnw\cskqvvwk.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [IR_SERVER] c:\program files\dvb-t\dvb-t usb device\IR_SERVER.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer.5.36.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193432501734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193432490625
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\niall\applic~1\mozilla\firefox\profiles\gnm1ehcz.default\
FF - plugin: c:\documents and settings\niall\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-4 64512]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-20 374152]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-19 47640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-27 632792]
R2 Super G Wireless Service;Wireless LAN Card;c:\program files\wireless 11bg netowrk utility\WLService.exe [2007-8-7 49152]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1405384]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
S3 BDA_Capture_220A;Digital-TV receiver Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_220A.sys [2007-11-4 17152]
S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 6.7.10.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [2007-11-4 16896]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-4-7 16968]
S4 fasttrak;fasttrak; [x]
S4 iteraid;iteraid; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 m5287;m5287; [x]
S4 m5289;m5289; [x]
S4 Si3112r;Si3112r; [x]
S4 viasraid;viasraid; [x]
.
=============== Created Last 30 ================
.
2011-04-09 08:56:25 158152 ----a-w- c:\windows\Explorermgr.exe
2011-04-07 20:03:50 -------- d-----w- c:\program files\tmselsnw
2011-04-07 19:28:20 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-07 19:27:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-04-04 22:21:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-04 22:11:34 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-04 22:10:54 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-04 22:10:41 -------- d-----w- c:\program files\Lavasoft
2011-04-04 17:35:25 158152 ----a-w- c:\program files\internet explorer\iexploremgr.exe
2011-03-27 10:03:46 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-27 10:02:00 -------- d-----w- c:\docume~1\niall\applic~1\Registry Mechanic
2011-03-27 09:59:20 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-27 09:59:20 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-27 09:59:20 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-27 09:59:20 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-27 09:59:18 -------- d-----w- c:\program files\common files\PC Tools
2011-03-27 09:39:15 98816 ----a-w- c:\windows\sed.exe
2011-03-27 09:39:15 89088 ----a-w- c:\windows\MBR.exe
2011-03-27 09:39:15 256512 ----a-w- c:\windows\PEV.exe
2011-03-27 09:39:15 161792 ----a-w- c:\windows\SWREG.exe
2011-03-22 19:50:22 -------- d-----w- C:\dell
2011-03-19 16:54:28 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-19 16:54:28 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-13 20:19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 20:19:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 20:19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 20:03:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2011-01-25 23:25:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-25 23:25:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:45:11.73 ===============









ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 07/08/2007 09:07:03
System Uptime: 10/04/2011 11:49:41 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N-E
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket 939 | 2010/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket 939 | 2010/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 148.654 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
1.009
4oD
AC3 Decoder
AC3Filter (remove only)
Ad-Aware
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Captivate 3
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Mobile Device Support
Apple Software Update
Application Suite
Ask Toolbar
AutoUpdate
Battlefield 2™
Battlefield: Bad Company 2
BitTorrent 6.0
BitTorrentBar Toolbar
Boardmaker
Bonjour
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.4 Patch
Camfrog Video Chat 5.5
Compatibility Pack for the 2007 Office system
Conduit Engine
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Crimson Editor SVN286
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dropbox
Dual-Core Optimizer
DVB-T USB DEVICE
ESET Online Scanner v3
Eye 312
Facebook Plug-In
FileZilla Client 3.1.6
FinalBurner Free v2.1.0.130
FM Genie Scout 11 version 1.00 beta 2
Football Manager 2011
Fotosizer 1.30
Free Window Registry Repair
Google Gears
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 7
LogMeIn
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox 4.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyFonts Order M2246337
NVIDIA Drivers
NVIDIA PhysX
NvMixer
OpenAL
PunkBuster Services
QuickTime
Railroad Tycoon 3
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 10.0
Safari
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SopCast 3.0.1
Sound Blaster Audigy
Spybot - Search & Destroy
Steam
Stronghold 2 Deluxe
Stronghold Crusader Extreme
Suite Specific
Super G Wireless Adapter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp (remove only)
Windows Easy Transfer
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB973768
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
.
