I keep receiving a 'bad image' error

Inactive
By mackayg1
Dec 1, 2010
Topic Status:
Not open for further replies.
  1. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    Fresh MBRCheck:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000005d

    Kernel Drivers (total 140):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7BAE000 \WINDOWS\system32\KDCOM.DLL
    0xF7ABE000 \WINDOWS\system32\BOOTVID.dll
    0xF75BA000 sptd.sys
    0xF7BB0000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF75A2000 \WINDOWS\System32\Drivers\SPTD0029.SYS
    0xF7574000 ACPI.sys
    0xF7563000 pci.sys
    0xF76AE000 isapnp.sys
    0xF7C76000 pciide.sys
    0xF792E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF76BE000 MountMgr.sys
    0xF7544000 ftdisk.sys
    0xF7936000 PartMgr.sys
    0xF76CE000 VolSnap.sys
    0xF752C000 atapi.sys
    0xF74B9000 iaStor.sys
    0xF76DE000 disk.sys
    0xF76EE000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF7499000 fltmgr.sys
    0xF7443000 SYMDS.SYS
    0xF7431000 sr.sys
    0xF7404000 SYMEFA.SYS
    0xF76FE000 PxHelp20.sys
    0xF73ED000 KSecDD.sys
    0xF7360000 Ntfs.sys
    0xF7333000 NDIS.sys
    0xF7319000 Mup.sys
    0xF780E000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF5DD8000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
    0xF5DC4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF5D96000 \SystemRoot\System32\DRIVERS\b57xp32.sys
    0xF7A6E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF5D72000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF7A76000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF781E000 \SystemRoot\System32\DRIVERS\IntelC53.sys
    0xF5D4F000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF5C28000 \SystemRoot\System32\DRIVERS\IntelC51.sys
    0xF5B93000 \SystemRoot\System32\DRIVERS\IntelC52.sys
    0xF7A7E000 \SystemRoot\System32\DRIVERS\mohfilt.sys
    0xF7A86000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF5AFD000 \SystemRoot\system32\drivers\smwdm.sys
    0xF5AD9000 \SystemRoot\system32\drivers\portcls.sys
    0xF782E000 \SystemRoot\system32\drivers\drmk.sys
    0xF7BDE000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF7A8E000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF783E000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF7A96000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF5AC5000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF6D82000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF72D0000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF6D72000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF6D62000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF6D52000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF7A9E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7D05000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF7BE0000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF6D42000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF72C4000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF5AAE000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF6D32000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF6D22000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7AA6000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF5A9D000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF6D12000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF7AAE000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF7AB6000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF7946000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF6D02000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF7956000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF7BE2000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF5A3F000 \SystemRoot\System32\DRIVERS\update.sys
    0xF795E000 \SystemRoot\System32\DRIVERS\omci.sys
    0xF72B0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF78EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF790E000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF7BEE000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF7240000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xAE76E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xAEB08000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7C6E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xACE42000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7C64000 \SystemRoot\System32\Drivers\Beep.SYS
    0xAE52A000 \SystemRoot\System32\drivers\vga.sys
    0xF7C66000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xAE522000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xAE51A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xAEB04000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xAAE80000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xAAE27000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xAADD0000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
    0xAADAA000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xAE6D8000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xAAD85000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xAAD2D000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101208.001\IDSxpx86.sys
    0xAAD05000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xAE754000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xAACE3000 \SystemRoot\System32\drivers\afd.sys
    0xAE6C8000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xAACC4000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
    0xAE750000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xAE698000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xAE50A000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xAE502000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA72F8000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
    0xA5ECC000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xA5E52000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xA72E8000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA8031000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xA775D000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xA802D000 \SystemRoot\System32\Drivers\BrScnUsb.sys
    0xA7755000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA5DF4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xA5DD7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xA5D58000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
    0xA5CAC000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
    0xA6DB5000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA5C39000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA7B83000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA6B13000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7DE0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF083000 \SystemRoot\System32\ati3duag.dll
    0xBF257000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAEB0C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xA4BBC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF7BF8000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA4C09000 \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS
    0xA4B14000 \SystemRoot\System32\DRIVERS\srv.sys
    0xACD46000 \SystemRoot\System32\DRIVERS\secdrv.sys
    0xADEF0000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA486E000 \SystemRoot\system32\drivers\kmixer.sys
    0xA4791000 \SystemRoot\system32\drivers\wdmaud.sys
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 40):
    0 System Idle Process
    4 System
    644 C:\WINDOWS\SYSTEM32\smss.exe
    700 csrss.exe
    724 C:\WINDOWS\SYSTEM32\winlogon.exe
    772 C:\WINDOWS\SYSTEM32\services.exe
    784 C:\WINDOWS\SYSTEM32\lsass.exe
    960 C:\WINDOWS\SYSTEM32\ati2evxx.exe
    976 C:\WINDOWS\SYSTEM32\svchost.exe
    1048 svchost.exe
    1144 C:\WINDOWS\SYSTEM32\svchost.exe
    1212 svchost.exe
    1344 svchost.exe
    1480 C:\WINDOWS\SYSTEM32\brsvc01a.exe
    1512 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1520 C:\WINDOWS\SYSTEM32\brss01a.exe
    1764 svchost.exe
    1796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1808 C:\Program Files\Bonjour\mDNSResponder.exe
    1836 C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
    1876 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    1904 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    264 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    460 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    236 C:\WINDOWS\SYSTEM32\svchost.exe
    296 wdfmgr.exe
    352 C:\WINDOWS\SYSTEM32\fxssvc.exe
    804 C:\WINDOWS\SYSTEM32\wuauclt.exe
    2108 wmiprvse.exe
    2288 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    2304 C:\WINDOWS\explorer.exe
    2580 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    2588 C:\Program Files\Dell\Media Experience\PCMService.exe
    2612 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    2644 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    2688 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2696 C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    2708 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    2780 C:\WINDOWS\SYSTEM32\ctfmon.exe
    3068 C:\Documents and Settings\gary\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)

    PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.05

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  2. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Good job :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\SBREdrv.sys
    c:\docume~1\gary\LOCALS~1\Temp\kbeepm.sys
    
    
    Folder::
    c:\program files\Common Files\AntiVirus
    
    
    Driver::
    SBRE
    kbeepm
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  3. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    Combo Fix Log:

    ComboFix 10-12-14.01 - gary 14/12/2010 18:04:42.2.2 - x86
    Running from: c:\documents and settings\gary\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\gary\Desktop\CFScript.txt

    FILE ::
    "c:\docume~1\gary\LOCALS~1\Temp\kbeepm.sys"
    "c:\windows\system32\drivers\SBREdrv.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common Files\AntiVirus
    c:\program files\Common Files\AntiVirus\Definitions\acertdefs0.std
    c:\program files\Common Files\AntiVirus\Definitions\adsrules.dat
    c:\program files\Common Files\AntiVirus\Definitions\AdviceTx.vdx
    c:\program files\Common Files\AntiVirus\Definitions\api0.std
    c:\program files\Common Files\AntiVirus\Definitions\apincl.dat
    c:\program files\Common Files\AntiVirus\Definitions\apprules.dat
    c:\program files\Common Files\AntiVirus\Definitions\bhmem.vtd
    c:\program files\Common Files\AntiVirus\Definitions\bhsl.vtd
    c:\program files\Common Files\AntiVirus\Definitions\bmem.vtd
    c:\program files\Common Files\AntiVirus\Definitions\CatDesc.vdx
    c:\program files\Common Files\AntiVirus\Definitions\CatID.vdx
    c:\program files\Common Files\AntiVirus\Definitions\cblk.vtd
    c:\program files\Common Files\AntiVirus\Definitions\cmem.vtd
    c:\program files\Common Files\AntiVirus\Definitions\cname.wtd
    c:\program files\Common Files\AntiVirus\Definitions\comp0.std
    c:\program files\Common Files\AntiVirus\Definitions\Cookies.vdx
    c:\program files\Common Files\AntiVirus\Definitions\CoreVer.txt
    c:\program files\Common Files\AntiVirus\Definitions\ctid.vtd
    c:\program files\Common Files\AntiVirus\Definitions\defs0.std
    c:\program files\Common Files\AntiVirus\Definitions\DefVer.txt
    c:\program files\Common Files\AntiVirus\Definitions\EPSigs.vdx
    c:\program files\Common Files\AntiVirus\Definitions\FastSigs.vdx
    c:\program files\Common Files\AntiVirus\Definitions\FileDT.vdx
    c:\program files\Common Files\AntiVirus\Definitions\FolderDT.vdx
    c:\program files\Common Files\AntiVirus\Definitions\fsigs.vdx
    c:\program files\Common Files\AntiVirus\Definitions\hcol.wtd
    c:\program files\Common Files\AntiVirus\Definitions\heur0.std
    c:\program files\Common Files\AntiVirus\Definitions\HistoryCleaner.xml
    c:\program files\Common Files\AntiVirus\Definitions\hstn.vtd
    c:\program files\Common Files\AntiVirus\Definitions\idsrules.dat
    c:\program files\Common Files\AntiVirus\Definitions\ih.vdx
    c:\program files\Common Files\AntiVirus\Definitions\IncompatiblePrograms.dll
    c:\program files\Common Files\AntiVirus\Definitions\incompats.dat
    c:\program files\Common Files\AntiVirus\Definitions\ip.vtd
    c:\program files\Common Files\AntiVirus\Definitions\JSSigs.vdx
    c:\program files\Common Files\AntiVirus\Definitions\kbu.dat
    c:\program files\Common Files\AntiVirus\Definitions\kbu.dll
    c:\program files\Common Files\AntiVirus\Definitions\lgpl.dll
    c:\program files\Common Files\AntiVirus\Definitions\lib7zip.dll
    c:\program files\Common Files\AntiVirus\Definitions\libBase64.dll
    c:\program files\Common Files\AntiVirus\Definitions\libCHM.dll
    c:\program files\Common Files\AntiVirus\Definitions\LIBEMAIL.DLL
    c:\program files\Common Files\AntiVirus\Definitions\libMsi.dll
    c:\program files\Common Files\AntiVirus\Definitions\libNSIS.dll
    c:\program files\Common Files\AntiVirus\Definitions\Libolea.dll
    c:\program files\Common Files\AntiVirus\Definitions\libRar.dll
    c:\program files\Common Files\AntiVirus\Definitions\LIBTD.DLL
    c:\program files\Common Files\AntiVirus\Definitions\libVvs.dll
    c:\program files\Common Files\AntiVirus\Definitions\libZip.dll
    c:\program files\Common Files\AntiVirus\Definitions\macroptn.std
    c:\program files\Common Files\AntiVirus\Definitions\MFastSigs.vdx
    c:\program files\Common Files\AntiVirus\Definitions\mime0.std
    c:\program files\Common Files\AntiVirus\Definitions\networkrules.dat
    c:\program files\Common Files\AntiVirus\Definitions\pack0.std
    c:\program files\Common Files\AntiVirus\Definitions\patchw32.dll
    c:\program files\Common Files\AntiVirus\Definitions\qscnf.vdx
    c:\program files\Common Files\AntiVirus\Definitions\qscnr.vdx
    c:\program files\Common Files\AntiVirus\Definitions\RegDT.vdx
    c:\program files\Common Files\AntiVirus\Definitions\rem0.std
    c:\program files\Common Files\AntiVirus\Definitions\remediation.dll
    c:\program files\Common Files\AntiVirus\Definitions\RootCA.wtd
    c:\program files\Common Files\AntiVirus\Definitions\RTmem.vdx
    c:\program files\Common Files\AntiVirus\Definitions\SBFC.dat
    c:\program files\Common Files\AntiVirus\Definitions\SBSP.dat
    c:\program files\Common Files\AntiVirus\Definitions\SBTS.dat
    c:\program files\Common Files\AntiVirus\Definitions\SBWL.dat
    c:\program files\Common Files\AntiVirus\Definitions\script0.std
    c:\program files\Common Files\AntiVirus\Definitions\sdll0.std
    c:\program files\Common Files\AntiVirus\Definitions\sel.dat
    c:\program files\Common Files\AntiVirus\Definitions\smim0.std
    c:\program files\Common Files\AntiVirus\Definitions\ThreatCategoryGlossary.xml
    c:\program files\Common Files\AntiVirus\Definitions\ThreatCategoryGlossary.xsd
    c:\program files\Common Files\AntiVirus\Definitions\ThreatDT.vdx
    c:\program files\Common Files\AntiVirus\Definitions\ThreatID.vdx
    c:\program files\Common Files\AntiVirus\Definitions\TImem.vdx
    c:\program files\Common Files\AntiVirus\Definitions\unpck0.std
    c:\program files\Common Files\AntiVirus\Definitions\vcore.dll
    c:\program files\Common Files\AntiVirus\Definitions\VVSSigs.vdx
    c:\program files\Common Files\AntiVirus\Definitions\white.wtd
    c:\program files\Common Files\AntiVirus\Definitions\white0.std
    c:\program files\Common Files\AntiVirus\Definitions\whmem.wtd
    c:\program files\Common Files\AntiVirus\Definitions\whsl.wtd
    c:\program files\Common Files\AntiVirus\Definitions\wmem.wtd
    c:\program files\Common Files\AntiVirus\SBAMConfig.bin

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_KBEEPM
    -------\Legacy_SBRE
    -------\Service_kbeepm
    -------\Service_SBRE


    ((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
    .

