also @ TechSpot: Huawei Ascend P6 smartphone is the thinnest in the world at 6.18mm

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

I keep receiving a 'bad image' error

Discussion in 'Virus and Malware Removal' started by mackayg1, Dec 1, 2010.

Page 2 of 3

Broni Malware Annihilator Posts: 40,051 +187
We'll start with fixing your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.
Broni, Dec 10, 2010

#21
mackayg1 Newcomer, in training Posts: 32

DDS Log:

DDS (Ver_10-12-05.01) - NTFSx86
Run by gary at 9:38:00.67 on 11/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.473 [GMT 0:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gary\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AutorunsDisabled - No File
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Freeserve: {8b68564d-53fd-4293-b80c-993a9f3988ee} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl05a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Search with Freeserve - c:\progra~1\freese~1\fsbar\FSBar.dll/VSearch.htm
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102070229218
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191600504750
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R? kbeepm;kbeepm
R? LicCtrlService;LicCtrl Service
R? SBRE;SBRE
S? BHDrvx86;BHDrvx86
S? ccHP;Symantec Hash Provider
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSxpx86;IDSxpx86
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? NIS;Norton Internet Security
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-12-09 18:41:11 -------- d-sha-r- C:\cmdcons
2010-12-09 18:32:40 98816 ----a-w- c:\windows\sed.exe
2010-12-09 18:32:40 89088 ----a-w- c:\windows\MBR.exe
2010-12-09 18:32:40 256512 ----a-w- c:\windows\PEV.exe
2010-12-09 18:32:40 161792 ----a-w- c:\windows\SWREG.exe
2010-12-05 18:32:04 -------- d-----w- c:\docume~1\gary\applic~1\Malwarebytes
2010-12-05 18:31:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:31:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-05 18:31:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 18:31:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 20:47:59 -------- d-----w- c:\docume~1\gary\locals~1\applic~1\Sports Interactive
2010-11-29 10:05:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avanquest
2010-11-29 10:03:45 -------- d-----r- C:\_Backup.RC
2010-11-29 10:03:42 -------- d-----w- C:\_Backup
2010-11-29 10:02:12 -------- d-----w- c:\docume~1\gary\applic~1\Avanquest
2010-11-29 10:02:06 -------- d-----w- c:\program files\common files\AntiVirus
2010-11-29 10:01:43 -------- d-----w- c:\program files\Avanquest

==================== Find3M ====================

2010-10-26 21:42:24 256 ----a-w- c:\windows\system32\pool.bin
2010-10-13 13:58:06 1139200 ----a-w- c:\windows\bsdsetup.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST316002 rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x86FC5BF8]<<
_asm { MOV EAX, 0x86fc5b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0x86fa2c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F15AB8]
\Driver\Disk[0x86F88910] -> IRP_MJ_CREATE -> 0x86FC5BF8
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x86fc5bf8
\Driver\iaStor -> 0x86fc5eb0
user & kernel MBR OK
Warning: possible MBR rootkit infection !