==== Event Viewer Messages From Past Week ========
.
07/04/2011 23:56:00, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.3355, the version of the system file is 5.1.2600.3355.
07/04/2011 23:56:00, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\migrate.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 10.0.0.3646, the version of the system file is 10.0.0.3646.
07/04/2011 23:34:06, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4027.0, the version of the system file is 2.1.4027.0.
07/04/2011 20:47:23, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
07/04/2011 20:38:53, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
06/04/2011 17:09:52, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
06/04/2011 17:07:21, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
05/04/2011 02:13:57, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 10.0.0.3646, the version of the system file is 10.0.0.3646.
05/04/2011 02:13:57, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 10.0.0.3646, the version of the system file is 10.0.0.3646.
04/04/2011 23:24:07, error: DCOM [10000] - Unable to start a DCOM Server: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}. The error: "%5" Happened while starting this command: C:\WINDOWS\eHome\ehmsas.exe -Embedding
04/04/2011 22:08:22, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A531024C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
04/04/2011 20:56:37, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
04/04/2011 20:56:37, error: Service Control Manager [7031] - The Wireless LAN Card service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
04/04/2011 20:56:37, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/04/2011 20:44:52, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.3164, the version of the system file is 6.0.2900.3164.
04/04/2011 18:50:26, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/04/2011 18:50:15, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
04/04/2011 18:50:15, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2011 18:50:15, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2011 18:50:15, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2011 18:50:15, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2011 18:50:15, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2011 18:50:15, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2011 18:49:04, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
04/04/2011 18:28:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.3199, the version of the system file is 5.1.2600.3199.
03/04/2011 21:39:01, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.64 with the system having network hardware address 00:21:5D:F1:AA:A6. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

#17 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 10 April 2011 - 01:49 PM

BitTorrent 6.0
BitTorrentBar Toolbar


Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Run ComboFix and let it update itself. Post back the report.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#18 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 10 April 2011 - 02:54 PM

I have removed those programs

Sorry reply took so long Combo fix froze and I had to run it again.........


ComboFix 11-04-09.01 - Niall 10/04/2011 14:46:31.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2463 [GMT 1:00]
Running from: c:\documents and settings\Niall\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Internet Explorer\IEXPLOREmgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 12:57 . 2011-04-10 12:57 -------- d-----w- c:\documents and settings\Niall\Local Settings\Application Data\BitTorrentBar
2011-04-09 08:56 . 2011-04-09 08:56 158152 ----a-w- c:\windows\Explorermgr.exe
2011-04-07 20:03 . 2011-04-10 13:10 -------- d-----w- c:\program files\tmselsnw
2011-04-07 19:28 . 2011-04-07 20:03 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-07 19:27 . 2011-04-07 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-04 22:21 . 2011-04-01 07:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-04 22:11 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-04 22:10 . 2011-04-04 22:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-04 22:10 . 2011-04-04 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-04 22:10 . 2011-04-04 22:10 -------- d-----w- c:\program files\Lavasoft
2011-04-04 17:48 . 2011-04-04 17:49 -------- d-----w- c:\documents and settings\Administrator
2011-03-27 10:03 . 2011-03-27 10:03 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-27 10:02 . 2011-03-27 10:02 -------- d-----w- c:\documents and settings\Niall\Application Data\Registry Mechanic
2011-03-27 09:59 . 2010-09-16 11:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-27 09:59 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-27 09:59 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-27 09:59 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-27 09:59 . 2011-03-27 09:59 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-23 19:48 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-03-23 19:47 . 2011-03-23 19:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-22 19:50 . 2011-03-22 19:50 -------- d-----w- C:\dell
2011-03-19 16:54 . 2004-08-04 00:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-19 16:54 . 2004-08-04 00:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-13 20:19 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 20:19 . 2011-03-13 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 20:19 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 20:03 . 2011-03-13 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 00:25 . 2006-03-15 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-01-25 23:25 . 2011-01-25 23:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-25 23:25 . 2007-08-11 00:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 21:26 . 2011-01-18 21:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2007-09-12 10:19 . 2008-01-07 11:22 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 10:22 . 2008-01-07 11:22 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2011-03-18 17:57 . 2011-04-04 22:37 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_18.57.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-10 13:43 . 2011-04-10 13:43 16384 c:\windows\Temp\Perflib_Perfdata_a24.dat
+ 2006-03-15 12:00 . 2006-03-15 12:00 37888 c:\windows\system32\url.dll
- 2009-08-14 13:23 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-08-14 13:23 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 39424 c:\windows\system32\pngfilt.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 96256 c:\windows\system32\occache.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 56832 c:\windows\system32\mshtmler.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 29184 c:\windows\system32\mshta.exe