    2010-12-05 18:32 . 2010-12-05 18:32 -------- d-----w- c:\documents and settings\gary\Application Data\Malwarebytes
    2010-12-05 18:31 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-05 18:31 . 2010-12-05 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-05 18:31 . 2010-12-05 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-05 18:31 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-30 20:47 . 2010-11-30 20:47 -------- d-----w- c:\documents and settings\gary\Local Settings\Application Data\Sports Interactive
    2010-11-29 12:26 . 2010-11-29 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
    2010-11-29 10:08 . 2010-11-29 10:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
    2010-11-29 10:05 . 2010-11-29 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest
    2010-11-29 10:03 . 2010-12-04 12:39 -------- d-----w- C:\_Backup
    2010-11-29 10:02 . 2010-11-29 10:52 -------- d-----w- c:\documents and settings\gary\Application Data\Avanquest
    2010-11-29 10:01 . 2010-11-29 10:01 -------- d-----w- c:\program files\Avanquest

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-26 21:42 . 2010-10-26 21:42 53248 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}\ARPPRODUCTICON.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\DesktopMgr.exe
    2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
    2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
    2010-10-13 13:58 . 2010-10-04 17:44 1139200 ----a-w- c:\windows\bsdsetup.dll
    2010-09-18 11:23 . 2002-08-29 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2002-08-29 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2002-08-29 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2002-08-29 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\gary\Start Menu\Programs\Startup\AutorunsDisabled
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-7-23 1819992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
    Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-7-15 802816]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=

    R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2006-11-09 2560]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2005-12-27 664064]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-04 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-21 102448]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101210.001\IDSxpx86.sys [2010-11-09 341944]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2010-12-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - doreen.job
    - c:\program files\Norton Internet Security\Engine\17.8.0.5\navw32.exe [2010-09-24 19:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sky.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: Search with Freeserve - c:\progra~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
    IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD}
    DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-14 18:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST316002 rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe >>UNKNOWN [0x867C7B78]<<
    _asm { MOV EAX, 0x867c7a98; XCHG [ESP], EAX; PUSH EAX; PUSH 0x867a1a74; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8677EAB8]
    \Driver\Disk[0x8674F910] -> IRP_MJ_CREATE -> 0x867C7B78
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\Disk -> 0x867c7b78
    \Driver\iaStor -> 0x867c7e30
    user & kernel MBR OK
    Warning: possible MBR rootkit infection !

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 10]
    "GameDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010"
    "SaveDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\"
    "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
    "LastSaveGame"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\Port Vale.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00009e3e
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000074
    "UniqueID"="44-0140-40FF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "HistoryDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\FM Genie Scout 10\\History Points"

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinID"=dword:00000001
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000000
    "WindowState"=dword:00000000
    "WindowHeight"=dword:000002e2
    "WindowWidth"=dword:000003fc
    "WindowLeft"=dword:00000042
    "WindowTop"=dword:0000003f
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "Currency"=dword:00000056

