TechSpot

I keep receiving a 'bad image' error

Inactive
By mackayg1
Dec 1, 2010
  1. Hey guys,

    I have seen that these have been posted before but i have only just joined and didnt know how to add to posts. Apologies in advance.

    I keep receiving a bad image error message. When i scanned through other posts i notice the 8 step guide which i began and downloaded TFC. I ran this but then while trying to run it the bad image error message would not go away 'no matter how many times you clicked it' - the scan would go up and once at the end, it would go back to the beginning!

    has anyone got any ideas? at the moment iv never felt so frustrated by a computer!

    Thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    Thanks, I will start to do it now
     
  4. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    OK..................
     
  5. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    Right, I ran a full system scan which ran fine. I did take awhile and i thought it had got stuck at one point scanning - c:\windows\system32\drivers\dxg.sys but it completed it in the end but didnt find anything.

    I then saved and ran TFC but an error message then came up reading 'TFC : TFC.exe - bad image' and underneath it read

    The application or DLL c:\windows\system32\CLBCATQ.DLL is not a valid windows image. Please check this against your installation diskette.

    it gets stuck on the first user scan at -> Temp folder emptied : 0 Bytes

    the error message keeps coming up at this point and does not leave, once the scan gets to the end of scanning that temp folder it goes back to the start due to this error message i assume?

    Any help??

    Thanks
     
  6. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Simply run all steps, you can. If something doesn't work, skip it.
     
  7. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    Broni,

    I am trying to run DDS but i must have script blocking protection and i have norton internet security and can not figure out how to disable it.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    It doesn't want to run, or what's happening?
     
  9. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    Sorry should of explained that abit better.

    When i click run and the notepad comes up, the whole notepad page is full of funny looking characters for example: Ž·DS[.‰^Ý|ó@‘ÙtŸ°œP\R-TèqLA™u\
     
  10. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    TDSSKILLER log:

    2010/12/07 18:04:41.0562 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
    2010/12/07 18:04:41.0562 ================================================================================
    2010/12/07 18:04:41.0562 SystemInfo:
    2010/12/07 18:04:41.0562
    2010/12/07 18:04:41.0562 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/07 18:04:41.0562 Product type: Workstation
    2010/12/07 18:04:41.0562 ComputerName: D6M2681J
    2010/12/07 18:04:41.0562 UserName: gary
    2010/12/07 18:04:41.0562 Windows directory: C:\WINDOWS
    2010/12/07 18:04:41.0562 System windows directory: C:\WINDOWS
    2010/12/07 18:04:41.0562 Processor architecture: Intel x86
    2010/12/07 18:04:41.0562 Number of processors: 2
    2010/12/07 18:04:41.0562 Page size: 0x1000
    2010/12/07 18:04:41.0562 Boot type: Normal boot
    2010/12/07 18:04:41.0562 ================================================================================
    2010/12/07 18:04:41.0953 Initialize success
    2010/12/07 18:04:48.0265 ================================================================================
    2010/12/07 18:04:48.0265 Scan started
    2010/12/07 18:04:48.0265 Mode: Manual;
    2010/12/07 18:04:48.0265 ================================================================================
    2010/12/07 18:04:48.0703 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
    2010/12/07 18:04:48.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/07 18:04:48.0843 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/07 18:04:48.0937 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
    2010/12/07 18:04:48.0984 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    2010/12/07 18:04:49.0093 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/07 18:04:49.0171 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/07 18:04:49.0234 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
    2010/12/07 18:04:49.0281 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
    2010/12/07 18:04:49.0328 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
    2010/12/07 18:04:49.0406 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
    2010/12/07 18:04:49.0453 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
    2010/12/07 18:04:49.0546 alcan5wn (235ced68762538aae388cca5cdc0441a) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
    2010/12/07 18:04:49.0671 alcaudsl (d6652432d103b4228ffad7a754a374b5) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
    2010/12/07 18:04:49.0765 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
    2010/12/07 18:04:49.0859 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
    2010/12/07 18:04:49.0906 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
    2010/12/07 18:04:49.0953 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
    2010/12/07 18:04:50.0031 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
    2010/12/07 18:04:50.0078 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
    2010/12/07 18:04:50.0109 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
    2010/12/07 18:04:50.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/07 18:04:50.0234 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/07 18:04:50.0343 ati2mtag (c82240ce60a9326e52282f62ba923f27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2010/12/07 18:04:50.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/07 18:04:50.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/07 18:04:50.0500 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/12/07 18:04:50.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/07 18:04:50.0750 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
    2010/12/07 18:04:50.0921 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
    2010/12/07 18:04:51.0031 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
    2010/12/07 18:04:51.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/07 18:04:51.0156 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys
    2010/12/07 18:04:51.0203 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
    2010/12/07 18:04:51.0296 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\System32\drivers\CdaC15BA.SYS
    2010/12/07 18:04:51.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/07 18:04:51.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/07 18:04:51.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/07 18:04:51.0515 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
    2010/12/07 18:04:51.0593 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
    2010/12/07 18:04:51.0656 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
    2010/12/07 18:04:51.0734 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
    2010/12/07 18:04:51.0781 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/07 18:04:51.0843 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/07 18:04:51.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/07 18:04:51.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/07 18:04:52.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/07 18:04:52.0062 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
    2010/12/07 18:04:52.0109 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/07 18:04:52.0187 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
    2010/12/07 18:04:52.0359 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/12/07 18:04:52.0406 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2010/12/07 18:04:52.0453 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/12/07 18:04:52.0531 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/07 18:04:52.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/07 18:04:52.0625 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/07 18:04:52.0718 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/12/07 18:04:52.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/12/07 18:04:52.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/07 18:04:52.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/07 18:04:52.0921 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/12/07 18:04:52.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/07 18:04:53.0031 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/07 18:04:53.0093 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
    2010/12/07 18:04:53.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/07 18:04:53.0218 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/12/07 18:04:53.0265 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
    2010/12/07 18:04:53.0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/07 18:04:53.0406 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    2010/12/07 18:04:53.0500 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    2010/12/07 18:04:53.0562 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    2010/12/07 18:04:53.0625 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    2010/12/07 18:04:53.0703 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    2010/12/07 18:04:53.0781 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    2010/12/07 18:04:53.0859 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    2010/12/07 18:04:53.0921 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    2010/12/07 18:04:54.0000 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    2010/12/07 18:04:54.0046 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    2010/12/07 18:04:54.0125 iaStor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\drivers\iaStor.sys
    2010/12/07 18:04:54.0281 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101201.001\IDSxpx86.sys
    2010/12/07 18:04:54.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/07 18:04:54.0421 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
    2010/12/07 18:04:54.0531 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    2010/12/07 18:04:54.0625 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    2010/12/07 18:04:54.0703 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    2010/12/07 18:04:54.0765 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    2010/12/07 18:04:54.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/07 18:04:54.0906 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/12/07 18:04:54.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/07 18:04:54.0984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/07 18:04:55.0031 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/07 18:04:55.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/07 18:04:55.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/07 18:04:55.0156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/07 18:04:55.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/07 18:04:55.0390 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/07 18:04:55.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/07 18:04:55.0562 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/07 18:04:55.0609 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/07 18:04:55.0671 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/12/07 18:04:55.0734 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    2010/12/07 18:04:55.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/07 18:04:55.0859 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/07 18:04:55.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/07 18:04:56.0000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
    2010/12/07 18:04:56.0062 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/07 18:04:56.0140 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/07 18:04:56.0203 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/07 18:04:56.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/07 18:04:56.0281 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/07 18:04:56.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/07 18:04:56.0359 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/07 18:04:56.0390 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/07 18:04:56.0593 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101206.049\NAVENG.SYS
    2010/12/07 18:04:56.0703 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101206.049\NAVEX15.SYS
    2010/12/07 18:04:56.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/07 18:04:56.0875 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/07 18:04:56.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/07 18:04:56.0953 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/07 18:04:57.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/07 18:04:57.0031 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/07 18:04:57.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/07 18:04:57.0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/07 18:04:57.0203 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/07 18:04:57.0265 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/07 18:04:57.0359 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/12/07 18:04:57.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/07 18:04:57.0562 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/07 18:04:57.0609 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
    2010/12/07 18:04:57.0718 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2010/12/07 18:04:57.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/07 18:04:57.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/07 18:04:57.0875 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/07 18:04:57.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/07 18:04:58.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/07 18:04:58.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/07 18:04:58.0281 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
    2010/12/07 18:04:58.0312 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
    2010/12/07 18:04:58.0390 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/07 18:04:58.0421 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/12/07 18:04:58.0468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/07 18:04:58.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/07 18:04:58.0546 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/07 18:04:58.0609 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
    2010/12/07 18:04:58.0656 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
    2010/12/07 18:04:58.0703 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
    2010/12/07 18:04:58.0734 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
    2010/12/07 18:04:58.0781 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
    2010/12/07 18:04:58.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/07 18:04:58.0875 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/07 18:04:58.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/07 18:04:58.0953 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/07 18:04:59.0000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/07 18:04:59.0031 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/07 18:04:59.0078 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/07 18:04:59.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/07 18:04:59.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/07 18:04:59.0265 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    2010/12/07 18:04:59.0359 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2010/12/07 18:04:59.0421 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2010/12/07 18:04:59.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/07 18:04:59.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/07 18:04:59.0734 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/12/07 18:04:59.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/07 18:04:59.0953 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
    2010/12/07 18:05:00.0046 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/12/07 18:05:00.0156 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
    2010/12/07 18:05:00.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/07 18:05:00.0328 sptd (8af2ee0c06a390bc6d32060938ca0a17) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/12/07 18:05:00.0328 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 8af2ee0c06a390bc6d32060938ca0a17
    2010/12/07 18:05:00.0343 sptd - detected Locked file (1)
    2010/12/07 18:05:00.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/07 18:05:00.0484 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS
    2010/12/07 18:05:00.0531 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS
    2010/12/07 18:05:00.0625 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/07 18:05:00.0718 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/07 18:05:00.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/07 18:05:00.0875 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
    2010/12/07 18:05:00.0921 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
    2010/12/07 18:05:00.0968 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS
    2010/12/07 18:05:01.0062 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS
    2010/12/07 18:05:01.0140 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2010/12/07 18:05:01.0234 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS
    2010/12/07 18:05:01.0343 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
    2010/12/07 18:05:01.0390 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
    2010/12/07 18:05:01.0437 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
    2010/12/07 18:05:01.0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/07 18:05:01.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/07 18:05:01.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/07 18:05:01.0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/07 18:05:01.0718 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/07 18:05:01.0765 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
    2010/12/07 18:05:01.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/07 18:05:01.0890 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
    2010/12/07 18:05:01.0968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/07 18:05:02.0046 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/12/07 18:05:02.0109 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/07 18:05:02.0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/07 18:05:02.0171 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/07 18:05:02.0234 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/07 18:05:02.0296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/07 18:05:02.0343 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/07 18:05:02.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/07 18:05:02.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/07 18:05:02.0453 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
    2010/12/07 18:05:02.0484 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    2010/12/07 18:05:02.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/07 18:05:02.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/07 18:05:02.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/07 18:05:02.0921 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
    2010/12/07 18:05:02.0984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/12/07 18:05:03.0078 ================================================================================
    2010/12/07 18:05:03.0078 Scan finished
    2010/12/07 18:05:03.0078 ================================================================================
    2010/12/07 18:05:03.0093 Detected object count: 1
    2010/12/07 18:05:20.0359 Locked file(sptd) - User select action: Skip
    2010/12/07 18:06:06.0140 Deinitialize success
     
     
  12. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    GMER Log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-05 21:52:36
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST316002 rev.8.05
    Running: hn1y0vkn.exe; Driver: C:\DOCUME~1\gary\LOCALS~1\Temp\pxtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwEnumerateKey [0xF75BFC22]
    SSDT sptd.sys ZwEnumerateValueKey [0xF75BFF9A]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iaStor \Device\Ide\iaStor0 86FC7E30
    Device \Driver\atapi \Device\Ide\IdePort0 [F7535B40] atapi.sys[unknown section] {MOV EAX, 0x86fc7008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf75cfe12; RET }
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7535B40] atapi.sys[unknown section] {MOV EAX, 0x86fc7008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf75cfe12; RET }
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7535B40] atapi.sys[unknown section] {MOV EAX, 0x86fc7008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf75cfe12; RET }
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 86FC7E30
    Device 86FC7940
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  13. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    MBAM Log:

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5248

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    05/12/2010 21:41:05
    mbam-log-2010-12-05 (21-41-05).txt

    Scan type: Quick scan
    Objects scanned: 185307
    Time elapsed: 2 hour(s), 18 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 13
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RXResult.RXResultFilter (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\RXResult.RXResultTracker (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\gary\local settings\Temp\ladF.tmp (PUP.Casino.Gen) -> Quarantined and deleted successfully.
    c:\program files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Good :)
    Will DDS run now?
     