+ 2006-03-15 12:00 . 2006-03-15 12:00 22016 c:\windows\system32\licmgr10.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 16384 c:\windows\system32\jsproxy.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 96256 c:\windows\system32\inseng.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 35840 c:\windows\system32\imgutil.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 62976 c:\windows\system32\iesetup.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 48640 c:\windows\system32\iernonce.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 81920 c:\windows\system32\ieencode.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 34304 c:\windows\system32\ie4uinit.exe
+ 2006-03-15 12:00 . 2007-08-22 13:12 55808 c:\windows\system32\extmgr.dll
+ 2011-04-04 22:11 . 2011-04-01 07:22 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
+ 2007-08-07 08:03 . 2011-04-04 22:21 77824 c:\windows\system32\dllcache\wmpband.dll
- 2007-08-07 08:03 . 2006-03-15 12:00 77824 c:\windows\system32\dllcache\wmpband.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 37888 c:\windows\system32\dllcache\url.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 96256 c:\windows\system32\dllcache\occache.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 56832 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 29184 c:\windows\system32\dllcache\mshta.exe
+ 2006-03-15 12:00 . 2006-03-15 12:00 22016 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 35840 c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-07 08:02 . 2006-03-15 12:00 93184 c:\windows\system32\dllcache\iexplore.exe
+ 2006-03-15 12:00 . 2006-03-15 12:00 62976 c:\windows\system32\dllcache\iesetup.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 48640 c:\windows\system32\dllcache\iernonce.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-07 08:02 . 2007-08-21 10:30 18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-03-15 12:00 . 2006-03-15 12:00 34304 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-07 08:02 . 2006-03-15 12:00 38912 c:\windows\system32\dllcache\hmmapi.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 35328 c:\windows\system32\dllcache\corpol.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 99840 c:\windows\system32\dllcache\advpack.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 61440 c:\windows\system32\dllcache\admparse.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 35328 c:\windows\system32\corpol.dll
+ 2011-04-04 22:11 . 2011-04-04 22:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 08:07 . 2011-04-04 22:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-07 08:07 . 2011-02-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-04 22:11 . 2011-04-04 22:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-15 12:00 . 2006-03-15 12:00 99840 c:\windows\system32\advpack.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 61440 c:\windows\system32\admparse.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 658944 c:\windows\system32\wininet.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 276480 c:\windows\system32\webcheck.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 417792 c:\windows\system32\vbscript.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 615424 c:\windows\system32\urlmon.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 532480 c:\windows\system32\mstime.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 146432 c:\windows\system32\msrating.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 146432 c:\windows\system32\msls31.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 449024 c:\windows\system32\mshtmled.dll
+ 2006-03-15 12:00 . 2006-05-18 05:24 450560 c:\windows\system32\jscript.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 251392 c:\windows\system32\iepeers.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 323584 c:\windows\system32\iedkcs32.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 221184 c:\windows\system32\ieakui.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 216576 c:\windows\system32\ieaksie.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 139264 c:\windows\system32\ieakeng.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 205312 c:\windows\system32\dxtrans.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 357888 c:\windows\system32\dxtmsft.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 658944 c:\windows\system32\dllcache\wininet.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 276480 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-07 08:03 . 2007-06-26 15:13 851968 c:\windows\system32\dllcache\vgx.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 615424 c:\windows\system32\dllcache\urlmon.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 146432 c:\windows\system32\dllcache\msls31.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-07 08:03 . 2011-04-04 22:21 356352 c:\windows\system32\dllcache\mpvis.dll
- 2007-08-07 08:03 . 2006-03-15 12:00 356352 c:\windows\system32\dllcache\mpvis.dll
+ 2006-03-15 12:00 . 2006-05-18 05:24 450560 c:\windows\system32\dllcache\jscript.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 323584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 221184 c:\windows\system32\dllcache\ieakui.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 216576 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-03-15 12:00 . 2006-03-15 12:00 139264 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 3058176 c:\windows\system32\mshtml.dll
+ 2006-03-15 12:00 . 2007-08-22 13:12 3058176 c:\windows\system32\dllcache\mshtml.dll
+ 2011-04-04 22:10 . 2011-04-04 22:10 1864704 c:\windows\Installer\39a655.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2011-04-10 242059]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 90112]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [BU]
"P17Helper"="P17.dll" [2005-05-03 64512]
"IR_SERVER"="c:\program files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe" [2007-04-16 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 185896]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-10 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-15 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 274858]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 311818]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-16 19:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Documents and Settings\\Niall\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/04/2011 23:11 64512]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [20/10/2010 22:27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 16:09 12856]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [27/03/2011 10:59 632792]
R2 Super G Wireless Service;Wireless LAN Card;c:\program files\Wireless 11bg Netowrk Utility\WLService.exe [07/08/2007 11:48 49152]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/07/2010 18:31 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [01/04/2011 08:22 1405384]