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000032
    "Position4"=dword:00000004
    "Visible4"=dword:00000001
    "Width4"=dword:00000032
    "Position5"=dword:00000005
    "Visible5"=dword:00000001
    "Width5"=dword:00000050
    "Position6"=dword:00000006
    "Visible6"=dword:00000001
    "Width6"=dword:00000050
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000002d
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000001e
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000001e
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000001e
    "Position13"=dword:0000000d
    "Visible13"=dword:00000001
    "Width13"=dword:0000003c
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000032
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:00000032
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000032
    "Position17"=dword:00000011
    "Visible17"=dword:00000001
    "Width17"=dword:00000050
    "Position18"=dword:00000012
    "Visible18"=dword:00000001
    "Width18"=dword:00000050
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000037
    "Position4"=dword:00000008
    "Visible4"=dword:00000001
    "Width4"=dword:00000023
    "Position5"=dword:00000009
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:0000000a
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:0000000c
    "Visible7"=dword:00000001
    "Width7"=dword:0000004b
    "Position8"=dword:0000000d
    "Visible8"=dword:00000001
    "Width8"=dword:0000004b
    "Position9"=dword:0000000e
    "Visible9"=dword:00000001
    "Width9"=dword:00000050
    "Position10"=dword:0000000f
    "Visible10"=dword:00000000
    "Width10"=dword:00000050
    "Position11"=dword:00000010
    "Visible11"=dword:00000000
    "Width11"=dword:0000004b
    "Position12"=dword:00000011
    "Visible12"=dword:00000000
    "Width12"=dword:0000002d
    "Position13"=dword:00000012
    "Visible13"=dword:00000000
    "Width13"=dword:0000003c
    "Position14"=dword:00000013
    "Visible14"=dword:00000000
    "Width14"=dword:0000004b
    "Position15"=dword:00000014
    "Visible15"=dword:00000000
    "Width15"=dword:00000064
    "Position16"=dword:00000015
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000016
    "Visible17"=dword:00000000
    "Width17"=dword:0000004b
    "Position18"=dword:00000017
    "Visible18"=dword:00000000
    "Width18"=dword:00000064
    "Position19"=dword:00000018
    "Visible19"=dword:00000000
    "Width19"=dword:0000003c
    "Position20"=dword:00000019
    "Visible20"=dword:00000000
    "Width20"=dword:0000004b
    "Position21"=dword:0000001a
    "Visible21"=dword:00000000
    "Width21"=dword:00000050
    "Position22"=dword:0000001b
    "Visible22"=dword:00000000
    "Width22"=dword:00000073
    "Position23"=dword:0000001c
    "Visible23"=dword:00000000
    "Width23"=dword:00000050
    "Position24"=dword:0000001d
    "Visible24"=dword:00000000
    "Width24"=dword:0000005a
    "Position25"=dword:0000001e
    "Visible25"=dword:00000000
    "Width25"=dword:0000006e
    "Position26"=dword:0000001f
    "Visible26"=dword:00000000
    "Width26"=dword:00000064
    "Position27"=dword:00000020
    "Visible27"=dword:00000000
    "Width27"=dword:00000087
    "Position28"=dword:00000021
    "Visible28"=dword:00000000
    "Width28"=dword:00000064
    "Position29"=dword:00000022
    "Visible29"=dword:00000000
    "Width29"=dword:00000064
    "Position30"=dword:00000023
    "Visible30"=dword:00000000
    "Width30"=dword:00000046
    "Position31"=dword:00000024
    "Visible31"=dword:00000000
    "Width31"=dword:0000004b
    "Position32"=dword:00000025
    "Visible32"=dword:00000000
    "Width32"=dword:00000046
    "Position33"=dword:00000026
    "Visible33"=dword:00000000
    "Width33"=dword:0000004b
    "Position34"=dword:00000027
    "Visible34"=dword:00000000
    "Width34"=dword:0000003c
    "Position35"=dword:00000028
    "Visible35"=dword:00000000
    "Width35"=dword:00000064
    "Position36"=dword:00000029
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:0000002a
    "Visible37"=dword:00000000
    "Width37"=dword:0000005f
    "Position38"=dword:0000002b
    "Visible38"=dword:00000000
    "Width38"=dword:00000091
    "Position39"=dword:0000002c
    "Visible39"=dword:00000000
    "Width39"=dword:0000003c
    "Position40"=dword:0000002d
    "Visible40"=dword:00000000
    "Width40"=dword:0000005a
    "Position41"=dword:0000002e
    "Visible41"=dword:00000000
    "Width41"=dword:00000041
    "Position42"=dword:0000002f
    "Visible42"=dword:00000000
    "Width42"=dword:00000050
    "Position43"=dword:00000030
    "Visible43"=dword:00000000
    "Width43"=dword:00000055
    "Position44"=dword:00000031
    "Visible44"=dword:00000000
    "Width44"=dword:0000005f
    "Position45"=dword:00000032
    "Visible45"=dword:00000000
    "Width45"=dword:00000050
    "Position46"=dword:00000033
    "Visible46"=dword:00000000
    "Width46"=dword:0000004b
    "Position47"=dword:00000034
    "Visible47"=dword:00000000
    "Width47"=dword:0000004b
    "Position48"=dword:00000035
    "Visible48"=dword:00000000
    "Width48"=dword:00000046
    "Position49"=dword:00000036
    "Visible49"=dword:00000000
    "Width49"=dword:00000032
    "Position50"=dword:00000037
    "Visible50"=dword:00000000
    "Width50"=dword:0000003c
    "Position51"=dword:00000038
    "Visible51"=dword:00000000
    "Width51"=dword:0000004b
    "Position52"=dword:00000039
    "Visible52"=dword:00000000
    "Width52"=dword:0000003c
    "Position53"=dword:0000003a
    "Visible53"=dword:00000000
    "Width53"=dword:00000037
    "Position54"=dword:0000003b
    "Visible54"=dword:00000000
    "Width54"=dword:00000069
    "Position55"=dword:0000003c
    "Visible55"=dword:00000000
    "Width55"=dword:0000005a
    "Position56"=dword:0000003d
    "Visible56"=dword:00000000
    "Width56"=dword:0000004b
    "Position57"=dword:0000003e
    "Visible57"=dword:00000000
    "Width57"=dword:0000004b
    "Position58"=dword:0000003f
    "Visible58"=dword:00000000
    "Width58"=dword:00000037
    "Position59"=dword:00000040
    "Visible59"=dword:00000000
    "Width59"=dword:0000003c
    "Position60"=dword:00000041
    "Visible60"=dword:00000000
    "Width60"=dword:0000003c
    "Position61"=dword:00000042
    "Visible61"=dword:00000000
    "Width61"=dword:00000041
    "Position62"=dword:00000043
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:00000044
    "Visible63"=dword:00000000
    "Width63"=dword:0000003c
    "Position64"=dword:00000045
    "Visible64"=dword:00000000
    "Width64"=dword:0000003c
    "Position65"=dword:00000046
    "Visible65"=dword:00000000
    "Width65"=dword:0000004b
    "Position66"=dword:00000047
    "Visible66"=dword:00000000
    "Width66"=dword:0000003c
    "Position67"=dword:00000048
    "Visible67"=dword:00000000
    "Width67"=dword:00000046
    "Position68"=dword:00000049
    "Visible68"=dword:00000000
    "Width68"=dword:00000028
    "Position69"=dword:0000004a
    "Visible69"=dword:00000000
    "Width69"=dword:00000041
    "Position70"=dword:0000004b
    "Visible70"=dword:00000000
    "Width70"=dword:0000003c
    "Position71"=dword:0000004c
    "Visible71"=dword:00000000
    "Width71"=dword:00000069
    "Position72"=dword:0000004d
    "Visible72"=dword:00000000
    "Width72"=dword:00000041
    "Position73"=dword:0000004e
    "Visible73"=dword:00000000
    "Width73"=dword:0000005f
    "Position74"=dword:0000004f
    "Visible74"=dword:00000000
    "Width74"=dword:0000003c
    "Position75"=dword:00000050
    "Visible75"=dword:00000000
    "Width75"=dword:00000037
    "Position76"=dword:00000051
    "Visible76"=dword:00000000
    "Width76"=dword:0000004b
    "Position77"=dword:00000052
    "Visible77"=dword:00000000
    "Width77"=dword:00000050
    "Position78"=dword:00000053
    "Visible78"=dword:00000000
    "Width78"=dword:00000037
    "Position79"=dword:00000054
    "Visible79"=dword:00000000
    "Width79"=dword:00000037
    "Position80"=dword:00000055
    "Visible80"=dword:00000000
    "Width80"=dword:0000005a
    "Position81"=dword:00000056
    "Visible81"=dword:00000000
    "Width81"=dword:0000004b
    "Position82"=dword:00000057
    "Visible82"=dword:00000000
    "Width82"=dword:00000055
    "Position83"=dword:00000058
    "Visible83"=dword:00000000
    "Width83"=dword:0000002d
    "Position84"=dword:00000059
    "Visible84"=dword:00000000
    "Width84"=dword:00000037
    "Position85"=dword:0000005a
    "Visible85"=dword:00000000
    "Width85"=dword:0000003c
    "Position86"=dword:0000005b
    "Visible86"=dword:00000000
    "Width86"=dword:00000046
    "Position87"=dword:0000005c
    "Visible87"=dword:00000000
    "Width87"=dword:0000003c
    "Position88"=dword:0000005d
    "Visible88"=dword:00000000
    "Width88"=dword:0000005a
    "Position89"=dword:0000005e
    "Visible89"=dword:00000000
    "Width89"=dword:0000003c
    "Position90"=dword:0000005f
    "Visible90"=dword:00000000
    "Width90"=dword:00000050
    "Position91"=dword:00000060
    "Visible91"=dword:00000000
    "Width91"=dword:00000046
    "Position92"=dword:00000061
    "Visible92"=dword:00000000
    "Width92"=dword:0000005a
    "Position93"=dword:00000062
    "Visible93"=dword:00000000
    "Width93"=dword:00000037
    "Position94"=dword:00000063
    "Visible94"=dword:00000000
    "Width94"=dword:0000003c
    "Position95"=dword:00000064
    "Visible95"=dword:00000000
    "Width95"=dword:0000003c
    "Position96"=dword:00000065
    "Visible96"=dword:00000000
    "Width96"=dword:00000046
    "Position97"=dword:00000066
    "Visible97"=dword:00000000
    "Width97"=dword:00000046
    "Position98"=dword:00000067
    "Visible98"=dword:00000000
    "Width98"=dword:00000055
    "Position99"=dword:00000068
    "Visible99"=dword:00000000
    "Width99"=dword:00000073
    "Position100"=dword:00000069
    "Visible100"=dword:00000000
    "Width100"=dword:00000041
    "Position101"=dword:0000006a
    "Visible101"=dword:00000000
    "Width101"=dword:0000003c
    "Position102"=dword:0000006b
    "Visible102"=dword:00000000
    "Width102"=dword:0000003c
    "Position103"=dword:0000006c
    "Visible103"=dword:00000000
    "Width103"=dword:00000046
    "Position104"=dword:0000006d
    "Visible104"=dword:00000000
    "Width104"=dword:0000003c
    "Position105"=dword:0000006e
    "Visible105"=dword:00000000
    "Width105"=dword:00000041
    "Position106"=dword:0000006f
    "Visible106"=dword:00000001
    "Width106"=dword:00000050
    "Position107"=dword:0000000b
    "Visible107"=dword:00000001
    "Width107"=dword:00000028
    "Position108"=dword:00000070
    "Visible108"=dword:00000000
    "Width108"=dword:00000050
    "Position109"=dword:00000071
    "Visible109"=dword:00000000
    "Width109"=dword:00000050
    "Position110"=dword:00000072
    "Visible110"=dword:00000000
    "Width110"=dword:00000055
    "Position111"=dword:00000073
    "Visible111"=dword:00000000
    "Width111"=dword:00000082
    "Position112"=dword:00000074
    "Visible112"=dword:00000000
    "Width112"=dword:00000087
    "Position113"=dword:00000075
    "Visible113"=dword:00000000
    "Width113"=dword:0000000a
    "Position114"=dword:00000076
    "Visible114"=dword:00000000
    "Width114"=dword:0000000a
    "Position115"=dword:00000077
    "Visible115"=dword:00000000
    "Width115"=dword:00000072
    "Position116"=dword:00000078
    "Visible116"=dword:00000000
    "Width116"=dword:0000000a
    "Position117"=dword:00000079
    "Visible117"=dword:00000000
    "Width117"=dword:0000000a
    "Position118"=dword:0000007a
    "Visible118"=dword:00000000
    "Width118"=dword:0000000a
    "Position119"=dword:0000007b
    "Visible119"=dword:00000000
    "Width119"=dword:0000000a
    "Position120"=dword:0000007c
    "Visible120"=dword:00000000
    "Width120"=dword:0000000a
    "Position121"=dword:0000007d
    "Visible121"=dword:00000000
    "Width121"=dword:0000000a
    "Position122"=dword:0000007e
    "Visible122"=dword:00000000
    "Width122"=dword:0000000a
    "Position123"=dword:0000007f
    "Visible123"=dword:00000000
    "Width123"=dword:0000000a
    "Position124"=dword:00000080
    "Visible124"=dword:00000000
    "Width124"=dword:0000000a
    "Position125"=dword:00000081
    "Visible125"=dword:00000000
    "Width125"=dword:0000000a
    "Position126"=dword:00000082
    "Visible126"=dword:00000000
    "Width126"=dword:0000000a
    "Position127"=dword:00000083
    "Visible127"=dword:00000000
    "Width127"=dword:0000000a
    "Position128"=dword:00000084
    "Visible128"=dword:00000000
    "Width128"=dword:0000000a
    "Position129"=dword:00000085
    "Visible129"=dword:00000000
    "Width129"=dword:0000000a
    "Position130"=dword:00000086
    "Visible130"=dword:00000000
    "Width130"=dword:0000000a
    "Position131"=dword:00000087
    "Visible131"=dword:00000000
    "Width131"=dword:0000000a
    "Position132"=dword:00000088
    "Visible132"=dword:00000000
    "Width132"=dword:0000000a
    "Position133"=dword:00000089
    "Visible133"=dword:00000000
    "Width133"=dword:0000000a
    "Position134"=dword:0000008a
    "Visible134"=dword:00000000
    "Width134"=dword:0000000a
    "Position135"=dword:0000008b
    "Visible135"=dword:00000000
    "Width135"=dword:0000000a
    "Position136"=dword:0000008c
    "Visible136"=dword:00000000
    "Width136"=dword:0000000a
    "Position137"=dword:0000008d
    "Visible137"=dword:00000000
    "Width137"=dword:0000000a
    "Position138"=dword:0000008e
    "Visible138"=dword:00000000
    "Width138"=dword:0000000a
    "Position139"=dword:0000008f
    "Visible139"=dword:00000000
    "Width139"=dword:0000000a
    "Position140"=dword:00000090
    "Visible140"=dword:00000000
    "Width140"=dword:0000000a
    "Position141"=dword:00000091
    "Visible141"=dword:00000000
    "Width141"=dword:0000000a
    "Position142"=dword:00000092
    "Visible142"=dword:00000000
    "Width142"=dword:0000000a
    "Position143"=dword:00000093
    "Visible143"=dword:00000000
    "Width143"=dword:0000000a
    "Position144"=dword:00000094
    "Visible144"=dword:00000000
    "Width144"=dword:0000000a
    "Position145"=dword:00000095
    "Visible145"=dword:00000000
    "Width145"=dword:00000050
    "Position146"=dword:00000004
    "Visible146"=dword:00000000
    "Width146"=dword:00000037
    "Position147"=dword:00000005
    "Visible147"=dword:00000000
    "Width147"=dword:00000028
    "Position148"=dword:00000006
    "Visible148"=dword:00000000
    "Width148"=dword:00000037
    "Position149"=dword:00000007
    "Visible149"=dword:00000001
    "Width149"=dword:00000028
  4. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    continued:

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000069
    "Position4"=dword:00000005
    "Visible4"=dword:00000001
    "Width4"=dword:00000028
    "Position5"=dword:00000006
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:00000004
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000004b
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000002d
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000003c
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000004b
    "Position13"=dword:0000000d
    "Visible13"=dword:00000000
    "Width13"=dword:00000064
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000064
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:0000004b
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000011
    "Visible17"=dword:00000000
    "Width17"=dword:0000003c
    "Position18"=dword:00000012
    "Visible18"=dword:00000000
    "Width18"=dword:0000004b
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050
    "Position20"=dword:00000014
    "Visible20"=dword:00000000
    "Width20"=dword:00000046
    "Position21"=dword:00000015
    "Visible21"=dword:00000000
    "Width21"=dword:0000004b
    "Position22"=dword:00000016
    "Visible22"=dword:00000000
    "Width22"=dword:00000046
    "Position23"=dword:00000017
    "Visible23"=dword:00000000
    "Width23"=dword:00000046
    "Position24"=dword:00000018
    "Visible24"=dword:00000000
    "Width24"=dword:0000003c
    "Position25"=dword:00000019
    "Visible25"=dword:00000000
    "Width25"=dword:00000041
    "Position26"=dword:0000001a
    "Visible26"=dword:00000000
    "Width26"=dword:0000003c
    "Position27"=dword:0000001b
    "Visible27"=dword:00000000
    "Width27"=dword:00000055
    "Position28"=dword:0000001c
    "Visible28"=dword:00000000
    "Width28"=dword:00000069
    "Position29"=dword:0000001d
    "Visible29"=dword:00000000
    "Width29"=dword:0000006e
    "Position30"=dword:0000001e
    "Visible30"=dword:00000000
    "Width30"=dword:00000064
    "Position31"=dword:0000001f
    "Visible31"=dword:00000000
    "Width31"=dword:00000078
    "Position32"=dword:00000020
    "Visible32"=dword:00000000
    "Width32"=dword:00000064
    "Position33"=dword:00000021
    "Visible33"=dword:00000000
    "Width33"=dword:00000087
    "Position34"=dword:00000022
    "Visible34"=dword:00000000
    "Width34"=dword:00000069
    "Position35"=dword:00000023
    "Visible35"=dword:00000000
    "Width35"=dword:0000006e
    "Position36"=dword:00000024
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000025
    "Visible37"=dword:00000000
    "Width37"=dword:0000004b
    "Position38"=dword:00000026
    "Visible38"=dword:00000000
    "Width38"=dword:0000002d
    "Position39"=dword:00000027
    "Visible39"=dword:00000000
    "Width39"=dword:00000055
    "Position40"=dword:00000028
    "Visible40"=dword:00000000
    "Width40"=dword:00000046
    "Position41"=dword:00000029
    "Visible41"=dword:00000000
    "Width41"=dword:0000004b
    "Position42"=dword:0000002a
    "Visible42"=dword:00000000
    "Width42"=dword:0000003c
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000046
    "Position44"=dword:0000002c
    "Visible44"=dword:00000000
    "Width44"=dword:00000073
    "Position45"=dword:0000002d
    "Visible45"=dword:00000000
    "Width45"=dword:0000004b
    "Position46"=dword:0000002e
    "Visible46"=dword:00000000
    "Width46"=dword:00000073
    "Position47"=dword:0000002f
    "Visible47"=dword:00000000
    "Width47"=dword:0000007d
    "Position48"=dword:00000030
    "Visible48"=dword:00000000
    "Width48"=dword:0000006e
    "Position49"=dword:00000031
    "Visible49"=dword:00000000
    "Width49"=dword:00000037
    "Position50"=dword:00000032
    "Visible50"=dword:00000000
    "Width50"=dword:00000064
    "Position51"=dword:00000033
    "Visible51"=dword:00000000
    "Width51"=dword:00000037
    "Position52"=dword:00000034
    "Visible52"=dword:00000000
    "Width52"=dword:0000004b
    "Position53"=dword:00000035
    "Visible53"=dword:00000000
    "Width53"=dword:00000046
    "Position54"=dword:00000036
    "Visible54"=dword:00000000
    "Width54"=dword:00000037
    "Position55"=dword:00000037
    "Visible55"=dword:00000000
    "Width55"=dword:0000003c
    "Position56"=dword:00000038
    "Visible56"=dword:00000000
    "Width56"=dword:00000055
    "Position57"=dword:00000039
    "Visible57"=dword:00000000
    "Width57"=dword:0000003c
    "Position58"=dword:0000003a
    "Visible58"=dword:00000000
    "Width58"=dword:0000003c
    "Position59"=dword:0000003b
    "Visible59"=dword:00000000
    "Width59"=dword:00000055
    "Position60"=dword:0000003c
    "Visible60"=dword:00000000
    "Width60"=dword:00000046
    "Position61"=dword:0000003d
    "Visible61"=dword:00000000
    "Width61"=dword:0000004b
    "Position62"=dword:0000003e
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000003f
    "Visible63"=dword:00000000
    "Width63"=dword:0000005a
    "Position64"=dword:00000040
    "Visible64"=dword:00000000
    "Width64"=dword:0000006e
    "Position65"=dword:00000041
    "Visible65"=dword:00000000
    "Width65"=dword:00000050
    "Position66"=dword:00000042
    "Visible66"=dword:00000000
    "Width66"=dword:00000032
    "Position67"=dword:00000043
    "Visible67"=dword:00000000
    "Width67"=dword:00000064
    "Position68"=dword:00000044
    "Visible68"=dword:00000000
    "Width68"=dword:0000004b
    "Position69"=dword:00000045
    "Visible69"=dword:00000000
    "Width69"=dword:0000002d
    "Position70"=dword:00000046
    "Visible70"=dword:00000000
    "Width70"=dword:0000004b
    "Position71"=dword:00000047
    "Visible71"=dword:00000000
    "Width71"=dword:0000005a
    "Position72"=dword:00000048
    "Visible72"=dword:00000000
    "Width72"=dword:0000005a
    "Position73"=dword:00000049
    "Visible73"=dword:00000000
    "Width73"=dword:00000050
    "Position74"=dword:0000004a
    "Visible74"=dword:00000000
    "Width74"=dword:0000004b
    "Position75"=dword:0000004b
    "Visible75"=dword:00000000
    "Width75"=dword:00000050
    "Position76"=dword:0000004c
    "Visible76"=dword:00000000
    "Width76"=dword:0000005a
    "Position77"=dword:0000004d
    "Visible77"=dword:00000000
    "Width77"=dword:00000041
    "Position78"=dword:0000004e
    "Visible78"=dword:00000000
    "Width78"=dword:00000041
    "Position79"=dword:0000004f
    "Visible79"=dword:00000000
    "Width79"=dword:00000041
    "Position80"=dword:00000050
    "Visible80"=dword:00000000
    "Width80"=dword:00000041
    "Position81"=dword:00000051
    "Visible81"=dword:00000000
    "Width81"=dword:00000041
    "Position82"=dword:00000052
    "Visible82"=dword:00000000
    "Width82"=dword:00000041
    "Position83"=dword:00000053
    "Visible83"=dword:00000000
    "Width83"=dword:00000041
    "Position84"=dword:00000054
    "Visible84"=dword:00000000
    "Width84"=dword:00000041
    "Position85"=dword:00000055
    "Visible85"=dword:00000000
    "Width85"=dword:00000041
    "Position86"=dword:00000056
    "Visible86"=dword:00000000
    "Width86"=dword:00000050