  15. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    No DDS still opens up in notepad but is just doing the same as before?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    MBRCheck Log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000005d

    Kernel Drivers (total 144):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7BAE000 \WINDOWS\system32\KDCOM.DLL
    0xF7ABE000 \WINDOWS\system32\BOOTVID.dll
    0xF75BA000 sptd.sys
    0xF7BB0000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF75A2000 \WINDOWS\System32\Drivers\SPTD0029.SYS
    0xF7574000 ACPI.sys
    0xF7563000 pci.sys
    0xF76AE000 isapnp.sys
    0xF7C76000 pciide.sys
    0xF792E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF76BE000 MountMgr.sys
    0xF7544000 ftdisk.sys
    0xF7936000 PartMgr.sys
    0xF76CE000 VolSnap.sys
    0xF752C000 atapi.sys
    0xF74B9000 iaStor.sys
    0xF76DE000 disk.sys
    0xF76EE000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF7499000 fltmgr.sys
    0xF7443000 SYMDS.SYS
    0xF7431000 sr.sys
    0xF7404000 SYMEFA.SYS
    0xF76FE000 PxHelp20.sys
    0xF73ED000 KSecDD.sys
    0xF7360000 Ntfs.sys
    0xF7333000 NDIS.sys
    0xF7319000 Mup.sys
    0xF782E000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF5DDC000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
    0xF5DC8000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF5D9A000 \SystemRoot\System32\DRIVERS\b57xp32.sys
    0xF7A7E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF5D76000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF7A86000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF783E000 \SystemRoot\System32\DRIVERS\IntelC53.sys
    0xF5D53000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF5C2C000 \SystemRoot\System32\DRIVERS\IntelC51.sys
    0xF5B97000 \SystemRoot\System32\DRIVERS\IntelC52.sys
    0xF7A8E000 \SystemRoot\System32\DRIVERS\mohfilt.sys
    0xF7A96000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF5B01000 \SystemRoot\system32\drivers\smwdm.sys
    0xF5ADD000 \SystemRoot\system32\drivers\portcls.sys
    0xF784E000 \SystemRoot\system32\drivers\drmk.sys
    0xF7BBE000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF7A9E000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF6D82000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF7AA6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF5AC9000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF6D72000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF72C8000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF6D62000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF6D52000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF6D42000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF7AB6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7DEF000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF7BC0000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF6D32000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF72BC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF5AB2000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF6D22000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF6D12000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7946000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF5AA1000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF6D02000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF7956000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF795E000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF7966000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF6CF2000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF796E000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF7BC2000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF5A43000 \SystemRoot\System32\DRIVERS\update.sys
    0xF7976000 \SystemRoot\System32\DRIVERS\omci.sys
    0xF72AC000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF771E000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF773E000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF7BCE000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF72D4000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xADFFA000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xB0F7C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7C44000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xADD50000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7C46000 \SystemRoot\System32\Drivers\Beep.SYS
    0xADC4D000 \SystemRoot\System32\drivers\vga.sys
    0xF7C48000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xADC45000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xADC3D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xAE07A000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xABB69000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xABB10000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xABAEA000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xABA93000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
    0xADE5C000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xABA6E000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xAB9EE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101201.001\IDSxpx86.sys
    0xAB9C6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xAE05A000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xAB9A4000 \SystemRoot\System32\drivers\afd.sys
    0xADE4C000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xAB985000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
    0xF5EC1000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xADDFC000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xADC2D000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xADC25000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA7737000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xA76B9000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xA7733000 \SystemRoot\System32\Drivers\BrScnUsb.sys
    0xA6DB1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA7112000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
    0xA6379000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xA6309000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xA7102000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA62AB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xA628E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xA620F000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
    0xA6163000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
    0xA699A000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA60F0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA69C9000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA68CD000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7DA4000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF083000 \SystemRoot\System32\ati3duag.dll
    0xBF257000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9281000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xA50C3000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xA6BB3000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF72CC000 \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS
    0xA4FF3000 \SystemRoot\System32\DRIVERS\srv.sys
    0xF5632000 \SystemRoot\System32\DRIVERS\secdrv.sys
    0xA4C2E000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
    0xA4AE0000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101207.002\NAVEX15.SYS
    0xA4ACC000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101207.002\NAVENG.SYS
    0xA4AB7000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF77AE000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA434C000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA4029000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 38):
    0 System Idle Process
    4 System
    632 C:\WINDOWS\SYSTEM32\smss.exe
    696 csrss.exe
    720 C:\WINDOWS\SYSTEM32\winlogon.exe
    768 C:\WINDOWS\SYSTEM32\services.exe
    780 C:\WINDOWS\SYSTEM32\lsass.exe
    952 C:\WINDOWS\SYSTEM32\ati2evxx.exe
    968 C:\WINDOWS\SYSTEM32\svchost.exe
    1040 svchost.exe
    1080 C:\WINDOWS\SYSTEM32\svchost.exe
    1164 svchost.exe
    1200 svchost.exe
    1344 C:\WINDOWS\SYSTEM32\brsvc01a.exe
    1372 C:\WINDOWS\SYSTEM32\brss01a.exe
    1376 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1448 svchost.exe
    1480 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1492 C:\Program Files\Bonjour\mDNSResponder.exe
    1512 C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
    1552 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    1580 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    256 C:\WINDOWS\SYSTEM32\svchost.exe
    312 wdfmgr.exe
    2280 alg.exe
    2460 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    2548 C:\WINDOWS\explorer.exe
    2892 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    2900 C:\Program Files\Dell\Media Experience\PCMService.exe
    2908 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    2932 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    2984 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    3000 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    3072 C:\WINDOWS\SYSTEM32\ctfmon.exe
    3236 C:\WINDOWS\SYSTEM32\svchost.exe
    3760 wmiprvse.exe
    2572 C:\WINDOWS\SYSTEM32\bsplmf01.exe
    3384 C:\Documents and Settings\gary\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)

    PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.05

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: E66C176942DF42CCFE7A0113EAFF39E82F8B0047


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  18. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    ...and Combofix log....
     
  19. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    Combofix log:

    ComboFix 10-12-08.04 - gary 09/12/2010 18:47:57.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.482 [GMT 0:00]
    Running from: c:\documents and settings\gary\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\gary\Application Data\.#
    c:\documents and settings\gary\Application Data\alot
    c:\documents and settings\karen\Application Data\alot
    c:\program files\outlook
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\system32\web.dat

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
    .

    2010-12-05 18:32 . 2010-12-05 18:32 -------- d-----w- c:\documents and settings\gary\Application Data\Malwarebytes
    2010-12-05 18:31 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-05 18:31 . 2010-12-05 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-05 18:31 . 2010-12-05 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-05 18:31 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-30 20:47 . 2010-11-30 20:47 -------- d-----w- c:\documents and settings\gary\Local Settings\Application Data\Sports Interactive
    2010-11-29 12:26 . 2010-11-29 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
    2010-11-29 10:08 . 2010-11-29 10:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
    2010-11-29 10:05 . 2010-11-29 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest
    2010-11-29 10:03 . 2010-12-04 12:39 -------- d-----w- C:\_Backup
    2010-11-29 10:02 . 2010-11-29 10:52 -------- d-----w- c:\documents and settings\gary\Application Data\Avanquest
    2010-11-29 10:02 . 2010-12-04 12:40 -------- d-----w- c:\program files\Common Files\AntiVirus
    2010-11-29 10:01 . 2010-11-29 10:01 -------- d-----w- c:\program files\Avanquest

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-26 21:42 . 2010-10-26 21:42 53248 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}\ARPPRODUCTICON.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\DesktopMgr.exe
    2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
    2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
    2010-10-13 13:58 . 2010-10-04 17:44 1139200 ----a-w- c:\windows\bsdsetup.dll
    2010-09-18 11:23 . 2002-08-29 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2002-08-29 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2002-08-29 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2002-08-29 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=

    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R3 kbeepm;kbeepm;c:\docume~1\gary\LOCALS~1\Temp\kbeepm.sys [x]
    R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2006-11-09 2560]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2005-12-27 664064]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-04 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-21 102448]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101208.001\IDSxpx86.sys [2010-11-09 341944]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2010-12-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - doreen.job
    - c:\program files\Norton Internet Security\Engine\17.8.0.5\navw32.exe [2010-09-24 19:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sky.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: Search with Freeserve - c:\progra~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
    IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD}
    DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 20:11
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST316002 rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe catchme.sys >>UNKNOWN [0x86FC5EB0]<<
    c:\docume~1\gary\LOCALS~1\Temp\catchme.sys
    _asm { MOV EAX, 0x86fc5dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x86fa2eb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F72AB8]
    \Driver\Disk[0x86F89910] -> IRP_MJ_CREATE -> 0x86FC5EB0
    kernel: MBR read successfully
    _asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
    detected disk devices:
    detected hooks:
    \Driver\Disk -> 0x86fc5eb0
    \Driver\iaStor -> 0x86fc50e8
    user & kernel MBR OK
    Warning: possible MBR rootkit infection !

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 10]
    "GameDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010"
    "SaveDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\"
    "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
    "LastSaveGame"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\Port Vale.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00009e3e
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000074
    "UniqueID"="44-0140-40FF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "HistoryDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\FM Genie Scout 10\\History Points"

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinID"=dword:00000001
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000000
    "WindowState"=dword:00000000
    "WindowHeight"=dword:000002e2
    "WindowWidth"=dword:000003fc
    "WindowLeft"=dword:00000042
    "WindowTop"=dword:0000003f
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "Currency"=dword:00000056