S3 BDA_Capture_220A;Digital-TV receiver Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_220A.sys [04/11/2007 14:25 17152]
S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 6.7.10.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [04/11/2007 14:23 16896]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [07/04/2011 20:28 16968]
S4 fasttrak;fasttrak; [x]
S4 iteraid;iteraid; [x]
S4 m5287;m5287; [x]
S4 m5289;m5289; [x]
S4 Si3112r;Si3112r; [x]
S4 viasraid;viasraid; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 07:22]
.
2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-04-07 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-27 12:11]
.
2011-04-09 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-03-27 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Niall\Application Data\Mozilla\Firefox\Profiles\gnm1ehcz.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 14:52
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Niall\Start Menu\Programs\Startup\cskqvvwk.exe 158152 bytes executable
c:\documents and settings\Niall\Start Menu\Programs\Startup\desktop.ini 84 bytes
c:\documents and settings\Niall\Start Menu\Programs\Startup\Dropbox.lnk 994 bytes
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"ShortlistDir"=""
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006e
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\"
"ScreenshotsDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\data\\updates\\update-1120\\db\\1120\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games\\Alti.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009ec3
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000019
"StaffSearchFeatureNum"=dword:00000004
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000017
"CompareFeatureNum"=dword:00000001
"ShortlistFeatureNum"=dword:00000004
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:0000001e
"HintsFeatureNum"=dword:00000005
"GenieReportFeatureNum"=dword:00000007
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"ShortlistDir"=""
"LangDB"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"Currency"=dword:00000056
"WindowHeight"=dword:00000359
"WindowWidth"=dword:00000434
"WindowLeft"=dword:00000066
"WindowTop"=dword:00000054
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000085
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000026
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000005a
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:0000004d
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000021
"Position5"=dword:00000008
"Visible5"=dword:00000001
"Width5"=dword:00000027
"Position6"=dword:00000009
"Visible6"=dword:00000001
"Width6"=dword:00000037
"Position7"=dword:0000000b
"Visible7"=dword:00000001
"Width7"=dword:0000001e
"Position8"=dword:0000000c
"Visible8"=dword:00000001
"Width8"=dword:0000001c
"Position9"=dword:0000000d
"Visible9"=dword:00000001
"Width9"=dword:0000004e
"Position10"=dword:0000000e
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000f
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000010
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000011
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000012
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000013
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000014
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000015
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000016
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000017
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000018
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000019
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001a
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001b
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001c
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001d
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001e
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001f
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000020
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000021
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000022
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000023
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000024
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000025
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000026
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000027
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:00000028
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000029
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002a
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:0000002b
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:0000002d
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:0000002e
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002f
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000030
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000031
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000032
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000059
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000005a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000005b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000005c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000005d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000005e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000005f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000060
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000061
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000062
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000063
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000064
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000065
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000066
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000067
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000068
"Visible62"=dword:00000001
"Width62"=dword:0000002e
"Position63"=dword:00000069
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000006a
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000006b
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000006c
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000006d
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000006e
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000006f
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000070
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000071
"Visible71"=dword:00000001
"Width71"=dword:00000021
"Position72"=dword:00000072
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000073
"Visible73"=dword:00000001
"Width73"=dword:0000005f
"Position74"=dword:00000074
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000075
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000076
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000077