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
    "GKWeightCoef"=dword:00000064
    "GKCurrentAbilityCoef"=dword:00000000
    "GKCornersCoef"=dword:00000000
    "GKCrossingCoef"=dword:00000000
    "GKDribblingCoef"=dword:00000000
    "GKFinishingCoef"=dword:00000000
    "GKFirstTouchCoef"=dword:00000000
    "GKFreeKicksCoef"=dword:00000000
    "GKHeadingCoef"=dword:00000000
    "GKLongShotsCoef"=dword:00000000
    "GKLongThrowsCoef"=dword:00000000
    "GKMarkingCoef"=dword:00000000
    "GKPassingCoef"=dword:00000000
    "GKPenaltiesCoef"=dword:00000000
    "GKTacklingCoef"=dword:00000005
    "GKTechniqueCoef"=dword:00000000
    "GKLeftFootCoef"=dword:00000000
    "GKRightFootCoef"=dword:00000000
    "GKAggressionCoef"=dword:0000000a
    "GKAnticipationCoef"=dword:00000005
    "GKBraveryCoef"=dword:00000014
    "GKComposureCoef"=dword:00000014
    "GKConcentrationCoef"=dword:0000000a
    "GKConsistencyCoef"=dword:0000000a
    "GKCreativityCoef"=dword:00000000
    "GKDecisionsCoef"=dword:00000014
    "GKDeterminationCoef"=dword:0000000a
    "GKDirtinessCoef"=dword:fffffffb
    "GKFlairCoef"=dword:00000000
    "GKImportantMatchesCoef"=dword:0000000a
    "GKInfluenceCoef"=dword:0000000a
    "GKOffTheBallCoef"=dword:00000000
    "GKPositioningCoef"=dword:00000050
    "GKTeamworkCoef"=dword:00000005
    "GKWorkRateCoef"=dword:00000000
    "GKAccelerationCoef"=dword:00000005
    "GKAgilityCoef"=dword:0000000a
    "GKBalanceCoef"=dword:0000000a
    "GKInjuryPronenessCoef"=dword:fffffffb
    "GKJumpingCoef"=dword:00000050
    "GKNaturalFitnessCoef"=dword:00000005
    "GKPaceCoef"=dword:00000000
    "GKStaminaCoef"=dword:00000000
    "GKStrengthCoef"=dword:0000000a
    "GKVersatilityCoef"=dword:00000000
    "GKAerialAbilityCoef"=dword:00000032
    "GKCommandOfAreaCoef"=dword:00000014
    "GKCommunicationCoef"=dword:00000032
    "GKEccentricityCoef"=dword:ffffffec
    "GKHandlingCoef"=dword:00000064
    "GKKickingCoef"=dword:0000000a
    "GKOneOnOnesCoef"=dword:00000032
    "GKReflexesCoef"=dword:00000064
    "GKRushingOutCoef"=dword:00000014
    "GKTendencyToPunchCoef"=dword:fffffff6
    "GKThrowingCoef"=dword:0000000a
    "GKAdaptabilityCoef"=dword:00000005
    "GKAmbitionCoef"=dword:0000000a
    "GKControversyCoef"=dword:fffffffb
    "GKLoyalityCoef"=dword:00000005
    "GKPressureCoef"=dword:00000005
    "GKProfessionalismCoef"=dword:00000005
    "GKSportsmanshipCoef"=dword:00000005
    "GKTemperamentCoef"=dword:00000005
    "SWWeightCoef"=dword:00000066
    "SWCurrentAbilityCoef"=dword:00000000
    "SWCornersCoef"=dword:00000000
    "SWCrossingCoef"=dword:00000000
    "SWDribblingCoef"=dword:00000000
    "SWFinishingCoef"=dword:00000000
    "SWFirstTouchCoef"=dword:00000014
    "SWFreeKicksCoef"=dword:0000000a
    "SWHeadingCoef"=dword:00000064
    "SWLongShotsCoef"=dword:0000000a
    "SWLongThrowsCoef"=dword:00000000
    "SWMarkingCoef"=dword:00000064
    "SWPassingCoef"=dword:0000000a
    "SWPenaltiesCoef"=dword:00000005
    "SWTacklingCoef"=dword:00000064
    "SWTechniqueCoef"=dword:0000000a
    "SWLeftFootCoef"=dword:00000005
    "SWRightFootCoef"=dword:00000005
    "SWAggressionCoef"=dword:00000014
    "SWAnticipationCoef"=dword:00000014
    "SWBraveryCoef"=dword:00000028
    "SWComposureCoef"=dword:00000028
    "SWConcentrationCoef"=dword:0000003c
    "SWConsistencyCoef"=dword:0000000a
    "SWCreativityCoef"=dword:0000000a
    "SWDecisionsCoef"=dword:00000014
    "SWDeterminationCoef"=dword:0000000a
    "SWDirtinessCoef"=dword:ffffffe7
    "SWFlairCoef"=dword:00000000
    "SWImportantMatchesCoef"=dword:0000000a
    "SWInfluenceCoef"=dword:0000000a
    "SWOffTheBallCoef"=dword:0000000a
    "SWPositioningCoef"=dword:00000064
    "SWTeamworkCoef"=dword:00000028
    "SWWorkRateCoef"=dword:00000014
    "SWAccelerationCoef"=dword:0000001e
    "SWAgilityCoef"=dword:0000000a
    "SWBalanceCoef"=dword:00000014
    "SWInjuryPronenessCoef"=dword:fffffffb
    "SWJumpingCoef"=dword:00000064
    "SWNaturalFitnessCoef"=dword:00000005
    "SWPaceCoef"=dword:00000014
    "SWStaminaCoef"=dword:0000000a
    "SWStrengthCoef"=dword:00000050
    "SWVersatilityCoef"=dword:00000005
    "SWAerialAbilityCoef"=dword:00000000
    "SWCommandOfAreaCoef"=dword:00000000
    "SWCommunicationCoef"=dword:00000000
    "SWEccentricityCoef"=dword:00000000
    "SWHandlingCoef"=dword:00000000
    "SWKickingCoef"=dword:00000000
    "SWOneOnOnesCoef"=dword:00000005
    "SWReflexesCoef"=dword:00000005
    "SWRushingOutCoef"=dword:00000000
    "SWTendencyToPunchCoef"=dword:00000000
    "SWThrowingCoef"=dword:00000000
    "SWAdaptabilityCoef"=dword:00000005
    "SWAmbitionCoef"=dword:0000000a
    "SWControversyCoef"=dword:fffffffb
    "SWLoyalityCoef"=dword:00000005
    "SWPressureCoef"=dword:00000005
    "SWProfessionalismCoef"=dword:00000005
    "SWSportsmanshipCoef"=dword:00000005
    "SWTemperamentCoef"=dword:00000005
    "CBWeightCoef"=dword:00000064
    "CBCurrentAbilityCoef"=dword:00000000
    "CBCornersCoef"=dword:00000000
    "CBCrossingCoef"=dword:00000000
    "CBDribblingCoef"=dword:00000000
    "CBFinishingCoef"=dword:00000000
    "CBFirstTouchCoef"=dword:00000014
    "CBFreeKicksCoef"=dword:0000000a
    "CBHeadingCoef"=dword:00000064
    "CBLongShotsCoef"=dword:0000000a
    "CBLongThrowsCoef"=dword:00000000
    "CBMarkingCoef"=dword:00000050
    "CBPassingCoef"=dword:00000014
    "CBPenaltiesCoef"=dword:00000005
    "CBTacklingCoef"=dword:00000064
    "CBTechniqueCoef"=dword:0000000a
    "CBLeftFootCoef"=dword:00000005
    "CBRightFootCoef"=dword:00000005
    "CBAggressionCoef"=dword:00000014
    "CBAnticipationCoef"=dword:00000014
    "CBBraveryCoef"=dword:00000028
    "CBComposureCoef"=dword:00000014
    "CBConcentrationCoef"=dword:00000028
    "CBConsistencyCoef"=dword:0000000a
    "CBCreativityCoef"=dword:0000000a
    "CBDecisionsCoef"=dword:00000014
    "CBDeterminationCoef"=dword:0000000a
    "CBDirtinessCoef"=dword:ffffffec
    "CBFlairCoef"=dword:00000000
    "CBImportantMatchesCoef"=dword:0000000a
    "CBInfluenceCoef"=dword:0000000a
    "CBOffTheBallCoef"=dword:0000000a
    "CBPositioningCoef"=dword:00000050
    "CBTeamworkCoef"=dword:00000028
    "CBWorkRateCoef"=dword:00000014
    "CBAccelerationCoef"=dword:00000028
    "CBAgilityCoef"=dword:0000000a
    "CBBalanceCoef"=dword:00000014
    "CBInjuryPronenessCoef"=dword:fffffffb
    "CBJumpingCoef"=dword:00000064
    "CBNaturalFitnessCoef"=dword:00000005
    "CBPaceCoef"=dword:0000001e
    "CBStaminaCoef"=dword:0000000a
    "CBStrengthCoef"=dword:0000003c
    "CBVersatilityCoef"=dword:00000005
    "CBAerialAbilityCoef"=dword:00000000
    "CBCommandOfAreaCoef"=dword:00000000
    "CBCommunicationCoef"=dword:00000000
    "CBEccentricityCoef"=dword:00000000
    "CBHandlingCoef"=dword:00000000
    "CBKickingCoef"=dword:00000000
    "CBOneOnOnesCoef"=dword:00000005
    "CBReflexesCoef"=dword:00000005
    "CBRushingOutCoef"=dword:00000000
    "CBTendencyToPunchCoef"=dword:00000000
    "CBThrowingCoef"=dword:00000000
    "CBAdaptabilityCoef"=dword:00000005
    "CBAmbitionCoef"=dword:0000000a
    "CBControversyCoef"=dword:fffffffb
    "CBLoyalityCoef"=dword:00000005
    "CBPressureCoef"=dword:00000005
    "CBProfessionalismCoef"=dword:00000005
    "CBSportsmanshipCoef"=dword:00000005
    "CBTemperamentCoef"=dword:00000005
    "FBWeightCoef"=dword:00000069
    "FBCurrentAbilityCoef"=dword:00000000
    "FBCornersCoef"=dword:0000000a
    "FBCrossingCoef"=dword:0000001e
    "FBDribblingCoef"=dword:00000014
    "FBFinishingCoef"=dword:00000000
    "FBFirstTouchCoef"=dword:00000014
    "FBFreeKicksCoef"=dword:0000000a
    "FBHeadingCoef"=dword:0000003c
    "FBLongShotsCoef"=dword:0000000a
    "FBLongThrowsCoef"=dword:0000000a
    "FBMarkingCoef"=dword:0000003c
    "FBPassingCoef"=dword:0000001e
    "FBPenaltiesCoef"=dword:00000005
    "FBTacklingCoef"=dword:00000064
    "FBTechniqueCoef"=dword:00000014
    "FBLeftFootCoef"=dword:00000005
    "FBRightFootCoef"=dword:00000005
    "FBAggressionCoef"=dword:0000000f
    "FBAnticipationCoef"=dword:00000050
    "FBBraveryCoef"=dword:00000014
    "FBComposureCoef"=dword:0000000a
    "FBConcentrationCoef"=dword:0000001e
    "FBConsistencyCoef"=dword:0000000a
    "FBCreativityCoef"=dword:0000000a
    "FBDecisionsCoef"=dword:00000014
    "FBDeterminationCoef"=dword:0000000a
    "FBDirtinessCoef"=dword:fffffff6
    "FBFlairCoef"=dword:00000005
    "FBImportantMatchesCoef"=dword:0000000a
    "FBInfluenceCoef"=dword:0000000a
    "FBOffTheBallCoef"=dword:00000014
    "FBPositioningCoef"=dword:00000064
    "FBTeamworkCoef"=dword:00000014
    "FBWorkRateCoef"=dword:00000014
    "FBAccelerationCoef"=dword:0000003c
    "FBAgilityCoef"=dword:0000000a
    "FBBalanceCoef"=dword:00000014
    "FBInjuryPronenessCoef"=dword:fffffffb
    "FBJumpingCoef"=dword:0000003c
    "FBNaturalFitnessCoef"=dword:00000005
    "FBPaceCoef"=dword:00000050
    "FBStaminaCoef"=dword:0000003c
    "FBStrengthCoef"=dword:00000028
    "FBVersatilityCoef"=dword:00000005
    "FBAerialAbilityCoef"=dword:00000000
    "FBCommandOfAreaCoef"=dword:00000000
    "FBCommunicationCoef"=dword:00000000
    "FBEccentricityCoef"=dword:00000000
    "FBHandlingCoef"=dword:00000000
    "FBKickingCoef"=dword:00000000
    "FBOneOnOnesCoef"=dword:00000005
    "FBReflexesCoef"=dword:00000005
    "FBRushingOutCoef"=dword:00000000
    "FBTendencyToPunchCoef"=dword:00000000
    "FBThrowingCoef"=dword:00000000
    "FBAdaptabilityCoef"=dword:00000005
    "FBAmbitionCoef"=dword:0000000a
    "FBControversyCoef"=dword:fffffffb
    "FBLoyalityCoef"=dword:00000005
    "FBPressureCoef"=dword:00000005
    "FBProfessionalismCoef"=dword:00000005
    "FBSportsmanshipCoef"=dword:00000005
    "FBTemperamentCoef"=dword:00000005
    "WBWeightCoef"=dword:0000006c
    "WBCurrentAbilityCoef"=dword:00000000
    "WBCornersCoef"=dword:0000000a
    "WBCrossingCoef"=dword:0000003c
    "WBDribblingCoef"=dword:00000028
    "WBFinishingCoef"=dword:0000000a
    "WBFirstTouchCoef"=dword:00000014
    "WBFreeKicksCoef"=dword:0000000a
    "WBHeadingCoef"=dword:00000028
    "WBLongShotsCoef"=dword:00000014
    "WBLongThrowsCoef"=dword:0000000a
    "WBMarkingCoef"=dword:0000003c
    "WBPassingCoef"=dword:00000028
    "WBPenaltiesCoef"=dword:00000005
    "WBTacklingCoef"=dword:00000064
    "WBTechniqueCoef"=dword:00000028
    "WBLeftFootCoef"=dword:00000005
    "WBRightFootCoef"=dword:00000005
    "WBAggressionCoef"=dword:0000000a
    "WBAnticipationCoef"=dword:00000050
    "WBBraveryCoef"=dword:0000000a
    "WBComposureCoef"=dword:0000000a
    "WBConcentrationCoef"=dword:00000014
    "WBConsistencyCoef"=dword:0000000a
    "WBCreativityCoef"=dword:00000014
    "WBDecisionsCoef"=dword:00000014
    "WBDeterminationCoef"=dword:0000000a
    "WBDirtinessCoef"=dword:fffffff6
    "WBFlairCoef"=dword:0000000a
    "WBImportantMatchesCoef"=dword:0000000a
    "WBInfluenceCoef"=dword:0000000a
    "WBOffTheBallCoef"=dword:00000014
    "WBPositioningCoef"=dword:00000064
    "WBTeamworkCoef"=dword:00000014
    "WBWorkRateCoef"=dword:00000028
    "WBAccelerationCoef"=dword:00000050
    "WBAgilityCoef"=dword:0000000a
    "WBBalanceCoef"=dword:00000014
    "WBInjuryPronenessCoef"=dword:fffffffb
    "WBJumpingCoef"=dword:00000014
    "WBNaturalFitnessCoef"=dword:00000005
    "WBPaceCoef"=dword:00000064
    "WBStaminaCoef"=dword:00000050
    "WBStrengthCoef"=dword:00000028
    "WBVersatilityCoef"=dword:00000005
    "WBAerialAbilityCoef"=dword:00000000
    "WBCommandOfAreaCoef"=dword:00000000
    "WBCommunicationCoef"=dword:00000000
    "WBEccentricityCoef"=dword:00000000
    "WBHandlingCoef"=dword:00000000
    "WBKickingCoef"=dword:00000000
    "WBOneOnOnesCoef"=dword:00000005
    "WBReflexesCoef"=dword:00000005
    "WBRushingOutCoef"=dword:00000000
    "WBTendencyToPunchCoef"=dword:00000000
    "WBThrowingCoef"=dword:00000000
    "WBAdaptabilityCoef"=dword:00000005
    "WBAmbitionCoef"=dword:0000000a
    "WBControversyCoef"=dword:fffffffb
    "WBLoyalityCoef"=dword:00000005
    "WBPressureCoef"=dword:00000005
    "WBProfessionalismCoef"=dword:00000005
    "WBSportsmanshipCoef"=dword:00000005
    "WBTemperamentCoef"=dword:00000005
    "DMWeightCoef"=dword:00000067
    "DMCurrentAbilityCoef"=dword:00000000
    "DMCornersCoef"=dword:0000000a
    "DMCrossingCoef"=dword:0000001e
    "DMDribblingCoef"=dword:00000014
    "DMFinishingCoef"=dword:0000000a
    "DMFirstTouchCoef"=dword:0000001e
    "DMFreeKicksCoef"=dword:0000000a
    "DMHeadingCoef"=dword:00000028
    "DMLongShotsCoef"=dword:00000014
    "DMLongThrowsCoef"=dword:00000005
    "DMMarkingCoef"=dword:0000003c
    "DMPassingCoef"=dword:00000028
    "DMPenaltiesCoef"=dword:00000005
    "DMTacklingCoef"=dword:00000064
    "DMTechniqueCoef"=dword:0000001e
    "DMLeftFootCoef"=dword:00000005
    "DMRightFootCoef"=dword:00000005
    "DMAggressionCoef"=dword:00000028
    "DMAnticipationCoef"=dword:00000028
    "DMBraveryCoef"=dword:00000014
    "DMComposureCoef"=dword:0000000a
    "DMConcentrationCoef"=dword:00000014
    "DMConsistencyCoef"=dword:0000000a
    "DMCreativityCoef"=dword:00000014
    "DMDecisionsCoef"=dword:00000014
    "DMDeterminationCoef"=dword:0000000a
    "DMDirtinessCoef"=dword:fffffff6
    "DMFlairCoef"=dword:0000000a
    "DMImportantMatchesCoef"=dword:0000000a
    "DMInfluenceCoef"=dword:0000000a
    "DMOffTheBallCoef"=dword:0000001e
    "DMPositioningCoef"=dword:00000050
    "DMTeamworkCoef"=dword:00000028
    "DMWorkRateCoef"=dword:00000050
    "DMAccelerationCoef"=dword:00000028
    "DMAgilityCoef"=dword:0000000a
    "DMBalanceCoef"=dword:0000000a
    "DMInjuryPronenessCoef"=dword:fffffffb
    "DMJumpingCoef"=dword:00000028
    "DMNaturalFitnessCoef"=dword:00000005
    "DMPaceCoef"=dword:00000028
    "DMStaminaCoef"=dword:0000003c
    "DMStrengthCoef"=dword:00000028
    "DMVersatilityCoef"=dword:00000005
    "DMAerialAbilityCoef"=dword:00000000
    "DMCommandOfAreaCoef"=dword:00000000
    "DMCommunicationCoef"=dword:00000000
    "DMEccentricityCoef"=dword:00000000
    "DMHandlingCoef"=dword:00000000
    "DMKickingCoef"=dword:00000000
    "DMOneOnOnesCoef"=dword:00000005
    "DMReflexesCoef"=dword:00000005
    "DMRushingOutCoef"=dword:00000000
    "DMTendencyToPunchCoef"=dword:00000000
    "DMThrowingCoef"=dword:00000000
    "DMAdaptabilityCoef"=dword:00000005
    "DMAmbitionCoef"=dword:0000000a
    "DMControversyCoef"=dword:fffffffb
    "DMLoyalityCoef"=dword:00000005
    "DMPressureCoef"=dword:00000005
    "DMProfessionalismCoef"=dword:00000005
    "DMSportsmanshipCoef"=dword:00000005
    "DMTemperamentCoef"=dword:00000005
    "MWeightCoef"=dword:00000068
    "MCurrentAbilityCoef"=dword:00000000
    "MCornersCoef"=dword:0000000a
    "MCrossingCoef"=dword:00000028
    "MDribblingCoef"=dword:00000032
    "MFinishingCoef"=dword:00000014
    "MFirstTouchCoef"=dword:0000001e
    "MFreeKicksCoef"=dword:0000000a
    "MHeadingCoef"=dword:0000001e
    "MLongShotsCoef"=dword:00000014
    "MLongThrowsCoef"=dword:00000005
    "MMarkingCoef"=dword:00000028
    "MPassingCoef"=dword:00000046
    "MPenaltiesCoef"=dword:00000005
    "MTacklingCoef"=dword:0000003c
    "MTechniqueCoef"=dword:00000032
    "MLeftFootCoef"=dword:00000005
    "MRightFootCoef"=dword:00000005
    "MAggressionCoef"=dword:0000001e
    "MAnticipationCoef"=dword:00000028
    "MBraveryCoef"=dword:0000000a
    "MComposureCoef"=dword:0000000a
    "MConcentrationCoef"=dword:0000000a
    "MConsistencyCoef"=dword:0000000a
    "MCreativityCoef"=dword:0000003c
    "MDecisionsCoef"=dword:0000001e
    "MDeterminationCoef"=dword:0000000a
    "MDirtinessCoef"=dword:fffffffb
    "MFlairCoef"=dword:0000000a
    "MImportantMatchesCoef"=dword:0000000a
    "MInfluenceCoef"=dword:0000000a
    "MOffTheBallCoef"=dword:00000028
    "MPositioningCoef"=dword:00000028
    "MTeamworkCoef"=dword:00000032
    "MWorkRateCoef"=dword:00000032
    "MAccelerationCoef"=dword:00000032
    "MAgilityCoef"=dword:0000000a
    "MBalanceCoef"=dword:0000000a
    "MInjuryPronenessCoef"=dword:fffffffb
    "MJumpingCoef"=dword:00000028
    "MNaturalFitnessCoef"=dword:00000005
    "MPaceCoef"=dword:00000028
    "MStaminaCoef"=dword:0000003c
    "MStrengthCoef"=dword:0000001e
    "MVersatilityCoef"=dword:00000005
    "MAerialAbilityCoef"=dword:00000000
    "MCommandOfAreaCoef"=dword:00000000
    "MCommunicationCoef"=dword:00000000
    "MEccentricityCoef"=dword:00000000
    "MHandlingCoef"=dword:00000000
    "MKickingCoef"=dword:00000000
    "MOneOnOnesCoef"=dword:00000005
    "MReflexesCoef"=dword:00000005
    "MRushingOutCoef"=dword:00000000
    "MTendencyToPunchCoef"=dword:00000000
    "MThrowingCoef"=dword:00000000
    "MAdaptabilityCoef"=dword:00000005
    "MAmbitionCoef"=dword:0000000a
    "MControversyCoef"=dword:fffffffb
    "MLoyalityCoef"=dword:00000005
    "MPressureCoef"=dword:00000005
    "MProfessionalismCoef"=dword:00000005
    "MSportsmanshipCoef"=dword:00000005
    "MTemperamentCoef"=dword:00000005
    "AMWeightCoef"=dword:00000068
    "AMCurrentAbilityCoef"=dword:00000000
    "AMCornersCoef"=dword:0000000a
    "AMCrossingCoef"=dword:0000003c
    "AMDribblingCoef"=dword:00000050
    "AMFinishingCoef"=dword:00000028
    "AMFirstTouchCoef"=dword:0000001e
    "AMFreeKicksCoef"=dword:0000000a
    "AMHeadingCoef"=dword:00000014
    "AMLongShotsCoef"=dword:00000014
    "AMLongThrowsCoef"=dword:00000005
    "AMMarkingCoef"=dword:0000000a
    "AMPassingCoef"=dword:00000064
    "AMPenaltiesCoef"=dword:00000005
    "AMTacklingCoef"=dword:0000000a
    "AMTechniqueCoef"=dword:00000050
    "AMLeftFootCoef"=dword:00000005
    "AMRightFootCoef"=dword:00000005
    "AMAggressionCoef"=dword:0000000a
    "AMAnticipationCoef"=dword:0000001e
    "AMBraveryCoef"=dword:0000000a
    "AMComposureCoef"=dword:0000000a
    "AMConcentrationCoef"=dword:0000000a
    "AMConsistencyCoef"=dword:0000000a
    "AMCreativityCoef"=dword:00000064
    "AMDecisionsCoef"=dword:00000028
    "AMDeterminationCoef"=dword:0000000a
    "AMDirtinessCoef"=dword:fffffffb
    "AMFlairCoef"=dword:00000014
    "AMImportantMatchesCoef"=dword:0000000a
    "AMInfluenceCoef"=dword:0000000a
    "AMOffTheBallCoef"=dword:0000003c
    "AMPositioningCoef"=dword:00000014
    "AMTeamworkCoef"=dword:0000003c
    "AMWorkRateCoef"=dword:00000014
    "AMAccelerationCoef"=dword:0000003c
    "AMAgilityCoef"=dword:0000000a
    "AMBalanceCoef"=dword:0000000a
    "AMInjuryPronenessCoef"=dword:fffffffb
    "AMJumpingCoef"=dword:00000014
    "AMNaturalFitnessCoef"=dword:00000005
    "AMPaceCoef"=dword:0000003c
    "AMStaminaCoef"=dword:0000003c
    "AMStrengthCoef"=dword:00000014
    "AMVersatilityCoef"=dword:00000005
    "AMAerialAbilityCoef"=dword:00000000
    "AMCommandOfAreaCoef"=dword:00000000
    "AMCommunicationCoef"=dword:00000000
    "AMEccentricityCoef"=dword:00000000
    "AMHandlingCoef"=dword:00000000
    "AMKickingCoef"=dword:00000000
    "AMOneOnOnesCoef"=dword:00000005
    "AMReflexesCoef"=dword:00000005
    "AMRushingOutCoef"=dword:00000000
    "AMTendencyToPunchCoef"=dword:00000000
    "AMThrowingCoef"=dword:00000000
    "AMAdaptabilityCoef"=dword:00000005
    "AMAmbitionCoef"=dword:0000000a
    "AMControversyCoef"=dword:fffffffb
    "AMLoyalityCoef"=dword:00000005
    "AMPressureCoef"=dword:00000005
    "AMProfessionalismCoef"=dword:00000005
    "AMSportsmanshipCoef"=dword:00000005
    "AMTemperamentCoef"=dword:00000005
    "WWeightCoef"=dword:00000069
    "WCurrentAbilityCoef"=dword:00000000
    "WCornersCoef"=dword:0000000a
    "WCrossingCoef"=dword:00000064
    "WDribblingCoef"=dword:00000064
    "WFinishingCoef"=dword:0000003c
    "WFirstTouchCoef"=dword:0000001e
    "WFreeKicksCoef"=dword:0000000a
    "WHeadingCoef"=dword:00000014
    "WLongShotsCoef"=dword:00000014
    "WLongThrowsCoef"=dword:00000005
    "WMarkingCoef"=dword:0000000a
    "WPassingCoef"=dword:0000003c
    "WPenaltiesCoef"=dword:00000005
    "WTacklingCoef"=dword:0000000a
    "WTechniqueCoef"=dword:00000050
    "WLeftFootCoef"=dword:00000005
    "WRightFootCoef"=dword:00000005
    "WAggressionCoef"=dword:0000000a
    "WAnticipationCoef"=dword:00000014
    "WBraveryCoef"=dword:0000000a
    "WComposureCoef"=dword:0000000a
    "WConcentrationCoef"=dword:0000000a
    "WConsistencyCoef"=dword:0000000a
    "WCreativityCoef"=dword:0000003c
    "WDecisionsCoef"=dword:00000014
    "WDeterminationCoef"=dword:0000000a
    "WDirtinessCoef"=dword:fffffffb
    "WFlairCoef"=dword:0000000a
    "WImportantMatchesCoef"=dword:00000014
    "WInfluenceCoef"=dword:0000000a
    "WOffTheBallCoef"=dword:0000003c
    "WPositioningCoef"=dword:00000014
    "WTeamworkCoef"=dword:0000001e
    "WWorkRateCoef"=dword:0000001e
    "WAccelerationCoef"=dword:00000050
    "WAgilityCoef"=dword:00000014
    "WBalanceCoef"=dword:0000000a
    "WInjuryPronenessCoef"=dword:fffffffb
    "WJumpingCoef"=dword:00000014
    "WNaturalFitnessCoef"=dword:00000005
    "WPaceCoef"=dword:00000064
    "WStaminaCoef"=dword:0000003c
    "WStrengthCoef"=dword:00000014
    "WVersatilityCoef"=dword:00000005
    "WAerialAbilityCoef"=dword:00000000
    "WCommandOfAreaCoef"=dword:00000000
    "WCommunicationCoef"=dword:00000000
    "WEccentricityCoef"=dword:00000000
    "WHandlingCoef"=dword:00000000
    "WKickingCoef"=dword:00000000
    "WOneOnOnesCoef"=dword:00000005
    "WReflexesCoef"=dword:00000005
    "WRushingOutCoef"=dword:00000000
    "WTendencyToPunchCoef"=dword:00000000
    "WThrowingCoef"=dword:00000000
    "WAdaptabilityCoef"=dword:00000005
    "WAmbitionCoef"=dword:0000000a
    "WControversyCoef"=dword:fffffffb
    "WLoyalityCoef"=dword:00000005
    "WPressureCoef"=dword:00000005
    "WProfessionalismCoef"=dword:00000005
    "WSportsmanshipCoef"=dword:00000005
    "WTemperamentCoef"=dword:00000005
    "FSTWeightCoef"=dword:00000067
    "FSTCurrentAbilityCoef"=dword:00000000
    "FSTCornersCoef"=dword:0000000a
    "FSTCrossingCoef"=dword:0000000a
    "FSTDribblingCoef"=dword:00000050
    "FSTFinishingCoef"=dword:00000064
    "FSTFirstTouchCoef"=dword:00000028
    "FSTFreeKicksCoef"=dword:0000000a
    "FSTHeadingCoef"=dword:00000028
    "FSTLongShotsCoef"=dword:00000014
    "FSTLongThrowsCoef"=dword:00000000
    "FSTMarkingCoef"=dword:00000000
    "FSTPassingCoef"=dword:00000028
    "FSTPenaltiesCoef"=dword:00000005
    "FSTTacklingCoef"=dword:00000000
    "FSTTechniqueCoef"=dword:00000050
    "FSTLeftFootCoef"=dword:00000005
    "FSTRightFootCoef"=dword:00000005
    "FSTAggressionCoef"=dword:0000000a
    "FSTAnticipationCoef"=dword:0000000a
    "FSTBraveryCoef"=dword:0000000a
    "FSTComposureCoef"=dword:0000000a
    "FSTConcentrationCoef"=dword:0000000a
    "FSTConsistencyCoef"=dword:0000000a
    "FSTCreativityCoef"=dword:00000028
    "FSTDecisionsCoef"=dword:0000000a
    "FSTDeterminationCoef"=dword:0000000a
    "FSTDirtinessCoef"=dword:fffffffb
    "FSTFlairCoef"=dword:0000000a
    "FSTImportantMatchesCoef"=dword:0000000a
    "FSTInfluenceCoef"=dword:0000000a
    "FSTOffTheBallCoef"=dword:00000050
    "FSTPositioningCoef"=dword:0000000a
    "FSTTeamworkCoef"=dword:0000000a
    "FSTWorkRateCoef"=dword:0000000a
    "FSTAccelerationCoef"=dword:00000064
    "FSTAgilityCoef"=dword:00000028
    "FSTBalanceCoef"=dword:0000000a
    "FSTInjuryPronenessCoef"=dword:fffffffb
    "FSTJumpingCoef"=dword:00000014
    "FSTNaturalFitnessCoef"=dword:00000005
    "FSTPaceCoef"=dword:00000064
    "FSTStaminaCoef"=dword:00000028
    "FSTStrengthCoef"=dword:00000014
    "FSTVersatilityCoef"=dword:00000005
    "FSTAerialAbilityCoef"=dword:00000000
    "FSTCommandOfAreaCoef"=dword:00000000
    "FSTCommunicationCoef"=dword:00000000
    "FSTEccentricityCoef"=dword:00000000
    "FSTHandlingCoef"=dword:00000000
    "FSTKickingCoef"=dword:00000000
    "FSTOneOnOnesCoef"=dword:00000005
    "FSTReflexesCoef"=dword:00000005
    "FSTRushingOutCoef"=dword:00000000
    "FSTTendencyToPunchCoef"=dword:00000000
    "FSTThrowingCoef"=dword:00000000
    "FSTAdaptabilityCoef"=dword:00000005
    "FSTAmbitionCoef"=dword:0000000a
    "FSTControversyCoef"=dword:fffffffb
    "FSTLoyalityCoef"=dword:00000005
    "FSTPressureCoef"=dword:00000005
    "FSTProfessionalismCoef"=dword:00000005
    "FSTSportsmanshipCoef"=dword:00000005
    "FSTTemperamentCoef"=dword:00000005
    "TSTWeightCoef"=dword:00000067
    "TSTCurrentAbilityCoef"=dword:00000000
    "TSTCornersCoef"=dword:00000000
    "TSTCrossingCoef"=dword:0000000a
    "TSTDribblingCoef"=dword:0000003c
    "TSTFinishingCoef"=dword:00000050
    "TSTFirstTouchCoef"=dword:0000001e
    "TSTFreeKicksCoef"=dword:0000000a
    "TSTHeadingCoef"=dword:00000064
    "TSTLongShotsCoef"=dword:00000014
    "TSTLongThrowsCoef"=dword:00000000
    "TSTMarkingCoef"=dword:00000000
    "TSTPassingCoef"=dword:00000028
    "TSTPenaltiesCoef"=dword:00000005
    "TSTTacklingCoef"=dword:00000000
    "TSTTechniqueCoef"=dword:00000028
    "TSTLeftFootCoef"=dword:00000005
    "TSTRightFootCoef"=dword:00000005
    "TSTAggressionCoef"=dword:00000014
    "TSTAnticipationCoef"=dword:0000000a
    "TSTBraveryCoef"=dword:00000014
    "TSTComposureCoef"=dword:0000000a
    "TSTConcentrationCoef"=dword:0000000a
    "TSTConsistencyCoef"=dword:0000000a
    "TSTCreativityCoef"=dword:00000014
    "TSTDecisionsCoef"=dword:0000000a
    "TSTDeterminationCoef"=dword:0000000a
    "TSTDirtinessCoef"=dword:fffffffb
    "TSTFlairCoef"=dword:0000000a
    "TSTImportantMatchesCoef"=dword:0000000a
    "TSTInfluenceCoef"=dword:0000000a
    "TSTOffTheBallCoef"=dword:00000050
    "TSTPositioningCoef"=dword:00000014
    "TSTTeamworkCoef"=dword:0000000a
    "TSTWorkRateCoef"=dword:0000000a
    "TSTAccelerationCoef"=dword:00000028
    "TSTAgilityCoef"=dword:00000014
    "TSTBalanceCoef"=dword:00000014
    "TSTInjuryPronenessCoef"=dword:fffffffb
    "TSTJumpingCoef"=dword:00000064
    "TSTNaturalFitnessCoef"=dword:00000005
    "TSTPaceCoef"=dword:00000028
    "TSTStaminaCoef"=dword:00000014
    "TSTStrengthCoef"=dword:00000050
    "TSTVersatilityCoef"=dword:00000005
    "TSTAerialAbilityCoef"=dword:00000000
    "TSTCommandOfAreaCoef"=dword:00000000
    "TSTCommunicationCoef"=dword:00000000
    "TSTEccentricityCoef"=dword:00000000
    "TSTHandlingCoef"=dword:00000000
    "TSTKickingCoef"=dword:00000000
    "TSTOneOnOnesCoef"=dword:00000005
    "TSTReflexesCoef"=dword:00000005
    "TSTRushingOutCoef"=dword:00000000
    "TSTTendencyToPunchCoef"=dword:00000000
    "TSTThrowingCoef"=dword:00000000
    "TSTAdaptabilityCoef"=dword:00000005
    "TSTAmbitionCoef"=dword:0000000a
    "TSTControversyCoef"=dword:fffffffb
    "TSTLoyalityCoef"=dword:00000005
    "TSTPressureCoef"=dword:00000005
    "TSTProfessionalismCoef"=dword:00000005
    "TSTSportsmanshipCoef"=dword:00000005
    "TSTTemperamentCoef"=dword:00000005