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000032
    "Position4"=dword:00000004
    "Visible4"=dword:00000001
    "Width4"=dword:00000032
    "Position5"=dword:00000005
    "Visible5"=dword:00000001
    "Width5"=dword:00000050
    "Position6"=dword:00000006
    "Visible6"=dword:00000001
    "Width6"=dword:00000050
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000002d
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000001e
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000001e
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000001e
    "Position13"=dword:0000000d
    "Visible13"=dword:00000001
    "Width13"=dword:0000003c
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000032
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:00000032
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000032
    "Position17"=dword:00000011
    "Visible17"=dword:00000001
    "Width17"=dword:00000050
    "Position18"=dword:00000012
    "Visible18"=dword:00000001
    "Width18"=dword:00000050
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000037
    "Position4"=dword:00000008
    "Visible4"=dword:00000001
    "Width4"=dword:00000023
    "Position5"=dword:00000009
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:0000000a
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:0000000c
    "Visible7"=dword:00000001
    "Width7"=dword:0000004b
    "Position8"=dword:0000000d
    "Visible8"=dword:00000001
    "Width8"=dword:0000004b
    "Position9"=dword:0000000e
    "Visible9"=dword:00000001
    "Width9"=dword:00000050
    "Position10"=dword:0000000f
    "Visible10"=dword:00000000
    "Width10"=dword:00000050
    "Position11"=dword:00000010
    "Visible11"=dword:00000000
    "Width11"=dword:0000004b
    "Position12"=dword:00000011
    "Visible12"=dword:00000000
    "Width12"=dword:0000002d
    "Position13"=dword:00000012
    "Visible13"=dword:00000000
    "Width13"=dword:0000003c
    "Position14"=dword:00000013
    "Visible14"=dword:00000000
    "Width14"=dword:0000004b
    "Position15"=dword:00000014
    "Visible15"=dword:00000000
    "Width15"=dword:00000064
    "Position16"=dword:00000015
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000016
    "Visible17"=dword:00000000
    "Width17"=dword:0000004b
    "Position18"=dword:00000017
    "Visible18"=dword:00000000
    "Width18"=dword:00000064
    "Position19"=dword:00000018
    "Visible19"=dword:00000000
    "Width19"=dword:0000003c
    "Position20"=dword:00000019
    "Visible20"=dword:00000000
    "Width20"=dword:0000004b
    "Position21"=dword:0000001a
    "Visible21"=dword:00000000
    "Width21"=dword:00000050
    "Position22"=dword:0000001b
    "Visible22"=dword:00000000
    "Width22"=dword:00000073
    "Position23"=dword:0000001c
    "Visible23"=dword:00000000
    "Width23"=dword:00000050
    "Position24"=dword:0000001d
    "Visible24"=dword:00000000
    "Width24"=dword:0000005a
    "Position25"=dword:0000001e
    "Visible25"=dword:00000000
    "Width25"=dword:0000006e
    "Position26"=dword:0000001f
    "Visible26"=dword:00000000
    "Width26"=dword:00000064
    "Position27"=dword:00000020
    "Visible27"=dword:00000000
    "Width27"=dword:00000087
    "Position28"=dword:00000021
    "Visible28"=dword:00000000
    "Width28"=dword:00000064
    "Position29"=dword:00000022
    "Visible29"=dword:00000000
    "Width29"=dword:00000064
    "Position30"=dword:00000023
    "Visible30"=dword:00000000
    "Width30"=dword:00000046
    "Position31"=dword:00000024
    "Visible31"=dword:00000000
    "Width31"=dword:0000004b
    "Position32"=dword:00000025
    "Visible32"=dword:00000000
    "Width32"=dword:00000046
    "Position33"=dword:00000026
    "Visible33"=dword:00000000
    "Width33"=dword:0000004b
    "Position34"=dword:00000027
    "Visible34"=dword:00000000
    "Width34"=dword:0000003c
    "Position35"=dword:00000028
    "Visible35"=dword:00000000
    "Width35"=dword:00000064
    "Position36"=dword:00000029
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:0000002a
    "Visible37"=dword:00000000
    "Width37"=dword:0000005f
    "Position38"=dword:0000002b
    "Visible38"=dword:00000000
    "Width38"=dword:00000091
    "Position39"=dword:0000002c
    "Visible39"=dword:00000000
    "Width39"=dword:0000003c
    "Position40"=dword:0000002d
    "Visible40"=dword:00000000
    "Width40"=dword:0000005a
    "Position41"=dword:0000002e
    "Visible41"=dword:00000000
    "Width41"=dword:00000041
    "Position42"=dword:0000002f
    "Visible42"=dword:00000000
    "Width42"=dword:00000050
    "Position43"=dword:00000030
    "Visible43"=dword:00000000
    "Width43"=dword:00000055
    "Position44"=dword:00000031
    "Visible44"=dword:00000000
    "Width44"=dword:0000005f
    "Position45"=dword:00000032
    "Visible45"=dword:00000000
    "Width45"=dword:00000050
    "Position46"=dword:00000033
    "Visible46"=dword:00000000
    "Width46"=dword:0000004b
    "Position47"=dword:00000034
    "Visible47"=dword:00000000
    "Width47"=dword:0000004b
    "Position48"=dword:00000035
    "Visible48"=dword:00000000
    "Width48"=dword:00000046
    "Position49"=dword:00000036
    "Visible49"=dword:00000000
    "Width49"=dword:00000032
    "Position50"=dword:00000037
    "Visible50"=dword:00000000
    "Width50"=dword:0000003c
    "Position51"=dword:00000038
    "Visible51"=dword:00000000
    "Width51"=dword:0000004b
    "Position52"=dword:00000039
    "Visible52"=dword:00000000
    "Width52"=dword:0000003c
    "Position53"=dword:0000003a
    "Visible53"=dword:00000000
    "Width53"=dword:00000037
    "Position54"=dword:0000003b
    "Visible54"=dword:00000000
    "Width54"=dword:00000069
    "Position55"=dword:0000003c
    "Visible55"=dword:00000000
    "Width55"=dword:0000005a
    "Position56"=dword:0000003d
    "Visible56"=dword:00000000
    "Width56"=dword:0000004b
    "Position57"=dword:0000003e
    "Visible57"=dword:00000000
    "Width57"=dword:0000004b
    "Position58"=dword:0000003f
    "Visible58"=dword:00000000
    "Width58"=dword:00000037
    "Position59"=dword:00000040
    "Visible59"=dword:00000000
    "Width59"=dword:0000003c
    "Position60"=dword:00000041
    "Visible60"=dword:00000000
    "Width60"=dword:0000003c
    "Position61"=dword:00000042
    "Visible61"=dword:00000000
    "Width61"=dword:00000041
    "Position62"=dword:00000043
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:00000044
    "Visible63"=dword:00000000
    "Width63"=dword:0000003c
    "Position64"=dword:00000045
    "Visible64"=dword:00000000
    "Width64"=dword:0000003c
    "Position65"=dword:00000046
    "Visible65"=dword:00000000
    "Width65"=dword:0000004b
    "Position66"=dword:00000047
    "Visible66"=dword:00000000
    "Width66"=dword:0000003c
    "Position67"=dword:00000048
    "Visible67"=dword:00000000
    "Width67"=dword:00000046
    "Position68"=dword:00000049
    "Visible68"=dword:00000000
    "Width68"=dword:00000028
    "Position69"=dword:0000004a
    "Visible69"=dword:00000000
    "Width69"=dword:00000041
    "Position70"=dword:0000004b
    "Visible70"=dword:00000000
    "Width70"=dword:0000003c
    "Position71"=dword:0000004c
    "Visible71"=dword:00000000
    "Width71"=dword:00000069
    "Position72"=dword:0000004d
    "Visible72"=dword:00000000
    "Width72"=dword:00000041
    "Position73"=dword:0000004e
    "Visible73"=dword:00000000
    "Width73"=dword:0000005f
    "Position74"=dword:0000004f
    "Visible74"=dword:00000000
    "Width74"=dword:0000003c
    "Position75"=dword:00000050
    "Visible75"=dword:00000000
    "Width75"=dword:00000037
    "Position76"=dword:00000051
    "Visible76"=dword:00000000
    "Width76"=dword:0000004b
    "Position77"=dword:00000052
    "Visible77"=dword:00000000
    "Width77"=dword:00000050
    "Position78"=dword:00000053
    "Visible78"=dword:00000000
    "Width78"=dword:00000037
    "Position79"=dword:00000054
    "Visible79"=dword:00000000
    "Width79"=dword:00000037
    "Position80"=dword:00000055
    "Visible80"=dword:00000000
    "Width80"=dword:0000005a
    "Position81"=dword:00000056
    "Visible81"=dword:00000000
    "Width81"=dword:0000004b
    "Position82"=dword:00000057
    "Visible82"=dword:00000000
    "Width82"=dword:00000055
    "Position83"=dword:00000058
    "Visible83"=dword:00000000
    "Width83"=dword:0000002d
    "Position84"=dword:00000059
    "Visible84"=dword:00000000
    "Width84"=dword:00000037
    "Position85"=dword:0000005a
    "Visible85"=dword:00000000
    "Width85"=dword:0000003c
    "Position86"=dword:0000005b
    "Visible86"=dword:00000000
    "Width86"=dword:00000046
    "Position87"=dword:0000005c
    "Visible87"=dword:00000000
    "Width87"=dword:0000003c
    "Position88"=dword:0000005d
    "Visible88"=dword:00000000
    "Width88"=dword:0000005a
    "Position89"=dword:0000005e
    "Visible89"=dword:00000000
    "Width89"=dword:0000003c
    "Position90"=dword:0000005f
    "Visible90"=dword:00000000
    "Width90"=dword:00000050
    "Position91"=dword:00000060
    "Visible91"=dword:00000000
    "Width91"=dword:00000046
    "Position92"=dword:00000061
    "Visible92"=dword:00000000
    "Width92"=dword:0000005a
    "Position93"=dword:00000062
    "Visible93"=dword:00000000
    "Width93"=dword:00000037
    "Position94"=dword:00000063
    "Visible94"=dword:00000000
    "Width94"=dword:0000003c
    "Position95"=dword:00000064
    "Visible95"=dword:00000000
    "Width95"=dword:0000003c
    "Position96"=dword:00000065
    "Visible96"=dword:00000000
    "Width96"=dword:00000046
    "Position97"=dword:00000066
    "Visible97"=dword:00000000
    "Width97"=dword:00000046
    "Position98"=dword:00000067
    "Visible98"=dword:00000000
    "Width98"=dword:00000055
    "Position99"=dword:00000068
    "Visible99"=dword:00000000
    "Width99"=dword:00000073
    "Position100"=dword:00000069
    "Visible100"=dword:00000000
    "Width100"=dword:00000041
    "Position101"=dword:0000006a
    "Visible101"=dword:00000000
    "Width101"=dword:0000003c
    "Position102"=dword:0000006b
    "Visible102"=dword:00000000
    "Width102"=dword:0000003c
    "Position103"=dword:0000006c
    "Visible103"=dword:00000000
    "Width103"=dword:00000046
    "Position104"=dword:0000006d
    "Visible104"=dword:00000000
    "Width104"=dword:0000003c
    "Position105"=dword:0000006e
    "Visible105"=dword:00000000
    "Width105"=dword:00000041
    "Position106"=dword:0000006f
    "Visible106"=dword:00000001
    "Width106"=dword:00000050
    "Position107"=dword:0000000b
    "Visible107"=dword:00000001
    "Width107"=dword:00000028
    "Position108"=dword:00000070
    "Visible108"=dword:00000000
    "Width108"=dword:00000050
    "Position109"=dword:00000071
    "Visible109"=dword:00000000
    "Width109"=dword:00000050
    "Position110"=dword:00000072
    "Visible110"=dword:00000000
    "Width110"=dword:00000055
    "Position111"=dword:00000073
    "Visible111"=dword:00000000
    "Width111"=dword:00000082
    "Position112"=dword:00000074
    "Visible112"=dword:00000000
    "Width112"=dword:00000087
    "Position113"=dword:00000075
    "Visible113"=dword:00000000
    "Width113"=dword:0000000a
    "Position114"=dword:00000076
    "Visible114"=dword:00000000
    "Width114"=dword:0000000a
    "Position115"=dword:00000077
    "Visible115"=dword:00000000
    "Width115"=dword:00000072
    "Position116"=dword:00000078
    "Visible116"=dword:00000000
    "Width116"=dword:0000000a
    "Position117"=dword:00000079
    "Visible117"=dword:00000000
    "Width117"=dword:0000000a
    "Position118"=dword:0000007a
    "Visible118"=dword:00000000
    "Width118"=dword:0000000a
    "Position119"=dword:0000007b
    "Visible119"=dword:00000000
    "Width119"=dword:0000000a
    "Position120"=dword:0000007c
    "Visible120"=dword:00000000
    "Width120"=dword:0000000a
    "Position121"=dword:0000007d
    "Visible121"=dword:00000000
    "Width121"=dword:0000000a
    "Position122"=dword:0000007e
    "Visible122"=dword:00000000
    "Width122"=dword:0000000a
    "Position123"=dword:0000007f
    "Visible123"=dword:00000000
    "Width123"=dword:0000000a
    "Position124"=dword:00000080
    "Visible124"=dword:00000000
    "Width124"=dword:0000000a
    "Position125"=dword:00000081
    "Visible125"=dword:00000000
    "Width125"=dword:0000000a
    "Position126"=dword:00000082
    "Visible126"=dword:00000000
    "Width126"=dword:0000000a
    "Position127"=dword:00000083
    "Visible127"=dword:00000000
    "Width127"=dword:0000000a
    "Position128"=dword:00000084
    "Visible128"=dword:00000000
    "Width128"=dword:0000000a
    "Position129"=dword:00000085
    "Visible129"=dword:00000000
    "Width129"=dword:0000000a
    "Position130"=dword:00000086
    "Visible130"=dword:00000000
    "Width130"=dword:0000000a
    "Position131"=dword:00000087
    "Visible131"=dword:00000000
    "Width131"=dword:0000000a
    "Position132"=dword:00000088
    "Visible132"=dword:00000000
    "Width132"=dword:0000000a
    "Position133"=dword:00000089
    "Visible133"=dword:00000000
    "Width133"=dword:0000000a
    "Position134"=dword:0000008a
    "Visible134"=dword:00000000
    "Width134"=dword:0000000a
    "Position135"=dword:0000008b
    "Visible135"=dword:00000000
    "Width135"=dword:0000000a
    "Position136"=dword:0000008c
    "Visible136"=dword:00000000
    "Width136"=dword:0000000a
    "Position137"=dword:0000008d
    "Visible137"=dword:00000000
    "Width137"=dword:0000000a
    "Position138"=dword:0000008e
    "Visible138"=dword:00000000
    "Width138"=dword:0000000a
    "Position139"=dword:0000008f
    "Visible139"=dword:00000000
    "Width139"=dword:0000000a
    "Position140"=dword:00000090
    "Visible140"=dword:00000000
    "Width140"=dword:0000000a
    "Position141"=dword:00000091
    "Visible141"=dword:00000000
    "Width141"=dword:0000000a
    "Position142"=dword:00000092
    "Visible142"=dword:00000000
    "Width142"=dword:0000000a
    "Position143"=dword:00000093
    "Visible143"=dword:00000000
    "Width143"=dword:0000000a
    "Position144"=dword:00000094
    "Visible144"=dword:00000000
    "Width144"=dword:0000000a
    "Position145"=dword:00000095
    "Visible145"=dword:00000000
    "Width145"=dword:00000050
    "Position146"=dword:00000004
    "Visible146"=dword:00000000
    "Width146"=dword:00000037
    "Position147"=dword:00000005
    "Visible147"=dword:00000000
    "Width147"=dword:00000028
    "Position148"=dword:00000006
    "Visible148"=dword:00000000
    "Width148"=dword:00000037
    "Position149"=dword:00000007
    "Visible149"=dword:00000001
    "Width149"=dword:00000028