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000078
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000079
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000007a
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000007b
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000007c
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000007d
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000007e
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000007f
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000080
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000081
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000082
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000083
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000084
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000085
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000086
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000087
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000088
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000089
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000008a
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000008b
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000008c
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000008d
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000008e
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000008f
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000090
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000091
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000092
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000093
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:00000094
"Visible106"=dword:00000001
"Width106"=dword:0000004e
"Position107"=dword:0000000a
"Visible107"=dword:00000001
"Width107"=dword:00000027
"Position108"=dword:00000033
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:00000034
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000035
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000036
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000037
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000038
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000039
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:0000003a
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:0000003b
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:0000003c
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:0000003d
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:0000003e
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:0000003f
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:00000040
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:00000041
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:00000042
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:00000043
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:00000044
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:00000045
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:00000046
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000047
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000048
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000049
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:0000004a
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:0000004b
"Visible132"=dword:00000000
"Width132"=dword:0000000a
"Position133"=dword:0000004c
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:0000004d
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:0000004e
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:0000004f
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:00000050
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:00000051
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:00000052
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:00000053
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:00000054
"Visible141"=dword:00000000
"Width141"=dword:0000000a
"Position142"=dword:00000055
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:00000056
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000057
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:00000058
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000005
"Visible146"=dword:00000001
"Width146"=dword:00000038
"Position147"=dword:00000006
"Visible147"=dword:00000001
"Width147"=dword:00000024
"Position148"=dword:00000095
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:0000002b
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:0000006c
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006e
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000069
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:0000006a
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000069
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000068
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"ShortlistDir"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000003
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,d3,d4,82,89,31,77,af,22,d2,e4,a5,74,e2,0d,87,1c,3f,1f,20,a3,
2f,4f,5c,d4,ca,ad,25,4b,40,b8,0b,61,a4,8c,34,e7,c4,54,91,7f,e9,48,a6,02,e6,\
"rkeysecu"=hex:11,da,88,d0,ae,e2,0f,9a,76,5b,73,45,30,3f,d0,4f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(508)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-10 14:54:24
ComboFix-quarantined-files.txt 2011-04-10 13:54
ComboFix2.txt 2011-03-31 19:01
ComboFix3.txt 2011-03-27 21:25
ComboFix4.txt 2011-03-27 09:54
.
Pre-Run: 159,573,397,504 bytes free
Post-Run: 159,546,351,616 bytes free
.
- - End Of File - - D28EBAF2BF010EB0B420310CF8213B69

#19 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 10 April 2011 - 04:06 PM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

http&#58;//www.lavasoftsupport.com/index.php?showtopic=31004
Suspect&#58;&#58;&#91;76&#93;
c&#58;\windows\Explorermgr.exe
c&#58;\documents and settings\Niall\Start Menu\Programs\Startup\cskqvvwk.exe
c&#58;\documents and settings\Niall\Start Menu\Programs\Startup\desktop.ini
c&#58;\documents and settings\Niall\Start Menu\Programs\Startup\Dropbox.lnk
DirLook&#58;&#58;
c&#58;\program files\tmselsnw


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Adobe Acrobat 7.0 Professional is not supported anymore and should be uninstalled.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Run a scan with ESET online scanner. Post back its report, fresh dds logs and above mentioned ComboFix resultant log.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#20 meera_UK

meera_UK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 10 April 2011 - 08:42 PM

ComboFix 11-04-09.01 - Niall 10/04/2011 20:20:33.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2594 [GMT 1:00]
Running from: c:\documents and settings\Niall\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Niall\Desktop\CFScript.txt
.