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00009b76
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000062
    "UniqueID"="44-0140-40FF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000067
    "UniqueID"="44-0140-40FF"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
    "1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
    fd
    "2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
    78,d5,ad,68,1b,c8,4a,9b,03
    "3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
    70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
    "1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
    42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
    "2"=hex:58,92,5a,34,3f,c6,a5,c5
    "3"=hex:1c,38,a1,f5,06,54,25,8c,18,fc,be,1c,62,1b,3b,ab,86,42,f1,81,d3,98,17,
    3b,1b,c9,98,e1,90,f0,88,8d,23,fc,2b,f5,2c,20,cd,7c,16,5f,bd,77,8b,9e,26,bb,\
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
    42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
    "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
    63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "10"=hex:59,c8,db,4e,44,81,2c,dd
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:81,20,8f,ab,28,6a,52,9c
    "13"=hex:81,20,8f,ab,28,6a,52,9c
    "14"=hex:81,20,8f,ab,28,6a,52,9c
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:81,20,8f,ab,28,6a,52,9c
    "22"=hex:81,20,8f,ab,28,6a,52,9c
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3456)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\Ati2evxx.exe
    c:\windows\system32\brsvc01a.exe
    c:\windows\system32\brss01a.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\System32\drivers\CDAC11BA.EXE
    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-14 18:30:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-14 18:30
    ComboFix2.txt 2010-12-09 20:24