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000069
    "Position4"=dword:00000005
    "Visible4"=dword:00000001
    "Width4"=dword:00000028
    "Position5"=dword:00000006
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:00000004
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
     
  20. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000004b
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000002d
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000003c
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000004b
    "Position13"=dword:0000000d
    "Visible13"=dword:00000000
    "Width13"=dword:00000064
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000064
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:0000004b
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000011
    "Visible17"=dword:00000000
    "Width17"=dword:0000003c
    "Position18"=dword:00000012
    "Visible18"=dword:00000000
    "Width18"=dword:0000004b
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050
    "Position20"=dword:00000014
    "Visible20"=dword:00000000
    "Width20"=dword:00000046
    "Position21"=dword:00000015
    "Visible21"=dword:00000000
    "Width21"=dword:0000004b
    "Position22"=dword:00000016
    "Visible22"=dword:00000000
    "Width22"=dword:00000046
    "Position23"=dword:00000017
    "Visible23"=dword:00000000
    "Width23"=dword:00000046
    "Position24"=dword:00000018
    "Visible24"=dword:00000000
    "Width24"=dword:0000003c
    "Position25"=dword:00000019
    "Visible25"=dword:00000000
    "Width25"=dword:00000041
    "Position26"=dword:0000001a
    "Visible26"=dword:00000000
    "Width26"=dword:0000003c
    "Position27"=dword:0000001b
    "Visible27"=dword:00000000
    "Width27"=dword:00000055
    "Position28"=dword:0000001c
    "Visible28"=dword:00000000
    "Width28"=dword:00000069
    "Position29"=dword:0000001d
    "Visible29"=dword:00000000
    "Width29"=dword:0000006e
    "Position30"=dword:0000001e
    "Visible30"=dword:00000000
    "Width30"=dword:00000064
    "Position31"=dword:0000001f
    "Visible31"=dword:00000000
    "Width31"=dword:00000078
    "Position32"=dword:00000020
    "Visible32"=dword:00000000
    "Width32"=dword:00000064
    "Position33"=dword:00000021
    "Visible33"=dword:00000000
    "Width33"=dword:00000087
    "Position34"=dword:00000022
    "Visible34"=dword:00000000
    "Width34"=dword:00000069
    "Position35"=dword:00000023
    "Visible35"=dword:00000000
    "Width35"=dword:0000006e
    "Position36"=dword:00000024
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000025
    "Visible37"=dword:00000000
    "Width37"=dword:0000004b
    "Position38"=dword:00000026
    "Visible38"=dword:00000000
    "Width38"=dword:0000002d
    "Position39"=dword:00000027
    "Visible39"=dword:00000000
    "Width39"=dword:00000055
    "Position40"=dword:00000028
    "Visible40"=dword:00000000
    "Width40"=dword:00000046
    "Position41"=dword:00000029
    "Visible41"=dword:00000000
    "Width41"=dword:0000004b
    "Position42"=dword:0000002a
    "Visible42"=dword:00000000
    "Width42"=dword:0000003c
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000046
    "Position44"=dword:0000002c
    "Visible44"=dword:00000000
    "Width44"=dword:00000073
    "Position45"=dword:0000002d
    "Visible45"=dword:00000000
    "Width45"=dword:0000004b
    "Position46"=dword:0000002e
    "Visible46"=dword:00000000
    "Width46"=dword:00000073
    "Position47"=dword:0000002f
    "Visible47"=dword:00000000
    "Width47"=dword:0000007d
    "Position48"=dword:00000030
    "Visible48"=dword:00000000
    "Width48"=dword:0000006e
    "Position49"=dword:00000031
    "Visible49"=dword:00000000
    "Width49"=dword:00000037
    "Position50"=dword:00000032
    "Visible50"=dword:00000000
    "Width50"=dword:00000064
    "Position51"=dword:00000033
    "Visible51"=dword:00000000
    "Width51"=dword:00000037
    "Position52"=dword:00000034
    "Visible52"=dword:00000000
    "Width52"=dword:0000004b
    "Position53"=dword:00000035
    "Visible53"=dword:00000000
    "Width53"=dword:00000046
    "Position54"=dword:00000036
    "Visible54"=dword:00000000
    "Width54"=dword:00000037
    "Position55"=dword:00000037
    "Visible55"=dword:00000000
    "Width55"=dword:0000003c
    "Position56"=dword:00000038
    "Visible56"=dword:00000000
    "Width56"=dword:00000055
    "Position57"=dword:00000039
    "Visible57"=dword:00000000
    "Width57"=dword:0000003c
    "Position58"=dword:0000003a
    "Visible58"=dword:00000000
    "Width58"=dword:0000003c
    "Position59"=dword:0000003b
    "Visible59"=dword:00000000
    "Width59"=dword:00000055
    "Position60"=dword:0000003c
    "Visible60"=dword:00000000
    "Width60"=dword:00000046
    "Position61"=dword:0000003d
    "Visible61"=dword:00000000
    "Width61"=dword:0000004b
    "Position62"=dword:0000003e
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000003f
    "Visible63"=dword:00000000
    "Width63"=dword:0000005a
    "Position64"=dword:00000040
    "Visible64"=dword:00000000
    "Width64"=dword:0000006e
    "Position65"=dword:00000041
    "Visible65"=dword:00000000
    "Width65"=dword:00000050
    "Position66"=dword:00000042
    "Visible66"=dword:00000000
    "Width66"=dword:00000032
    "Position67"=dword:00000043
    "Visible67"=dword:00000000
    "Width67"=dword:00000064
    "Position68"=dword:00000044
    "Visible68"=dword:00000000
    "Width68"=dword:0000004b
    "Position69"=dword:00000045
    "Visible69"=dword:00000000
    "Width69"=dword:0000002d
    "Position70"=dword:00000046
    "Visible70"=dword:00000000
    "Width70"=dword:0000004b
    "Position71"=dword:00000047
    "Visible71"=dword:00000000
    "Width71"=dword:0000005a
    "Position72"=dword:00000048
    "Visible72"=dword:00000000
    "Width72"=dword:0000005a
    "Position73"=dword:00000049
    "Visible73"=dword:00000000
    "Width73"=dword:00000050
    "Position74"=dword:0000004a
    "Visible74"=dword:00000000
    "Width74"=dword:0000004b
    "Position75"=dword:0000004b
    "Visible75"=dword:00000000
    "Width75"=dword:00000050
    "Position76"=dword:0000004c
    "Visible76"=dword:00000000
    "Width76"=dword:0000005a
    "Position77"=dword:0000004d
    "Visible77"=dword:00000000
    "Width77"=dword:00000041
    "Position78"=dword:0000004e
    "Visible78"=dword:00000000
    "Width78"=dword:00000041
    "Position79"=dword:0000004f
    "Visible79"=dword:00000000
    "Width79"=dword:00000041
    "Position80"=dword:00000050
    "Visible80"=dword:00000000
    "Width80"=dword:00000041
    "Position81"=dword:00000051
    "Visible81"=dword:00000000
    "Width81"=dword:00000041
    "Position82"=dword:00000052
    "Visible82"=dword:00000000
    "Width82"=dword:00000041
    "Position83"=dword:00000053
    "Visible83"=dword:00000000
    "Width83"=dword:00000041
    "Position84"=dword:00000054
    "Visible84"=dword:00000000
    "Width84"=dword:00000041
    "Position85"=dword:00000055
    "Visible85"=dword:00000000
    "Width85"=dword:00000041
    "Position86"=dword:00000056
    "Visible86"=dword:00000000
    "Width86"=dword:00000050