============= FINISH: 9:40:31.89 ===============

mackayg1, Dec 11, 2010

#22
mackayg1 Newcomer, in training Posts: 32

DDS Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/10/2004 19:00:25
System Uptime: 11/12/2010 09:27:35 (0 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 145 GiB total, 104.706 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1681: 08/09/2010 23:59:31 - System Checkpoint
RP1682: 10/09/2010 18:57:00 - System Checkpoint
RP1683: 12/09/2010 10:54:51 - System Checkpoint
RP1684: 13/09/2010 14:08:06 - System Checkpoint
RP1685: 16/09/2010 07:51:47 - Software Distribution Service 3.0
RP1686: 18/09/2010 07:48:56 - System Checkpoint
RP1687: 19/09/2010 09:44:25 - System Checkpoint
RP1688: 24/09/2010 17:53:59 - System Checkpoint
RP1689: 26/09/2010 09:17:22 - System Checkpoint
RP1690: 27/09/2010 19:31:36 - System Checkpoint
RP1691: 28/09/2010 21:54:22 - Software Distribution Service 3.0
RP1692: 01/10/2010 10:36:45 - System Checkpoint
RP1693: 02/10/2010 11:23:39 - System Checkpoint
RP1694: 03/10/2010 12:21:16 - System Checkpoint
RP1695: 04/10/2010 14:04:52 - System Checkpoint
RP1696: 06/10/2010 13:32:55 - System Checkpoint
RP1697: 07/10/2010 21:42:43 - System Checkpoint
RP1698: 07/10/2010 22:46:30 - Software Distribution Service 3.0
RP1699: 09/10/2010 08:46:36 - System Checkpoint
RP1700: 10/10/2010 09:18:25 - System Checkpoint
RP1701: 13/10/2010 15:35:37 - System Checkpoint
RP1702: 14/10/2010 16:14:33 - System Checkpoint
RP1703: 15/10/2010 03:00:22 - Software Distribution Service 3.0
RP1704: 16/10/2010 11:22:20 - System Checkpoint
RP1705: 17/10/2010 13:24:27 - System Checkpoint
RP1706: 20/10/2010 07:43:39 - System Checkpoint
RP1707: 21/10/2010 19:25:30 - System Checkpoint
RP1708: 23/10/2010 11:54:19 - System Checkpoint
RP1709: 24/10/2010 11:58:23 - System Checkpoint
RP1710: 25/10/2010 18:45:58 - Configured CM4
RP1711: 26/10/2010 19:30:25 - System Checkpoint
RP1712: 26/10/2010 22:09:45 - Installed BlackBerry Desktop Software 5.0.1.
RP1713: 26/10/2010 22:17:03 - Installed Roxio Media Manager
RP1714: 26/10/2010 22:42:32 - Installed BlackBerry Device Software Updater.
RP1715: 26/10/2010 22:45:55 - Software Distribution Service 3.0
RP1716: 27/10/2010 23:01:55 - System Checkpoint
RP1717: 28/10/2010 03:00:16 - Software Distribution Service 3.0
RP1718: 28/10/2010 07:15:42 - Software Distribution Service 3.0
RP1719: 28/10/2010 07:50:35 - Printer Driver Microsoft XPS Document Writer Installed
RP1720: 30/10/2010 08:26:25 - System Checkpoint
RP1721: 30/10/2010 15:10:14 - Software Distribution Service 3.0
RP1722: 31/10/2010 14:15:57 - System Checkpoint
RP1723: 01/11/2010 18:35:56 - System Checkpoint
RP1724: 02/11/2010 19:54:57 - System Checkpoint
RP1725: 04/11/2010 07:20:46 - System Checkpoint
RP1726: 06/11/2010 09:11:50 - System Checkpoint
RP1727: 07/11/2010 10:01:19 - System Checkpoint
RP1728: 08/11/2010 19:10:52 - System Checkpoint
RP1729: 11/11/2010 08:21:39 - Software Distribution Service 3.0
RP1730: 13/11/2010 09:43:10 - System Checkpoint
RP1731: 14/11/2010 10:51:47 - System Checkpoint
RP1732: 15/11/2010 19:07:38 - System Checkpoint
RP1733: 20/11/2010 08:43:24 - System Checkpoint
RP1734: 21/11/2010 09:47:10 - System Checkpoint
RP1735: 25/11/2010 16:12:34 - System Checkpoint
RP1736: 26/11/2010 18:43:52 - System Checkpoint
RP1737: 28/11/2010 09:47:43 - System Checkpoint
RP1738: 29/11/2010 10:01:28 - Installed Avanquest MergeModules
RP1739: 29/11/2010 10:01:38 - Installed Fix-It Utilities 10 Professional
RP1740: 30/11/2010 20:08:54 - Installed DirectX
RP1741: 04/12/2010 12:39:38 - Removed Fix-It Utilities 10 Professional
RP1742: 06/12/2010 18:24:23 - System Checkpoint
RP1743: 09/12/2010 18:33:05 - ComboFix created restore point

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry® Media Sync
Bonjour
Broadcom Advanced Control Suite 2
Brother MFL-Pro Suite
BT Openworld Dell Signup
CM4
Dell Media Experience
Dell Solution Center
Digimax Master
DNA
Football Manager 2010
Football Manager 2011
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
OpenOffice.org Installer 1.0
PaperPort
Philips Digital Audio Player
PowerDVD 5.1
QuickTime
Roxio Media Manager
Safari
SafeCast Shared Components
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shareaza 2.5.2.0
Sky Broadband
Steam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
WinZip