file zipped: c:\documents and settings\Niall\Start Menu\Programs\Startup\cskqvvwk.exe
file zipped: c:\documents and settings\Niall\Start Menu\Programs\Startup\desktop.ini
file zipped: c:\documents and settings\Niall\Start Menu\Programs\Startup\Dropbox.lnk
file zipped: c:\windows\Explorermgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 12:57 . 2011-04-10 12:57 -------- d-----w- c:\documents and settings\Niall\Local Settings\Application Data\BitTorrentBar
2011-04-09 08:56 . 2011-04-09 08:56 158152 ----a-w- c:\windows\Explorermgr.exe
2011-04-07 20:03 . 2011-04-10 17:18 -------- d-----w- c:\program files\tmselsnw
2011-04-07 19:28 . 2011-04-07 20:03 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-07 19:27 . 2011-04-07 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-04 22:10 . 2011-04-10 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-04 17:48 . 2011-04-04 17:49 -------- d-----w- c:\documents and settings\Administrator
2011-03-27 10:03 . 2011-03-27 10:03 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-27 10:02 . 2011-03-27 10:02 -------- d-----w- c:\documents and settings\Niall\Application Data\Registry Mechanic
2011-03-27 09:59 . 2010-09-16 11:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-27 09:59 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-27 09:59 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-27 09:59 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-27 09:59 . 2011-03-27 09:59 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-23 19:48 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-03-23 19:47 . 2011-03-23 19:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-22 19:50 . 2011-03-22 19:50 -------- d-----w- C:\dell
2011-03-19 16:54 . 2004-08-04 00:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-19 16:54 . 2004-08-04 00:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-13 20:19 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 20:19 . 2011-03-13 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 20:19 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 20:03 . 2011-03-13 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 00:25 . 2006-03-15 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-01-25 23:25 . 2011-01-25 23:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-25 23:25 . 2007-08-11 00:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 21:26 . 2011-01-18 21:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2007-09-12 10:19 . 2008-01-07 11:22 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 10:22 . 2008-01-07 11:22 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2011-03-18 17:57 . 2011-04-04 22:37 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\tmselsnw ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-10_13.52.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-10 19:15 . 2011-04-10 19:15 16384 c:\windows\Temp\Perflib_Perfdata_a18.dat
- 2009-08-14 13:23 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-08-14 13:23 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 39424 c:\windows\system32\pngfilt.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 16384 c:\windows\system32\jsproxy.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 96256 c:\windows\system32\inseng.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 96256 c:\windows\system32\inseng.dll
- 2006-03-15 12:00 . 2006-03-15 12:00 81920 c:\windows\system32\ieencode.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\ieencode.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 55808 c:\windows\system32\extmgr.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 96256 c:\windows\system32\dllcache\inseng.dll
- 2006-03-15 12:00 . 2006-03-15 12:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-07 08:02 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe
- 2007-08-07 08:02 . 2007-08-21 10:30 18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-03-15 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-09-09 05:37 . 2007-03-06 01:22 22752 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2009-09-09 05:37 . 2007-03-06 01:22 14048 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2007-08-07 08:05 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 662016 c:\windows\system32\wininet.dll
+ 2006-03-15 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll
- 2006-03-15 12:00 . 2006-03-15 12:00 417792 c:\windows\system32\vbscript.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 624640 c:\windows\system32\urlmon.dll
- 2006-03-15 12:00 . 2009-12-08 09:13 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\mstime.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 532480 c:\windows\system32\mstime.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\msrating.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 146432 c:\windows\system32\msrating.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 449024 c:\windows\system32\mshtmled.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\mshtmled.dll
- 2006-03-15 12:00 . 2006-05-18 05:24 450560 c:\windows\system32\jscript.dll
+ 2006-03-15 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 251392 c:\windows\system32\iepeers.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 251392 c:\windows\system32\iepeers.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dxtrans.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 205312 c:\windows\system32\dxtrans.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dxtmsft.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 357888 c:\windows\system32\dxtmsft.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 662016 c:\windows\system32\dllcache\wininet.dll
+ 2006-03-15 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll
- 2006-03-15 12:00 . 2006-03-15 12:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 624640 c:\windows\system32\dllcache\urlmon.dll
- 2006-03-15 12:00 . 2009-12-08 09:13 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\dllcache\msrating.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-03-15 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
- 2006-03-15 12:00 . 2006-05-18 05:24 450560 c:\windows\system32\dllcache\jscript.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 151040 c:\windows\system32\cdfview.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 151040 c:\windows\system32\cdfview.dll
+ 2009-09-09 05:37 . 2007-03-06 01:23 371424 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2009-09-09 05:37 . 2007-03-06 01:22 716000 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-09-09 05:37 . 2007-03-06 01:22 213216 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2011-04-10 15:53 . 2009-08-21 09:50 450560 c:\windows\$hf_mig$\KB971961\SP2QFE\jscript.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 3065344 c:\windows\system32\mshtml.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 3065344 c:\windows\system32\dllcache\mshtml.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\dllcache\danim.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 1023488 c:\windows\system32\dllcache\browseui.dll
- 2006-03-15 12:00 . 2007-08-22 13:12 1054208 c:\windows\system32\danim.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\danim.dll