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
    "GKWeightCoef"=dword:00000064
    "GKCurrentAbilityCoef"=dword:00000000
    "GKCornersCoef"=dword:00000000
    "GKCrossingCoef"=dword:00000000
    "GKDribblingCoef"=dword:00000000
    "GKFinishingCoef"=dword:00000000
    "GKFirstTouchCoef"=dword:00000000
    "GKFreeKicksCoef"=dword:00000000
    "GKHeadingCoef"=dword:00000000
    "GKLongShotsCoef"=dword:00000000
    "GKLongThrowsCoef"=dword:00000000
    "GKMarkingCoef"=dword:00000000
    "GKPassingCoef"=dword:00000000
    "GKPenaltiesCoef"=dword:00000000
    "GKTacklingCoef"=dword:00000005
    "GKTechniqueCoef"=dword:00000000
    "GKLeftFootCoef"=dword:00000000
    "GKRightFootCoef"=dword:00000000
    "GKAggressionCoef"=dword:0000000a
    "GKAnticipationCoef"=dword:00000005
    "GKBraveryCoef"=dword:00000014
    "GKComposureCoef"=dword:00000014
    "GKConcentrationCoef"=dword:0000000a
    "GKConsistencyCoef"=dword:0000000a
    "GKCreativityCoef"=dword:00000000
    "GKDecisionsCoef"=dword:00000014
    "GKDeterminationCoef"=dword:0000000a
    "GKDirtinessCoef"=dword:fffffffb
    "GKFlairCoef"=dword:00000000
    "GKImportantMatchesCoef"=dword:0000000a
    "GKInfluenceCoef"=dword:0000000a
    "GKOffTheBallCoef"=dword:00000000
    "GKPositioningCoef"=dword:00000050
    "GKTeamworkCoef"=dword:00000005
    "GKWorkRateCoef"=dword:00000000
    "GKAccelerationCoef"=dword:00000005
    "GKAgilityCoef"=dword:0000000a
    "GKBalanceCoef"=dword:0000000a
    "GKInjuryPronenessCoef"=dword:fffffffb
    "GKJumpingCoef"=dword:00000050
    "GKNaturalFitnessCoef"=dword:00000005
    "GKPaceCoef"=dword:00000000
    "GKStaminaCoef"=dword:00000000
    "GKStrengthCoef"=dword:0000000a
    "GKVersatilityCoef"=dword:00000000
    "GKAerialAbilityCoef"=dword:00000032
    "GKCommandOfAreaCoef"=dword:00000014
    "GKCommunicationCoef"=dword:00000032
    "GKEccentricityCoef"=dword:ffffffec
    "GKHandlingCoef"=dword:00000064
    "GKKickingCoef"=dword:0000000a
    "GKOneOnOnesCoef"=dword:00000032
    "GKReflexesCoef"=dword:00000064
    "GKRushingOutCoef"=dword:00000014
    "GKTendencyToPunchCoef"=dword:fffffff6
    "GKThrowingCoef"=dword:0000000a
    "GKAdaptabilityCoef"=dword:00000005
    "GKAmbitionCoef"=dword:0000000a
    "GKControversyCoef"=dword:fffffffb
    "GKLoyalityCoef"=dword:00000005
    "GKPressureCoef"=dword:00000005
    "GKProfessionalismCoef"=dword:00000005
    "GKSportsmanshipCoef"=dword:00000005
    "GKTemperamentCoef"=dword:00000005
    "SWWeightCoef"=dword:00000066
    "SWCurrentAbilityCoef"=dword:00000000
    "SWCornersCoef"=dword:00000000
    "SWCrossingCoef"=dword:00000000
    "SWDribblingCoef"=dword:00000000
    "SWFinishingCoef"=dword:00000000
    "SWFirstTouchCoef"=dword:00000014
    "SWFreeKicksCoef"=dword:0000000a
    "SWHeadingCoef"=dword:00000064
    "SWLongShotsCoef"=dword:0000000a
    "SWLongThrowsCoef"=dword:00000000
    "SWMarkingCoef"=dword:00000064
    "SWPassingCoef"=dword:0000000a
    "SWPenaltiesCoef"=dword:00000005
    "SWTacklingCoef"=dword:00000064
    "SWTechniqueCoef"=dword:0000000a
    "SWLeftFootCoef"=dword:00000005
    "SWRightFootCoef"=dword:00000005
    "SWAggressionCoef"=dword:00000014
    "SWAnticipationCoef"=dword:00000014
    "SWBraveryCoef"=dword:00000028
    "SWComposureCoef"=dword:00000028
    "SWConcentrationCoef"=dword:0000003c
    "SWConsistencyCoef"=dword:0000000a
    "SWCreativityCoef"=dword:0000000a
    "SWDecisionsCoef"=dword:00000014
    "SWDeterminationCoef"=dword:0000000a
    "SWDirtinessCoef"=dword:ffffffe7
    "SWFlairCoef"=dword:00000000
    "SWImportantMatchesCoef"=dword:0000000a
    "SWInfluenceCoef"=dword:0000000a
    "SWOffTheBallCoef"=dword:0000000a
    "SWPositioningCoef"=dword:00000064
    "SWTeamworkCoef"=dword:00000028
    "SWWorkRateCoef"=dword:00000014
    "SWAccelerationCoef"=dword:0000001e
    "SWAgilityCoef"=dword:0000000a
    "SWBalanceCoef"=dword:00000014
    "SWInjuryPronenessCoef"=dword:fffffffb
    "SWJumpingCoef"=dword:00000064
    "SWNaturalFitnessCoef"=dword:00000005
    "SWPaceCoef"=dword:00000014
    "SWStaminaCoef"=dword:0000000a
    "SWStrengthCoef"=dword:00000050
    "SWVersatilityCoef"=dword:00000005
    "SWAerialAbilityCoef"=dword:00000000
    "SWCommandOfAreaCoef"=dword:00000000
    "SWCommunicationCoef"=dword:00000000
    "SWEccentricityCoef"=dword:00000000
    "SWHandlingCoef"=dword:00000000
    "SWKickingCoef"=dword:00000000
    "SWOneOnOnesCoef"=dword:00000005
    "SWReflexesCoef"=dword:00000005
    "SWRushingOutCoef"=dword:00000000
    "SWTendencyToPunchCoef"=dword:00000000
    "SWThrowingCoef"=dword:00000000
    "SWAdaptabilityCoef"=dword:00000005
    "SWAmbitionCoef"=dword:0000000a
    "SWControversyCoef"=dword:fffffffb
    "SWLoyalityCoef"=dword:00000005
    "SWPressureCoef"=dword:00000005
    "SWProfessionalismCoef"=dword:00000005
    "SWSportsmanshipCoef"=dword:00000005
    "SWTemperamentCoef"=dword:00000005
    "CBWeightCoef"=dword:00000064
    "CBCurrentAbilityCoef"=dword:00000000
    "CBCornersCoef"=dword:00000000
    "CBCrossingCoef"=dword:00000000
    "CBDribblingCoef"=dword:00000000
    "CBFinishingCoef"=dword:00000000
    "CBFirstTouchCoef"=dword:00000014
    "CBFreeKicksCoef"=dword:0000000a
    "CBHeadingCoef"=dword:00000064
    "CBLongShotsCoef"=dword:0000000a
    "CBLongThrowsCoef"=dword:00000000
    "CBMarkingCoef"=dword:00000050
    "CBPassingCoef"=dword:00000014
    "CBPenaltiesCoef"=dword:00000005
    "CBTacklingCoef"=dword:00000064
    "CBTechniqueCoef"=dword:0000000a
    "CBLeftFootCoef"=dword:00000005
    "CBRightFootCoef"=dword:00000005
    "CBAggressionCoef"=dword:00000014
    "CBAnticipationCoef"=dword:00000014
    "CBBraveryCoef"=dword:00000028
    "CBComposureCoef"=dword:00000014
    "CBConcentrationCoef"=dword:00000028
    "CBConsistencyCoef"=dword:0000000a
    "CBCreativityCoef"=dword:0000000a
    "CBDecisionsCoef"=dword:00000014
    "CBDeterminationCoef"=dword:0000000a
    "CBDirtinessCoef"=dword:ffffffec
    "CBFlairCoef"=dword:00000000
    "CBImportantMatchesCoef"=dword:0000000a
    "CBInfluenceCoef"=dword:0000000a
    "CBOffTheBallCoef"=dword:0000000a
    "CBPositioningCoef"=dword:00000050
    "CBTeamworkCoef"=dword:00000028
    "CBWorkRateCoef"=dword:00000014
    "CBAccelerationCoef"=dword:00000028
    "CBAgilityCoef"=dword:0000000a
    "CBBalanceCoef"=dword:00000014
    "CBInjuryPronenessCoef"=dword:fffffffb
    "CBJumpingCoef"=dword:00000064
    "CBNaturalFitnessCoef"=dword:00000005
    "CBPaceCoef"=dword:0000001e
    "CBStaminaCoef"=dword:0000000a
    "CBStrengthCoef"=dword:0000003c
    "CBVersatilityCoef"=dword:00000005
    "CBAerialAbilityCoef"=dword:00000000
    "CBCommandOfAreaCoef"=dword:00000000
    "CBCommunicationCoef"=dword:00000000
    "CBEccentricityCoef"=dword:00000000
    "CBHandlingCoef"=dword:00000000
    "CBKickingCoef"=dword:00000000
    "CBOneOnOnesCoef"=dword:00000005
    "CBReflexesCoef"=dword:00000005
    "CBRushingOutCoef"=dword:00000000
    "CBTendencyToPunchCoef"=dword:00000000
    "CBThrowingCoef"=dword:00000000
    "CBAdaptabilityCoef"=dword:00000005
    "CBAmbitionCoef"=dword:0000000a
    "CBControversyCoef"=dword:fffffffb
    "CBLoyalityCoef"=dword:00000005
    "CBPressureCoef"=dword:00000005
    "CBProfessionalismCoef"=dword:00000005
    "CBSportsmanshipCoef"=dword:00000005
    "CBTemperamentCoef"=dword:00000005
    "FBWeightCoef"=dword:00000069
    "FBCurrentAbilityCoef"=dword:00000000
    "FBCornersCoef"=dword:0000000a
    "FBCrossingCoef"=dword:0000001e
    "FBDribblingCoef"=dword:00000014
    "FBFinishingCoef"=dword:00000000
    "FBFirstTouchCoef"=dword:00000014
    "FBFreeKicksCoef"=dword:0000000a
    "FBHeadingCoef"=dword:0000003c
    "FBLongShotsCoef"=dword:0000000a
    "FBLongThrowsCoef"=dword:0000000a
    "FBMarkingCoef"=dword:0000003c
    "FBPassingCoef"=dword:0000001e
    "FBPenaltiesCoef"=dword:00000005
    "FBTacklingCoef"=dword:00000064
    "FBTechniqueCoef"=dword:00000014
    "FBLeftFootCoef"=dword:00000005
    "FBRightFootCoef"=dword:00000005
    "FBAggressionCoef"=dword:0000000f
    "FBAnticipationCoef"=dword:00000050
    "FBBraveryCoef"=dword:00000014
    "FBComposureCoef"=dword:0000000a
    "FBConcentrationCoef"=dword:0000001e
    "FBConsistencyCoef"=dword:0000000a
    "FBCreativityCoef"=dword:0000000a
    "FBDecisionsCoef"=dword:00000014
    "FBDeterminationCoef"=dword:0000000a
    "FBDirtinessCoef"=dword:fffffff6
    "FBFlairCoef"=dword:00000005
    "FBImportantMatchesCoef"=dword:0000000a
    "FBInfluenceCoef"=dword:0000000a
    "FBOffTheBallCoef"=dword:00000014
    "FBPositioningCoef"=dword:00000064
    "FBTeamworkCoef"=dword:00000014
    "FBWorkRateCoef"=dword:00000014
    "FBAccelerationCoef"=dword:0000003c
    "FBAgilityCoef"=dword:0000000a
    "FBBalanceCoef"=dword:00000014
    "FBInjuryPronenessCoef"=dword:fffffffb
    "FBJumpingCoef"=dword:0000003c
    "FBNaturalFitnessCoef"=dword:00000005
    "FBPaceCoef"=dword:00000050
    "FBStaminaCoef"=dword:0000003c
    "FBStrengthCoef"=dword:00000028
    "FBVersatilityCoef"=dword:00000005
    "FBAerialAbilityCoef"=dword:00000000
    "FBCommandOfAreaCoef"=dword:00000000
    "FBCommunicationCoef"=dword:00000000
    "FBEccentricityCoef"=dword:00000000
    "FBHandlingCoef"=dword:00000000
    "FBKickingCoef"=dword:00000000
    "FBOneOnOnesCoef"=dword:00000005
    "FBReflexesCoef"=dword:00000005
    "FBRushingOutCoef"=dword:00000000
    "FBTendencyToPunchCoef"=dword:00000000
    "FBThrowingCoef"=dword:00000000
    "FBAdaptabilityCoef"=dword:00000005
    "FBAmbitionCoef"=dword:0000000a
    "FBControversyCoef"=dword:fffffffb
    "FBLoyalityCoef"=dword:00000005
    "FBPressureCoef"=dword:00000005
    "FBProfessionalismCoef"=dword:00000005
    "FBSportsmanshipCoef"=dword:00000005
    "FBTemperamentCoef"=dword:00000005
    "WBWeightCoef"=dword:0000006c
    "WBCurrentAbilityCoef"=dword:00000000
    "WBCornersCoef"=dword:0000000a
    "WBCrossingCoef"=dword:0000003c
    "WBDribblingCoef"=dword:00000028
    "WBFinishingCoef"=dword:0000000a
    "WBFirstTouchCoef"=dword:00000014
    "WBFreeKicksCoef"=dword:0000000a
    "WBHeadingCoef"=dword:00000028
    "WBLongShotsCoef"=dword:00000014
    "WBLongThrowsCoef"=dword:0000000a
    "WBMarkingCoef"=dword:0000003c
    "WBPassingCoef"=dword:00000028
    "WBPenaltiesCoef"=dword:00000005
    "WBTacklingCoef"=dword:00000064
    "WBTechniqueCoef"=dword:00000028
    "WBLeftFootCoef"=dword:00000005
    "WBRightFootCoef"=dword:00000005
    "WBAggressionCoef"=dword:0000000a
    "WBAnticipationCoef"=dword:00000050
    "WBBraveryCoef"=dword:0000000a
    "WBComposureCoef"=dword:0000000a
    "WBConcentrationCoef"=dword:00000014
    "WBConsistencyCoef"=dword:0000000a
    "WBCreativityCoef"=dword:00000014
    "WBDecisionsCoef"=dword:00000014
    "WBDeterminationCoef"=dword:0000000a
    "WBDirtinessCoef"=dword:fffffff6
    "WBFlairCoef"=dword:0000000a
    "WBImportantMatchesCoef"=dword:0000000a
    "WBInfluenceCoef"=dword:0000000a
    "WBOffTheBallCoef"=dword:00000014
    "WBPositioningCoef"=dword:00000064
    "WBTeamworkCoef"=dword:00000014
    "WBWorkRateCoef"=dword:00000028
    "WBAccelerationCoef"=dword:00000050
    "WBAgilityCoef"=dword:0000000a
    "WBBalanceCoef"=dword:00000014
    "WBInjuryPronenessCoef"=dword:fffffffb
    "WBJumpingCoef"=dword:00000014
    "WBNaturalFitnessCoef"=dword:00000005
    "WBPaceCoef"=dword:00000064
    "WBStaminaCoef"=dword:00000050
    "WBStrengthCoef"=dword:00000028
    "WBVersatilityCoef"=dword:00000005
    "WBAerialAbilityCoef"=dword:00000000
    "WBCommandOfAreaCoef"=dword:00000000
    "WBCommunicationCoef"=dword:00000000
    "WBEccentricityCoef"=dword:00000000
    "WBHandlingCoef"=dword:00000000
    "WBKickingCoef"=dword:00000000
    "WBOneOnOnesCoef"=dword:00000005
    "WBReflexesCoef"=dword:00000005
    "WBRushingOutCoef"=dword:00000000
    "WBTendencyToPunchCoef"=dword:00000000
    "WBThrowingCoef"=dword:00000000
    "WBAdaptabilityCoef"=dword:00000005
    "WBAmbitionCoef"=dword:0000000a
    "WBControversyCoef"=dword:fffffffb
    "WBLoyalityCoef"=dword:00000005
    "WBPressureCoef"=dword:00000005
    "WBProfessionalismCoef"=dword:00000005
    "WBSportsmanshipCoef"=dword:00000005
    "WBTemperamentCoef"=dword:00000005
    "DMWeightCoef"=dword:00000067
    "DMCurrentAbilityCoef"=dword:00000000
    "DMCornersCoef"=dword:0000000a
    "DMCrossingCoef"=dword:0000001e
    "DMDribblingCoef"=dword:00000014
    "DMFinishingCoef"=dword:0000000a
    "DMFirstTouchCoef"=dword:0000001e
    "DMFreeKicksCoef"=dword:0000000a
    "DMHeadingCoef"=dword:00000028
    "DMLongShotsCoef"=dword:00000014
    "DMLongThrowsCoef"=dword:00000005
    "DMMarkingCoef"=dword:0000003c
    "DMPassingCoef"=dword:00000028
    "DMPenaltiesCoef"=dword:00000005
    "DMTacklingCoef"=dword:00000064
    "DMTechniqueCoef"=dword:0000001e
    "DMLeftFootCoef"=dword:00000005
    "DMRightFootCoef"=dword:00000005
    "DMAggressionCoef"=dword:00000028
    "DMAnticipationCoef"=dword:00000028
    "DMBraveryCoef"=dword:00000014
    "DMComposureCoef"=dword:0000000a
    "DMConcentrationCoef"=dword:00000014
    "DMConsistencyCoef"=dword:0000000a
    "DMCreativityCoef"=dword:00000014
    "DMDecisionsCoef"=dword:00000014
    "DMDeterminationCoef"=dword:0000000a
    "DMDirtinessCoef"=dword:fffffff6
    "DMFlairCoef"=dword:0000000a
    "DMImportantMatchesCoef"=dword:0000000a
    "DMInfluenceCoef"=dword:0000000a
    "DMOffTheBallCoef"=dword:0000001e