    Pre-Run: 112,358,924,288 bytes free
    Post-Run: 112,261,578,752 bytes free

    - - End Of File - - 50C8005DA41D62BB901C4BC161018C82
  5. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  6. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    The computer is running alot better but that error message still comes up quite often when im trying to run programmes.

    I will run the OTL now.

    Thanks for all your support its been amazing
  7. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    You're very welcome [​IMG]
  8. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    OTL Log:

    OTL logfile created on: 15/12/2010 18:05:32 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\gary\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 536.00 Mb Available Physical Memory | 52.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 512 1024

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.48 Gb Total Space | 104.58 Gb Free Space | 71.89% Space Free | Partition Type: NTFS

    Computer Name: D6M2681J | User Name: gary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/05/17 16:42:32 | 000,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    PRC - [2005/03/17 13:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    PRC - [2004/11/10 18:23:45 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
    PRC - [2004/03/23 11:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    PRC - [2004/03/23 11:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    PRC - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brsvc01a.exe
    PRC - [2001/12/12 23:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brss01a.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    MOD - [2010/09/20 19:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 07:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
    MOD - [2009/07/12 07:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
    SRV - [2006/11/09 22:06:17 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
    SRV - [2004/11/10 18:23:45 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE -- (C-DillaCdaC11BA)
    SRV - [2004/03/23 11:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
    SRV - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\brsvc01a.exe -- (Brother XP spl Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/12/09 18:17:44 | 001,360,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101214.001\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/09 18:17:44 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101214.001\NAVENG.SYS -- (NAVENG)
    DRV - [2010/11/09 00:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101210.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2010/11/04 00:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/08/21 12:47:19 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/08/21 12:47:19 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/08/21 12:03:12 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/05/06 04:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/29 05:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/22 03:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/22 02:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/22 02:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/04 01:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
    DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2005/12/27 20:17:52 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
    DRV - [2005/12/27 20:16:01 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2004/11/10 18:23:44 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaC15BA.SYS -- (CdaC15BA)
    DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
    DRV - [2004/08/04 05:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
    DRV - [2004/08/04 05:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
    DRV - [2004/08/04 05:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
    DRV - [2004/08/04 05:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
    DRV - [2004/08/04 05:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 05:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
    DRV - [2004/08/04 05:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 05:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 05:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
    DRV - [2004/08/04 05:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
    DRV - [2004/08/04 05:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
    DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
    DRV - [2004/05/25 22:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/03/23 11:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 21:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
    DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
    DRV - [2002/11/12 10:01:44 | 000,053,168 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
    DRV - [2002/11/12 10:01:42 | 000,748,544 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
    DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/08/22 10:38:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/08/21 12:23:08 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/12/14 18:23:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/11/13 08:39:31 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\gary\Start Menu\Programs\Startup\AutorunsDisabled [2010/11/13 08:39:35 | 000,000,000 | -H-D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
    O9 - Extra Button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - Reg Error: Value error. File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102070229218 (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191600504750 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: 193
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/16 06:41:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2010/12/15 18:04:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    [2010/12/14 18:52:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/12/09 18:41:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/09 18:32:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/09 18:32:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/09 18:32:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/09 18:32:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/09 18:32:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/09 18:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/05 18:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Malwarebytes
    [2010/12/05 18:31:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/05 18:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/12/05 18:31:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/05 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/05 18:30:08 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.0.0.exe
    [2010/11/30 20:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Sports Interactive
    [2010/11/29 12:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/11/29 10:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BVRP Software
    [2010/11/29 10:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avanquest
    [2010/11/29 10:03:45 | 000,000,000 | R--D | C] -- C:\_Backup.RC
    [2010/11/29 10:03:42 | 000,000,000 | ---D | C] -- C:\_Backup
    [2010/11/29 10:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Avanquest
    [2010/11/29 10:01:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/11/29 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
    [2010/12/15 17:57:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/12/15 17:57:29 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/14 18:23:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2010/12/14 17:57:44 | 003,989,579 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
    [2010/12/12 21:14:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/12/09 18:41:16 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2010/12/06 20:00:10 | 000,000,738 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - doreen.job
    [2010/12/05 18:31:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/05 18:30:08 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/01 20:44:49 | 027,519,836 | ---- | M] () -- C:\Documents and Settings\gary\My Documents\RD5 - Final.rar
    [2010/11/30 20:08:22 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2011.lnk
    [2010/11/29 22:50:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/29 22:50:23 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/11/29 22:50:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/29 14:16:51 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
    [2010/11/29 12:42:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/11/29 10:22:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/09 18:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/09 18:41:13 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/09 18:32:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/09 18:32:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/09 18:32:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/09 18:32:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/09 18:32:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/09 18:21:12 | 003,989,579 | R--- | C] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
    [2010/12/05 18:31:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/01 20:44:47 | 027,519,836 | ---- | C] () -- C:\Documents and Settings\gary\My Documents\RD5 - Final.rar
    [2010/11/30 20:08:21 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2011.lnk
    [2010/11/29 11:56:51 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
    [2009/09/11 14:28:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2007/07/22 12:53:23 | 000,001,072 | ---- | C] () -- C:\Documents and Settings\gary\Application Data\filterclsid.dat
    [2007/07/21 16:46:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2007/07/11 17:05:45 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
    [2007/05/12 17:49:18 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/05/12 17:49:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2006/11/09 22:06:18 | 000,000,825 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
    [2006/11/09 22:06:17 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
    [2006/08/03 20:21:03 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
    [2006/07/15 14:29:31 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2006/07/15 14:29:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2006/07/15 14:29:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2006/07/15 13:24:43 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2006/05/14 12:30:52 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/04/10 12:00:30 | 000,402,736 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
    [2006/04/08 16:10:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/16 22:38:34 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2005/12/27 20:16:01 | 000,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2005/12/27 20:16:01 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0029.sys
  9. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    OTL Log continued:

    [2005/06/28 17:32:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/06/12 22:02:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2005/01/23 12:24:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2005/01/23 12:24:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2005/01/03 14:21:41 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/11/12 12:07:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/10/25 18:43:08 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
    [2004/09/07 10:14:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/09/07 10:09:12 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/09/07 10:04:25 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/09/07 09:53:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/09/07 09:34:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/03/05 20:16:12 | 000,498,688 | ---- | C] () -- C:\WINDOWS\System32\clbcatq.dll
    [2002/09/03 07:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2002/08/29 04:00:00 | 000,792,064 | ---- | C] () -- C:\WINDOWS\System32\comres.dll
    [2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
    [1979/12/31 23:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

    ========== LOP Check ==========

    [2010/11/29 10:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
    [2010/10/04 17:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
    [2010/11/29 12:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/10/25 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2010/11/02 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
    [2009/12/20 16:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2010/10/26 21:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2008/08/15 19:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ringo
    [2006/07/15 13:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2008/11/15 15:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
    [2010/12/01 21:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2004/09/07 10:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/09/12 12:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/12/28 19:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2007/03/19 22:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Atari
    [2010/11/29 10:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Avanquest
    [2010/10/04 17:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\BSD
    [2010/08/28 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\DNA
    [2010/02/24 18:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\FUJIFILM
    [2006/04/30 12:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\funkitron
    [2010/03/15 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\iolo
    [2004/11/02 08:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Leadertech
    [2006/03/11 13:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Microgaming
    [2010/10/26 21:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Research In Motion
    [2007/07/21 16:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Samsung
    [2009/02/08 09:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Shareaza
    [2010/11/30 20:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Sports Interactive
    [2004/11/04 18:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Template
    [2010/07/31 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Tific

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/11/29 22:50:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/09 18:41:16 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2002/09/03 07:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2007/07/21 16:46:48 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
    [2010/12/14 18:30:07 | 000,072,143 | ---- | M] () -- C:\ComboFix.txt
    [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/07/21 16:17:15 | 000,000,000 | ---- | M] () -- C:\conmgr.log
    [2004/09/07 09:44:32 | 000,005,340 | RH-- | M] () -- C:\DELL.SDR
    [2010/12/15 17:57:29 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
    [2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/09/07 10:13:01 | 000,000,881 | -H-- | M] () -- C:\IPH.PH
    [2006/09/02 11:13:29 | 000,020,946 | ---- | M] () -- C:\log.txt
    [2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2010/11/29 22:50:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/11/29 22:50:23 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/12/15 17:57:28 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/18 19:40:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/08/18 19:46:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/08/18 19:56:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/08/18 20:08:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/08/18 20:45:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/08/21 07:28:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/08/04 19:08:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/08/05 06:52:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/08/05 17:49:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/08/08 15:32:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/08/09 18:06:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/08/11 21:53:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/08/12 06:54:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/08/12 20:54:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/08/15 07:23:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/08/16 21:03:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/08/17 06:44:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/08/17 21:51:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/08/18 19:25:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/08/18 19:38:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/08/18 19:40:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/08/18 19:46:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/08/18 19:56:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/08/18 20:08:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/08/18 20:45:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/08/21 07:28:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/08/04 19:08:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/08/05 06:52:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/08/05 17:49:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/08/08 15:32:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/08/09 18:06:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/08/11 21:53:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/08/12 06:54:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/08/12 20:54:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/08/15 07:23:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/08/16 21:03:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/08/17 06:44:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/08/17 21:51:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/08/18 19:25:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/08/18 19:38:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2010/12/07 18:06:06 | 000,053,634 | ---- | M] () -- C:\TDSSKiller.2.4.10.1_07.12.2010_18.04.41_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2002/09/03 07:59:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2004/02/08 23:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\brmfpp1.dll
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
    [2001/11/20 13:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\ppbiPr.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2006/07/18 21:40:16 | 000,843,776 | ---- | M] () -- C:\WINDOWS\Ringo Screensaver.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/03/28 12:41:38 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2002/09/03 07:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
    [2002/09/03 07:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
    [2002/09/03 07:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/27 16:32:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/07/11 07:32:12 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
    [2004/10/25 18:39:33 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/14 17:57:44 | 003,989,579 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
    [2010/03/07 11:36:53 | 188,960,768 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\FM2010_v10.3.0_PC_Patch.exe
    [2010/11/13 11:30:19 | 180,137,984 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\fm2011v11.1.1_pc_dit_patch.exe
    [2007/05/21 18:38:05 | 037,873,216 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\gary\Desktop\iTunesSetup2.exe
    [2010/12/05 18:30:08 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/10/26 20:37:16 | 272,322,392 | ---- | M] () -- C:\Documents and Settings\gary\My Documents\501_b082_multilanguage.exe
    [2010/10/06 10:14:00 | 000,729,464 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\gary\My Documents\autoruns.exe
    [2010/10/06 10:13:50 | 000,594,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\gary\My Documents\autorunsc.exe
    [2009/06/07 19:46:15 | 000,556,192 | ---- | M] (Google Inc.) -- C:\Documents and Settings\gary\My Documents\GoogleEarthPluginSetup.exe
    [2006/07/25 18:11:47 | 059,310,760 | ---- | M] (Apple Computer, Inc. ) -- C:\Documents and Settings\gary\My Documents\iPodSetup2.exe
    [2009/05/25 18:18:48 | 074,302,760 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\gary\My Documents\iTunesSetup8.1.exe
    [2009/02/24 19:42:02 | 001,228,648 | ---- | M] (Registry Fix ) -- C:\Documents and Settings\gary\My Documents\registryfix.exe
    [2009/02/08 09:43:05 | 006,745,696 | ---- | M] (Shareaza Development Team ) -- C:\Documents and Settings\gary\My Documents\Shareaza_2.4.0.0.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2002/08/29 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/07/11 07:32:12 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\gary\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Prison Tycoon 2 Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/12/15 19:30:58 | 000,573,440 | ---- | M] () -- C:\Documents and Settings\gary\Cookies\INDEX.DAT

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 00:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/12/17 09:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
    [2002/12/17 09:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/12/17 09:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/12/17 09:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
    [2002/12/17 09:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/12/17 09:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/12/17 09:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/12/17 09:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 18:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\gary\My Documents\Shareaza Downloads:Shareaza.GUID
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC

    < End of report >
  10. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    OTL Extras logfile created on: 15/12/2010 18:05:32 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\gary\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 536.00 Mb Available Physical Memory | 52.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 512 1024

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.48 Gb Total Space | 104.58 Gb Free Space | 71.89% Space Free | Partition Type: NTFS

    Computer Name: D6M2681J | User Name: gary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
    "C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe" = C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
    "C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
    "C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}" = BT Openworld Dell Signup
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
    "{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}" = BlackBerry Desktop Software 5.0.1
    "{572F2464-AB8F-4D1C-B934-FD133E6B7CA2}" = Philips Digital Audio Player
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
    "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
    "{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "ATI Display Driver" = ATI Display Driver
    "BlackBerry_{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}" = BlackBerry Desktop Software 5.0.1
    "CdaC13Ba" = SafeCast Shared Components
    "Football Manager 2010" = Football Manager 2010
    "Football Manager 2011" = Football Manager 2011
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "InstallShield_{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
    "InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NIS" = Norton Internet Security
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Shareaza_is1" = Shareaza 2.5.2.0
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent DNA" = DNA

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 07/12/2010 13:57:15 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 08/12/2010 18:20:26 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 09/12/2010 14:04:08 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 11/12/2010 05:28:37 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 12/12/2010 17:15:40 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 13/12/2010 14:27:48 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 13/12/2010 14:51:51 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 14/12/2010 13:48:14 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 14/12/2010 14:23:52 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.

    Error - 15/12/2010 13:58:19 | Computer Name = D6M2681J | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x800700c1.


    < End of report >
  11. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
      O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
      O9 - Extra Button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - Reg Error: Value error. File not found
      O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2004/09/07 10:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\gary\My Documents\Shareaza Downloads:Shareaza.GUID
      @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    I downloaded the latest java and removed the old ones.

    When i run the runfix from OTL it runs but then the image error comes up again and OTL scan doesnt go any further. I left it for some time and it still hadnt gone any further and the error message doesnt leave either.

    Should i try something else or skip this point and go and download security check?

    Thanks

    Gary
  13. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Try to run OTL fix with your AV program disabled, or from Safe Mode.
  14. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    I have tried to run OTL again this time with out my anti virus on and in safe mode. im still getting the same thing. OTL runs and I put in the run fix and click it. it begins but then the error message comes up again and OTL then just stops and the error message doesnt leave!!

    any ideas?

    Thanks
  15. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Delete your OTL file, download fresh one and try again.
  16. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    I deleted the old OTL and downloaded a fresh one but still having no joy.
  17. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Same in Safe Mode?
  18. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    Yes it does the same in safe mode as well
  19. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    Security check log:

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton Internet Security
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Java 2 Runtime Environment, SE v1.4.2_03
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````
  21. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Uninstall Java 2 Runtime Environment, SE v1.4.2_03 .

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
  22. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    ESET scan results:

    C:\Documents and Settings\gary\My Documents\registryfix.exe a variant of Win32/Adware.ErrorClean application
    C:\Microgaming\Casino\Ladbrokes\install.exe a variant of Win32/PrimeCasino application
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1737\A0318711.MSI multiple threats
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1739\A0318738.msi multiple threats
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1741\A0329106.rbf probably a variant of Win32/Genetik trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1741\A0329217.rbf a variant of Win32/Kryptik.FNT trojan
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1741\A0329381.MSI multiple threats
  23. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\gary\My Documents\registryfix.exe 
      C:\Microgaming\Casino\Ladbrokes\install.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  24. mackayg1

    mackayg1 Newcomer, in training Topic Starter Posts: 32

    OTL log:

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Documents and Settings\gary\My Documents\registryfix.exe not found.
    C:\Microgaming\Casino\Ladbrokes\install.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: doreen
    ->Temp folder emptied: 15 bytes
    ->Temporary Internet Files folder emptied: 23884701 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 617 bytes

    User: gary
    ->Temp folder emptied: 59088493 bytes
    ->Temporary Internet Files folder emptied: 17894673 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 905 bytes

    User: karen
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 575588 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 97.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: doreen
    ->Flash cache emptied: 0 bytes

    User: gary
    ->Flash cache emptied: 0 bytes

    User: karen
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.18.0 log created on 12282010_111931

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_79c.dat not found!

    Registry entries deleted on Reboot...
  25. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Go on........
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.