+ 2006-03-15 12:00 . 2010-04-16 15:36 1023488 c:\windows\system32\browseui.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
c:\documents and settings\Niall\Application Data\Dropbox\bin\DropboxExt.14.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2011-04-10 242059]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 90112]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [BU]
"P17Helper"="P17.dll" [2005-05-03 64512]
"IR_SERVER"="c:\program files\DVB-T\DVB-T USB DEVICE\IR_SERVER.exe" [2007-04-16 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 185896]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-10 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-15 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 274858]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 311818]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\tmselsnw\cskqvvwk.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-16 19:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Documents and Settings\\Niall\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [20/10/2010 22:27 374152]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [27/03/2011 10:59 632792]
R2 Super G Wireless Service;Wireless LAN Card;c:\program files\Wireless 11bg Netowrk Utility\WLService.exe [07/08/2007 11:48 49152]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/07/2010 18:31 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 16:09 12856]
S3 BDA_Capture_220A;Digital-TV receiver Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_220A.sys [04/11/2007 14:25 17152]
S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 6.7.10.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [04/11/2007 14:23 16896]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [07/04/2011 20:28 16968]
S4 fasttrak;fasttrak; [x]
S4 iteraid;iteraid; [x]
S4 m5287;m5287; [x]
S4 m5289;m5289; [x]
S4 Si3112r;Si3112r; [x]
S4 viasraid;viasraid; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 17:31]
.
2011-04-07 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-27 12:11]
.
2011-04-10 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-03-27 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Niall\Application Data\Mozilla\Firefox\Profiles\gnm1ehcz.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 20:26
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Niall\Start Menu\Programs\Startup\cskqvvwk.exe 158152 bytes executable
c:\documents and settings\Niall\Start Menu\Programs\Startup\desktop.ini 84 bytes
c:\documents and settings\Niall\Start Menu\Programs\Startup\Dropbox.lnk 994 bytes
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"ShortlistDir"=""
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006e
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\"
"ScreenshotsDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\data\\updates\\update-1120\\db\\1120\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Niall\\My Documents\\Sports Interactive\\Football Manager 2011\\games\\Alti.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009ec3
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000019
"StaffSearchFeatureNum"=dword:00000004
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000017
"CompareFeatureNum"=dword:00000001
"ShortlistFeatureNum"=dword:00000004
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:0000001e
"HintsFeatureNum"=dword:00000005
"GenieReportFeatureNum"=dword:00000007
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"ShortlistDir"=""
"LangDB"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"Currency"=dword:00000056
"WindowHeight"=dword:00000359
"WindowWidth"=dword:00000434
"WindowLeft"=dword:00000066
"WindowTop"=dword:00000054
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000085
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000026
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000005a
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:0000004d
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000021
"Position5"=dword:00000008
"Visible5"=dword:00000001
"Width5"=dword:00000027
"Position6"=dword:00000009
"Visible6"=dword:00000001
"Width6"=dword:00000037
"Position7"=dword:0000000b
"Visible7"=dword:00000001
"Width7"=dword:0000001e
"Position8"=dword:0000000c
"Visible8"=dword:00000001
"Width8"=dword:0000001c
"Position9"=dword:0000000d
"Visible9"=dword:00000001
"Width9"=dword:0000004e
"Position10"=dword:0000000e
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000f
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000010
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000011
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000012
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000013
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000014
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000015
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000016
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000017
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000018
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000019
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001a
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001b
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001c
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001d
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001e
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001f
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000020
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000021
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000022
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000023
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000024
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000025
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000026
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000027
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:00000028
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000029
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002a
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:0000002b
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:0000002d
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:0000002e
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002f
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000030
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000031
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000032
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000059
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000005a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000005b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000005c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000005d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000005e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000005f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000060
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000061
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000062
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000063