    "DMPositioningCoef"=dword:00000050
    "DMTeamworkCoef"=dword:00000028
    "DMWorkRateCoef"=dword:00000050
    "DMAccelerationCoef"=dword:00000028
    "DMAgilityCoef"=dword:0000000a
    "DMBalanceCoef"=dword:0000000a
    "DMInjuryPronenessCoef"=dword:fffffffb
    "DMJumpingCoef"=dword:00000028
    "DMNaturalFitnessCoef"=dword:00000005
    "DMPaceCoef"=dword:00000028
    "DMStaminaCoef"=dword:0000003c
    "DMStrengthCoef"=dword:00000028
    "DMVersatilityCoef"=dword:00000005
    "DMAerialAbilityCoef"=dword:00000000
    "DMCommandOfAreaCoef"=dword:00000000
    "DMCommunicationCoef"=dword:00000000
    "DMEccentricityCoef"=dword:00000000
    "DMHandlingCoef"=dword:00000000
    "DMKickingCoef"=dword:00000000
    "DMOneOnOnesCoef"=dword:00000005
    "DMReflexesCoef"=dword:00000005
    "DMRushingOutCoef"=dword:00000000
    "DMTendencyToPunchCoef"=dword:00000000
    "DMThrowingCoef"=dword:00000000
    "DMAdaptabilityCoef"=dword:00000005
    "DMAmbitionCoef"=dword:0000000a
    "DMControversyCoef"=dword:fffffffb
    "DMLoyalityCoef"=dword:00000005
    "DMPressureCoef"=dword:00000005
    "DMProfessionalismCoef"=dword:00000005
    "DMSportsmanshipCoef"=dword:00000005
    "DMTemperamentCoef"=dword:00000005
    "MWeightCoef"=dword:00000068
    "MCurrentAbilityCoef"=dword:00000000
    "MCornersCoef"=dword:0000000a
    "MCrossingCoef"=dword:00000028
    "MDribblingCoef"=dword:00000032
    "MFinishingCoef"=dword:00000014
    "MFirstTouchCoef"=dword:0000001e
    "MFreeKicksCoef"=dword:0000000a
    "MHeadingCoef"=dword:0000001e
    "MLongShotsCoef"=dword:00000014
    "MLongThrowsCoef"=dword:00000005
    "MMarkingCoef"=dword:00000028
    "MPassingCoef"=dword:00000046
    "MPenaltiesCoef"=dword:00000005
    "MTacklingCoef"=dword:0000003c
    "MTechniqueCoef"=dword:00000032
    "MLeftFootCoef"=dword:00000005
    "MRightFootCoef"=dword:00000005
    "MAggressionCoef"=dword:0000001e
    "MAnticipationCoef"=dword:00000028
    "MBraveryCoef"=dword:0000000a
    "MComposureCoef"=dword:0000000a
    "MConcentrationCoef"=dword:0000000a
    "MConsistencyCoef"=dword:0000000a
    "MCreativityCoef"=dword:0000003c
    "MDecisionsCoef"=dword:0000001e
    "MDeterminationCoef"=dword:0000000a
    "MDirtinessCoef"=dword:fffffffb
    "MFlairCoef"=dword:0000000a
    "MImportantMatchesCoef"=dword:0000000a
    "MInfluenceCoef"=dword:0000000a
    "MOffTheBallCoef"=dword:00000028
    "MPositioningCoef"=dword:00000028
    "MTeamworkCoef"=dword:00000032
    "MWorkRateCoef"=dword:00000032
    "MAccelerationCoef"=dword:00000032
    "MAgilityCoef"=dword:0000000a
    "MBalanceCoef"=dword:0000000a
    "MInjuryPronenessCoef"=dword:fffffffb
    "MJumpingCoef"=dword:00000028
    "MNaturalFitnessCoef"=dword:00000005
    "MPaceCoef"=dword:00000028
    "MStaminaCoef"=dword:0000003c
    "MStrengthCoef"=dword:0000001e
    "MVersatilityCoef"=dword:00000005
    "MAerialAbilityCoef"=dword:00000000
    "MCommandOfAreaCoef"=dword:00000000
    "MCommunicationCoef"=dword:00000000
    "MEccentricityCoef"=dword:00000000
    "MHandlingCoef"=dword:00000000
    "MKickingCoef"=dword:00000000
    "MOneOnOnesCoef"=dword:00000005
    "MReflexesCoef"=dword:00000005
    "MRushingOutCoef"=dword:00000000
    "MTendencyToPunchCoef"=dword:00000000
    "MThrowingCoef"=dword:00000000
    "MAdaptabilityCoef"=dword:00000005
    "MAmbitionCoef"=dword:0000000a
    "MControversyCoef"=dword:fffffffb
    "MLoyalityCoef"=dword:00000005
    "MPressureCoef"=dword:00000005
    "MProfessionalismCoef"=dword:00000005
    "MSportsmanshipCoef"=dword:00000005
    "MTemperamentCoef"=dword:00000005
    "AMWeightCoef"=dword:00000068
    "AMCurrentAbilityCoef"=dword:00000000
    "AMCornersCoef"=dword:0000000a
    "AMCrossingCoef"=dword:0000003c
    "AMDribblingCoef"=dword:00000050
    "AMFinishingCoef"=dword:00000028
    "AMFirstTouchCoef"=dword:0000001e
    "AMFreeKicksCoef"=dword:0000000a
    "AMHeadingCoef"=dword:00000014
    "AMLongShotsCoef"=dword:00000014
    "AMLongThrowsCoef"=dword:00000005
    "AMMarkingCoef"=dword:0000000a
    "AMPassingCoef"=dword:00000064
    "AMPenaltiesCoef"=dword:00000005
    "AMTacklingCoef"=dword:0000000a
    "AMTechniqueCoef"=dword:00000050
    "AMLeftFootCoef"=dword:00000005
    "AMRightFootCoef"=dword:00000005
    "AMAggressionCoef"=dword:0000000a
    "AMAnticipationCoef"=dword:0000001e
    "AMBraveryCoef"=dword:0000000a
    "AMComposureCoef"=dword:0000000a
    "AMConcentrationCoef"=dword:0000000a
    "AMConsistencyCoef"=dword:0000000a
    "AMCreativityCoef"=dword:00000064
    "AMDecisionsCoef"=dword:00000028
    "AMDeterminationCoef"=dword:0000000a
    "AMDirtinessCoef"=dword:fffffffb
    "AMFlairCoef"=dword:00000014
    "AMImportantMatchesCoef"=dword:0000000a
    "AMInfluenceCoef"=dword:0000000a
    "AMOffTheBallCoef"=dword:0000003c
    "AMPositioningCoef"=dword:00000014
    "AMTeamworkCoef"=dword:0000003c
    "AMWorkRateCoef"=dword:00000014
    "AMAccelerationCoef"=dword:0000003c
    "AMAgilityCoef"=dword:0000000a
    "AMBalanceCoef"=dword:0000000a
    "AMInjuryPronenessCoef"=dword:fffffffb
    "AMJumpingCoef"=dword:00000014
    "AMNaturalFitnessCoef"=dword:00000005
    "AMPaceCoef"=dword:0000003c
    "AMStaminaCoef"=dword:0000003c
    "AMStrengthCoef"=dword:00000014
    "AMVersatilityCoef"=dword:00000005
    "AMAerialAbilityCoef"=dword:00000000
    "AMCommandOfAreaCoef"=dword:00000000
    "AMCommunicationCoef"=dword:00000000
    "AMEccentricityCoef"=dword:00000000
    "AMHandlingCoef"=dword:00000000
    "AMKickingCoef"=dword:00000000
    "AMOneOnOnesCoef"=dword:00000005
    "AMReflexesCoef"=dword:00000005
    "AMRushingOutCoef"=dword:00000000
    "AMTendencyToPunchCoef"=dword:00000000
    "AMThrowingCoef"=dword:00000000
    "AMAdaptabilityCoef"=dword:00000005
    "AMAmbitionCoef"=dword:0000000a
    "AMControversyCoef"=dword:fffffffb
    "AMLoyalityCoef"=dword:00000005
    "AMPressureCoef"=dword:00000005
    "AMProfessionalismCoef"=dword:00000005
    "AMSportsmanshipCoef"=dword:00000005
    "AMTemperamentCoef"=dword:00000005
    "WWeightCoef"=dword:00000069
    "WCurrentAbilityCoef"=dword:00000000
    "WCornersCoef"=dword:0000000a
    "WCrossingCoef"=dword:00000064
    "WDribblingCoef"=dword:00000064
    "WFinishingCoef"=dword:0000003c
    "WFirstTouchCoef"=dword:0000001e
    "WFreeKicksCoef"=dword:0000000a
    "WHeadingCoef"=dword:00000014
    "WLongShotsCoef"=dword:00000014
    "WLongThrowsCoef"=dword:00000005
    "WMarkingCoef"=dword:0000000a
    "WPassingCoef"=dword:0000003c
    "WPenaltiesCoef"=dword:00000005
    "WTacklingCoef"=dword:0000000a
    "WTechniqueCoef"=dword:00000050
    "WLeftFootCoef"=dword:00000005
    "WRightFootCoef"=dword:00000005
    "WAggressionCoef"=dword:0000000a
    "WAnticipationCoef"=dword:00000014
    "WBraveryCoef"=dword:0000000a
    "WComposureCoef"=dword:0000000a
    "WConcentrationCoef"=dword:0000000a
    "WConsistencyCoef"=dword:0000000a
    "WCreativityCoef"=dword:0000003c
    "WDecisionsCoef"=dword:00000014
    "WDeterminationCoef"=dword:0000000a
    "WDirtinessCoef"=dword:fffffffb
    "WFlairCoef"=dword:0000000a
    "WImportantMatchesCoef"=dword:00000014
    "WInfluenceCoef"=dword:0000000a
    "WOffTheBallCoef"=dword:0000003c
    "WPositioningCoef"=dword:00000014
    "WTeamworkCoef"=dword:0000001e
    "WWorkRateCoef"=dword:0000001e
    "WAccelerationCoef"=dword:00000050
    "WAgilityCoef"=dword:00000014
    "WBalanceCoef"=dword:0000000a
    "WInjuryPronenessCoef"=dword:fffffffb
    "WJumpingCoef"=dword:00000014
    "WNaturalFitnessCoef"=dword:00000005
    "WPaceCoef"=dword:00000064
    "WStaminaCoef"=dword:0000003c
    "WStrengthCoef"=dword:00000014
    "WVersatilityCoef"=dword:00000005
    "WAerialAbilityCoef"=dword:00000000
    "WCommandOfAreaCoef"=dword:00000000
    "WCommunicationCoef"=dword:00000000
    "WEccentricityCoef"=dword:00000000
    "WHandlingCoef"=dword:00000000
    "WKickingCoef"=dword:00000000
    "WOneOnOnesCoef"=dword:00000005
    "WReflexesCoef"=dword:00000005
    "WRushingOutCoef"=dword:00000000
    "WTendencyToPunchCoef"=dword:00000000
    "WThrowingCoef"=dword:00000000
    "WAdaptabilityCoef"=dword:00000005
    "WAmbitionCoef"=dword:0000000a
    "WControversyCoef"=dword:fffffffb
    "WLoyalityCoef"=dword:00000005
    "WPressureCoef"=dword:00000005
    "WProfessionalismCoef"=dword:00000005
    "WSportsmanshipCoef"=dword:00000005
    "WTemperamentCoef"=dword:00000005
    "FSTWeightCoef"=dword:00000067
    "FSTCurrentAbilityCoef"=dword:00000000
    "FSTCornersCoef"=dword:0000000a
    "FSTCrossingCoef"=dword:0000000a
    "FSTDribblingCoef"=dword:00000050
    "FSTFinishingCoef"=dword:00000064
    "FSTFirstTouchCoef"=dword:00000028
    "FSTFreeKicksCoef"=dword:0000000a
    "FSTHeadingCoef"=dword:00000028
    "FSTLongShotsCoef"=dword:00000014
    "FSTLongThrowsCoef"=dword:00000000
    "FSTMarkingCoef"=dword:00000000
    "FSTPassingCoef"=dword:00000028
    "FSTPenaltiesCoef"=dword:00000005
    "FSTTacklingCoef"=dword:00000000
    "FSTTechniqueCoef"=dword:00000050
    "FSTLeftFootCoef"=dword:00000005
    "FSTRightFootCoef"=dword:00000005
    "FSTAggressionCoef"=dword:0000000a
    "FSTAnticipationCoef"=dword:0000000a
    "FSTBraveryCoef"=dword:0000000a
    "FSTComposureCoef"=dword:0000000a
    "FSTConcentrationCoef"=dword:0000000a
    "FSTConsistencyCoef"=dword:0000000a
    "FSTCreativityCoef"=dword:00000028
    "FSTDecisionsCoef"=dword:0000000a
    "FSTDeterminationCoef"=dword:0000000a
    "FSTDirtinessCoef"=dword:fffffffb
    "FSTFlairCoef"=dword:0000000a
    "FSTImportantMatchesCoef"=dword:0000000a
    "FSTInfluenceCoef"=dword:0000000a
    "FSTOffTheBallCoef"=dword:00000050
    "FSTPositioningCoef"=dword:0000000a
    "FSTTeamworkCoef"=dword:0000000a
    "FSTWorkRateCoef"=dword:0000000a
    "FSTAccelerationCoef"=dword:00000064
    "FSTAgilityCoef"=dword:00000028
    "FSTBalanceCoef"=dword:0000000a
    "FSTInjuryPronenessCoef"=dword:fffffffb
    "FSTJumpingCoef"=dword:00000014
    "FSTNaturalFitnessCoef"=dword:00000005
    "FSTPaceCoef"=dword:00000064
    "FSTStaminaCoef"=dword:00000028
    "FSTStrengthCoef"=dword:00000014
    "FSTVersatilityCoef"=dword:00000005
    "FSTAerialAbilityCoef"=dword:00000000
    "FSTCommandOfAreaCoef"=dword:00000000
    "FSTCommunicationCoef"=dword:00000000
    "FSTEccentricityCoef"=dword:00000000
    "FSTHandlingCoef"=dword:00000000
    "FSTKickingCoef"=dword:00000000
    "FSTOneOnOnesCoef"=dword:00000005
    "FSTReflexesCoef"=dword:00000005
    "FSTRushingOutCoef"=dword:00000000
    "FSTTendencyToPunchCoef"=dword:00000000
    "FSTThrowingCoef"=dword:00000000
    "FSTAdaptabilityCoef"=dword:00000005
    "FSTAmbitionCoef"=dword:0000000a
    "FSTControversyCoef"=dword:fffffffb
    "FSTLoyalityCoef"=dword:00000005
    "FSTPressureCoef"=dword:00000005
    "FSTProfessionalismCoef"=dword:00000005
    "FSTSportsmanshipCoef"=dword:00000005
    "FSTTemperamentCoef"=dword:00000005
    "TSTWeightCoef"=dword:00000067
    "TSTCurrentAbilityCoef"=dword:00000000
    "TSTCornersCoef"=dword:00000000
    "TSTCrossingCoef"=dword:0000000a
    "TSTDribblingCoef"=dword:0000003c
    "TSTFinishingCoef"=dword:00000050
    "TSTFirstTouchCoef"=dword:0000001e
    "TSTFreeKicksCoef"=dword:0000000a
    "TSTHeadingCoef"=dword:00000064
    "TSTLongShotsCoef"=dword:00000014
    "TSTLongThrowsCoef"=dword:00000000
    "TSTMarkingCoef"=dword:00000000
    "TSTPassingCoef"=dword:00000028
    "TSTPenaltiesCoef"=dword:00000005
    "TSTTacklingCoef"=dword:00000000
    "TSTTechniqueCoef"=dword:00000028
    "TSTLeftFootCoef"=dword:00000005
    "TSTRightFootCoef"=dword:00000005
    "TSTAggressionCoef"=dword:00000014
    "TSTAnticipationCoef"=dword:0000000a
    "TSTBraveryCoef"=dword:00000014
    "TSTComposureCoef"=dword:0000000a
    "TSTConcentrationCoef"=dword:0000000a
    "TSTConsistencyCoef"=dword:0000000a
    "TSTCreativityCoef"=dword:00000014
    "TSTDecisionsCoef"=dword:0000000a
    "TSTDeterminationCoef"=dword:0000000a
    "TSTDirtinessCoef"=dword:fffffffb
    "TSTFlairCoef"=dword:0000000a
    "TSTImportantMatchesCoef"=dword:0000000a
    "TSTInfluenceCoef"=dword:0000000a
    "TSTOffTheBallCoef"=dword:00000050
    "TSTPositioningCoef"=dword:00000014
    "TSTTeamworkCoef"=dword:0000000a
    "TSTWorkRateCoef"=dword:0000000a
    "TSTAccelerationCoef"=dword:00000028
    "TSTAgilityCoef"=dword:00000014
    "TSTBalanceCoef"=dword:00000014
    "TSTInjuryPronenessCoef"=dword:fffffffb
    "TSTJumpingCoef"=dword:00000064
    "TSTNaturalFitnessCoef"=dword:00000005
    "TSTPaceCoef"=dword:00000028
    "TSTStaminaCoef"=dword:00000014
    "TSTStrengthCoef"=dword:00000050
    "TSTVersatilityCoef"=dword:00000005
    "TSTAerialAbilityCoef"=dword:00000000
    "TSTCommandOfAreaCoef"=dword:00000000
    "TSTCommunicationCoef"=dword:00000000
    "TSTEccentricityCoef"=dword:00000000
    "TSTHandlingCoef"=dword:00000000
    "TSTKickingCoef"=dword:00000000
    "TSTOneOnOnesCoef"=dword:00000005
    "TSTReflexesCoef"=dword:00000005
    "TSTRushingOutCoef"=dword:00000000
    "TSTTendencyToPunchCoef"=dword:00000000
    "TSTThrowingCoef"=dword:00000000
    "TSTAdaptabilityCoef"=dword:00000005
    "TSTAmbitionCoef"=dword:0000000a
    "TSTControversyCoef"=dword:fffffffb
    "TSTLoyalityCoef"=dword:00000005
    "TSTPressureCoef"=dword:00000005
    "TSTProfessionalismCoef"=dword:00000005
    "TSTSportsmanshipCoef"=dword:00000005
    "TSTTemperamentCoef"=dword:00000005

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00009b76
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000062
    "UniqueID"="44-0140-40FF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000067
    "UniqueID"="44-0140-40FF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
    "1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
    fd
    "2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
    78,d5,ad,68,1b,c8,4a,9b,03
    "3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
    70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
    "1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
    42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
    "2"=hex:58,92,5a,34,3f,c6,a5,c5
    "3"=hex:1c,38,a1,f5,06,54,25,8c,18,fc,be,1c,62,1b,3b,ab,86,42,f1,81,d3,98,17,
    3b,1b,c9,98,e1,90,f0,88,8d,23,fc,2b,f5,2c,20,cd,7c,16,5f,bd,77,8b,9e,26,bb,\
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
    42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
    "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
    63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "10"=hex:59,c8,db,4e,44,81,2c,dd
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:81,20,8f,ab,28,6a,52,9c
    "13"=hex:81,20,8f,ab,28,6a,52,9c
    "14"=hex:81,20,8f,ab,28,6a,52,9c
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:81,20,8f,ab,28,6a,52,9c
    "22"=hex:81,20,8f,ab,28,6a,52,9c
    .
    Completion time: 2010-12-09 20:24:57
    ComboFix-quarantined-files.txt 2010-12-09 20:24

    Pre-Run: 112,273,399,808 bytes free
    Post-Run: 112,363,679,744 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - 5E0EFC9939911D591E570B813800001D
     