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000064
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000065
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000066
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000067
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000068
"Visible62"=dword:00000001
"Width62"=dword:0000002e
"Position63"=dword:00000069
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000006a
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000006b
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000006c
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000006d
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000006e
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000006f
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000070
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000071
"Visible71"=dword:00000001
"Width71"=dword:00000021
"Position72"=dword:00000072
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000073
"Visible73"=dword:00000001
"Width73"=dword:0000005f
"Position74"=dword:00000074
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000075
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000076
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000077
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000078
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000079
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000007a
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000007b
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000007c
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000007d
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000007e
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000007f
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000080
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000081
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000082
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000083
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000084
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000085
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000086
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000087
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000088
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000089
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000008a
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000008b
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000008c
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000008d
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000008e
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000008f
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000090
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000091
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000092
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000093
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:00000094
"Visible106"=dword:00000001
"Width106"=dword:0000004e
"Position107"=dword:0000000a
"Visible107"=dword:00000001
"Width107"=dword:00000027
"Position108"=dword:00000033
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:00000034
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000035
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000036
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000037
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000038
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000039
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:0000003a
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:0000003b
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:0000003c
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:0000003d
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:0000003e
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:0000003f
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:00000040
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:00000041
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:00000042
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:00000043
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:00000044
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:00000045
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:00000046
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000047
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000048
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000049
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:0000004a
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:0000004b
"Visible132"=dword:00000000
"Width132"=dword:0000000a
"Position133"=dword:0000004c
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:0000004d
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:0000004e
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:0000004f
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:00000050
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:00000051
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:00000052
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:00000053
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:00000054
"Visible141"=dword:00000000
"Width141"=dword:0000000a
"Position142"=dword:00000055
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:00000056
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000057
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:00000058
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000005
"Visible146"=dword:00000001
"Width146"=dword:00000038
"Position147"=dword:00000006
"Visible147"=dword:00000001
"Width147"=dword:00000024
"Position148"=dword:00000095
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:0000002b
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:0000006c
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006e
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000069
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:0000006a
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000069
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000068
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"ShortlistDir"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000003
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="E6-FA45-0113"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1343024091-1303643608-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,d3,d4,82,89,31,77,af,22,d2,e4,a5,74,e2,0d,87,1c,3f,1f,20,a3,
2f,4f,5c,d4,ca,ad,25,4b,40,b8,0b,61,a4,8c,34,e7,c4,54,91,7f,e9,48,a6,02,e6,\
"rkeysecu"=hex:11,da,88,d0,ae,e2,0f,9a,76,5b,73,45,30,3f,d0,4f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(172)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-10 20:28:30
ComboFix-quarantined-files.txt 2011-04-10 19:28
ComboFix2.txt 2011-04-10 13:54
ComboFix3.txt 2011-03-31 19:01
ComboFix4.txt 2011-03-27 21:25
ComboFix5.txt 2011-04-10 17:18
.
Pre-Run: 158,838,411,264 bytes free
Post-Run: 158,830,727,168 bytes free
.
- - End Of File - - 121CBCB5AF54E80785B60B332900E806
Upload was successful

Edited by meera_UK, 10 April 2011 - 08:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users