  21. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    We'll start with fixing your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  22. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    DDS Log:


    DDS (Ver_10-12-05.01) - NTFSx86
    Run by gary at 9:38:00.67 on 11/12/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.473 [GMT 0:00]

    AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============

    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\gary\Desktop\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.sky.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: AutorunsDisabled - No File
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: Freeserve: {8b68564d-53fd-4293-b80c-993a9f3988ee} -
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [SetDefPrt] c:\program files\brother\brmfl05a\BrStDvPt.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: Search with Freeserve - c:\progra~1\freese~1\fsbar\FSBar.dll/VSearch.htm
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
    IE: {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD}
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab
    DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102070229218
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191600504750
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    ============= SERVICES / DRIVERS ===============

    R? kbeepm;kbeepm
    R? LicCtrlService;LicCtrl Service
    R? SBRE;SBRE
    S? BHDrvx86;BHDrvx86
    S? ccHP;Symantec Hash Provider
    S? EraserUtilRebootDrv;EraserUtilRebootDrv
    S? IDSxpx86;IDSxpx86
    S? NAVENG;NAVENG
    S? NAVEX15;NAVEX15
    S? NIS;Norton Internet Security
    S? SymDS;Symantec Data Store
    S? SymEFA;Symantec Extended File Attributes
    S? SymIRON;Symantec Iron Driver

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-12-09 18:41:11 -------- d-sha-r- C:\cmdcons
    2010-12-09 18:32:40 98816 ----a-w- c:\windows\sed.exe
    2010-12-09 18:32:40 89088 ----a-w- c:\windows\MBR.exe
    2010-12-09 18:32:40 256512 ----a-w- c:\windows\PEV.exe
    2010-12-09 18:32:40 161792 ----a-w- c:\windows\SWREG.exe
    2010-12-05 18:32:04 -------- d-----w- c:\docume~1\gary\applic~1\Malwarebytes
    2010-12-05 18:31:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-05 18:31:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-05 18:31:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-05 18:31:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-30 20:47:59 -------- d-----w- c:\docume~1\gary\locals~1\applic~1\Sports Interactive
    2010-11-29 10:05:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avanquest
    2010-11-29 10:03:45 -------- d-----r- C:\_Backup.RC
    2010-11-29 10:03:42 -------- d-----w- C:\_Backup
    2010-11-29 10:02:12 -------- d-----w- c:\docume~1\gary\applic~1\Avanquest
    2010-11-29 10:02:06 -------- d-----w- c:\program files\common files\AntiVirus
    2010-11-29 10:01:43 -------- d-----w- c:\program files\Avanquest

    ==================== Find3M ====================

    2010-10-26 21:42:24 256 ----a-w- c:\windows\system32\pool.bin
    2010-10-13 13:58:06 1139200 ----a-w- c:\windows\bsdsetup.dll
    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST316002 rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe >>UNKNOWN [0x86FC5BF8]<<
    _asm { MOV EAX, 0x86fc5b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0x86fa2c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F15AB8]
    \Driver\Disk[0x86F88910] -> IRP_MJ_CREATE -> 0x86FC5BF8
    kernel: MBR read successfully
    _asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
    detected disk devices:
    detected hooks:
    \Driver\Disk -> 0x86fc5bf8
    \Driver\iaStor -> 0x86fc5eb0
    user & kernel MBR OK
    Warning: possible MBR rootkit infection !

    ============= FINISH: 9:40:31.89 ===============
     
  23. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    DDS Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/10/2004 19:00:25
    System Uptime: 11/12/2010 09:27:35 (0 hours ago)

    Motherboard: Dell Inc. | | 0J3492
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 145 GiB total, 104.706 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1681: 08/09/2010 23:59:31 - System Checkpoint
    RP1682: 10/09/2010 18:57:00 - System Checkpoint
    RP1683: 12/09/2010 10:54:51 - System Checkpoint
    RP1684: 13/09/2010 14:08:06 - System Checkpoint
    RP1685: 16/09/2010 07:51:47 - Software Distribution Service 3.0
    RP1686: 18/09/2010 07:48:56 - System Checkpoint
    RP1687: 19/09/2010 09:44:25 - System Checkpoint
    RP1688: 24/09/2010 17:53:59 - System Checkpoint
    RP1689: 26/09/2010 09:17:22 - System Checkpoint
    RP1690: 27/09/2010 19:31:36 - System Checkpoint
    RP1691: 28/09/2010 21:54:22 - Software Distribution Service 3.0
    RP1692: 01/10/2010 10:36:45 - System Checkpoint
    RP1693: 02/10/2010 11:23:39 - System Checkpoint
    RP1694: 03/10/2010 12:21:16 - System Checkpoint
    RP1695: 04/10/2010 14:04:52 - System Checkpoint
    RP1696: 06/10/2010 13:32:55 - System Checkpoint
    RP1697: 07/10/2010 21:42:43 - System Checkpoint
    RP1698: 07/10/2010 22:46:30 - Software Distribution Service 3.0
    RP1699: 09/10/2010 08:46:36 - System Checkpoint
    RP1700: 10/10/2010 09:18:25 - System Checkpoint
    RP1701: 13/10/2010 15:35:37 - System Checkpoint
    RP1702: 14/10/2010 16:14:33 - System Checkpoint
    RP1703: 15/10/2010 03:00:22 - Software Distribution Service 3.0
    RP1704: 16/10/2010 11:22:20 - System Checkpoint
    RP1705: 17/10/2010 13:24:27 - System Checkpoint
    RP1706: 20/10/2010 07:43:39 - System Checkpoint
    RP1707: 21/10/2010 19:25:30 - System Checkpoint
    RP1708: 23/10/2010 11:54:19 - System Checkpoint
    RP1709: 24/10/2010 11:58:23 - System Checkpoint
    RP1710: 25/10/2010 18:45:58 - Configured CM4
    RP1711: 26/10/2010 19:30:25 - System Checkpoint
    RP1712: 26/10/2010 22:09:45 - Installed BlackBerry Desktop Software 5.0.1.
    RP1713: 26/10/2010 22:17:03 - Installed Roxio Media Manager
    RP1714: 26/10/2010 22:42:32 - Installed BlackBerry Device Software Updater.
    RP1715: 26/10/2010 22:45:55 - Software Distribution Service 3.0
    RP1716: 27/10/2010 23:01:55 - System Checkpoint
    RP1717: 28/10/2010 03:00:16 - Software Distribution Service 3.0
    RP1718: 28/10/2010 07:15:42 - Software Distribution Service 3.0
    RP1719: 28/10/2010 07:50:35 - Printer Driver Microsoft XPS Document Writer Installed
    RP1720: 30/10/2010 08:26:25 - System Checkpoint
    RP1721: 30/10/2010 15:10:14 - Software Distribution Service 3.0
    RP1722: 31/10/2010 14:15:57 - System Checkpoint
    RP1723: 01/11/2010 18:35:56 - System Checkpoint
    RP1724: 02/11/2010 19:54:57 - System Checkpoint
    RP1725: 04/11/2010 07:20:46 - System Checkpoint
    RP1726: 06/11/2010 09:11:50 - System Checkpoint
    RP1727: 07/11/2010 10:01:19 - System Checkpoint
    RP1728: 08/11/2010 19:10:52 - System Checkpoint
    RP1729: 11/11/2010 08:21:39 - Software Distribution Service 3.0
    RP1730: 13/11/2010 09:43:10 - System Checkpoint
    RP1731: 14/11/2010 10:51:47 - System Checkpoint
    RP1732: 15/11/2010 19:07:38 - System Checkpoint
    RP1733: 20/11/2010 08:43:24 - System Checkpoint
    RP1734: 21/11/2010 09:47:10 - System Checkpoint
    RP1735: 25/11/2010 16:12:34 - System Checkpoint
    RP1736: 26/11/2010 18:43:52 - System Checkpoint
    RP1737: 28/11/2010 09:47:43 - System Checkpoint
    RP1738: 29/11/2010 10:01:28 - Installed Avanquest MergeModules
    RP1739: 29/11/2010 10:01:38 - Installed Fix-It Utilities 10 Professional
    RP1740: 30/11/2010 20:08:54 - Installed DirectX
    RP1741: 04/12/2010 12:39:38 - Removed Fix-It Utilities 10 Professional
    RP1742: 06/12/2010 18:24:23 - System Checkpoint
    RP1743: 09/12/2010 18:33:05 - ComboFix created restore point

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Adobe Shockwave Player 11
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    BlackBerry Desktop Software 5.0.1
    BlackBerry Device Software Updater
    BlackBerry® Media Sync
    Bonjour
    Broadcom Advanced Control Suite 2
    Brother MFL-Pro Suite
    BT Openworld Dell Signup
    CM4
    Dell Media Experience
    Dell Solution Center
    Digimax Master
    DNA
    Football Manager 2010
    Football Manager 2011
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel Application Accelerator
    Intel(R) 537EP V9x DF PCI Modem
    Internet Explorer Default Page
    iPod for Windows 2006-06-28
    iTunes
    J2SE Runtime Environment 5.0 Update 3
    Jasc Paint Shop Pro 8 Dell Edition
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 7
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 7.0
    MobileMe Control Panel
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    OpenOffice.org Installer 1.0
    PaperPort
    Philips Digital Audio Player
    PowerDVD 5.1
    QuickTime
    Roxio Media Manager
    Safari
    SafeCast Shared Components
    Samsung PC Studio
    Samsung PC Studio 3 USB Driver Installer
    Samsung Samples Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shareaza 2.5.2.0
    Sky Broadband
    Steam
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip

    ==== Event Viewer Messages From Past Week ========

    09/12/2010 18:37:13, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
    09/12/2010 18:07:56, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00111137EEB1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    09/12/2010 18:05:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    09/12/2010 18:05:08, error: Service Control Manager [7023] - The COM+ Event System service terminated with the following error: %1 is not a valid Win32 application.
    09/12/2010 18:05:08, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    09/12/2010 18:05:08, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %1 is not a valid Win32 application.
    07/12/2010 18:11:58, error: Service Control Manager [7034] - The IAA Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 18:11:58, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 18:11:58, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 18:11:58, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    07/12/2010 18:11:58, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    05/12/2010 21:54:44, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00111137EEB1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================



    I will now start to do the MBR fix and update with the log.
     
  24. mackayg1

    mackayg1 TS Rookie Topic Starter Posts: 32

    I downloaded NTBR, at first it wouldnt open with me just double clicking as the image error just kept coming up. So i opened it with winrar, then opened the folder with the same name. I double clicked on BurnitCD.cmd then the bad image error shows again

    'DLL c:windows\system32\CLBCATQ.DLL is not a valid windows image' - then after clicking ok afew times it goes and another error message comes up 'windows cannot find 'BurnCDCC.exe' make sure you typed the name correctly, and then try again'.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    You can create that CD on any other working computer, or you can use different approach....

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y".)

    exit

    Reboot computer.

    Post fresh MBRCheck log.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.