==== Event Viewer Messages From Past Week ========

09/12/2010 18:37:13, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
09/12/2010 18:07:56, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00111137EEB1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
09/12/2010 18:05:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
09/12/2010 18:05:08, error: Service Control Manager [7023] - The COM+ Event System service terminated with the following error: %1 is not a valid Win32 application.
09/12/2010 18:05:08, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
09/12/2010 18:05:08, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %1 is not a valid Win32 application.
07/12/2010 18:11:58, error: Service Control Manager [7034] - The IAA Event Monitor service terminated unexpectedly. It has done this 1 time(s).
07/12/2010 18:11:58, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
07/12/2010 18:11:58, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
07/12/2010 18:11:58, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
07/12/2010 18:11:58, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/12/2010 21:54:44, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00111137EEB1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

I will now start to do the MBR fix and update with the log.

mackayg1, Dec 11, 2010

#23
mackayg1 Newcomer, in training Posts: 32

I downloaded NTBR, at first it wouldnt open with me just double clicking as the image error just kept coming up. So i opened it with winrar, then opened the folder with the same name. I double clicked on BurnitCD.cmd then the bad image error shows again

'DLL c:windows\system32\CLBCATQ.DLL is not a valid windows image' - then after clicking ok afew times it goes and another error message comes up 'windows cannot find 'BurnCDCC.exe' make sure you typed the name correctly, and then try again'.

mackayg1, Dec 11, 2010

#24
Broni Malware Annihilator Posts: 40,051 +187

You can create that CD on any other working computer, or you can use different approach....

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

exit

Reboot computer.

Post fresh MBRCheck log.

Broni, Dec 11, 2010

#25

mackayg1 Newcomer, in training Posts: 32

Fresh MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BAE000 \WINDOWS\system32\KDCOM.DLL
0xF7ABE000 \WINDOWS\system32\BOOTVID.dll
0xF75BA000 sptd.sys
0xF7BB0000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF75A2000 \WINDOWS\System32\Drivers\SPTD0029.SYS
0xF7574000 ACPI.sys
0xF7563000 pci.sys
0xF76AE000 isapnp.sys
0xF7C76000 pciide.sys
0xF792E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF76BE000 MountMgr.sys
0xF7544000 ftdisk.sys
0xF7936000 PartMgr.sys
0xF76CE000 VolSnap.sys
0xF752C000 atapi.sys
0xF74B9000 iaStor.sys
0xF76DE000 disk.sys
0xF76EE000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7499000 fltmgr.sys
0xF7443000 SYMDS.SYS
0xF7431000 sr.sys
0xF7404000 SYMEFA.SYS
0xF76FE000 PxHelp20.sys
0xF73ED000 KSecDD.sys
0xF7360000 Ntfs.sys
0xF7333000 NDIS.sys
0xF7319000 Mup.sys
0xF780E000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF5DD8000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF5DC4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF5D96000 \SystemRoot\System32\DRIVERS\b57xp32.sys
0xF7A6E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF5D72000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7A76000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF781E000 \SystemRoot\System32\DRIVERS\IntelC53.sys
0xF5D4F000 \SystemRoot\System32\DRIVERS\ks.sys
0xF5C28000 \SystemRoot\System32\DRIVERS\IntelC51.sys
0xF5B93000 \SystemRoot\System32\DRIVERS\IntelC52.sys
0xF7A7E000 \SystemRoot\System32\DRIVERS\mohfilt.sys
0xF7A86000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5AFD000 \SystemRoot\system32\drivers\smwdm.sys
0xF5AD9000 \SystemRoot\system32\drivers\portcls.sys
0xF782E000 \SystemRoot\system32\drivers\drmk.sys
0xF7BDE000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7A8E000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF783E000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7A96000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF5AC5000 \SystemRoot\System32\DRIVERS\parport.sys
0xF6D82000 \SystemRoot\System32\DRIVERS\serial.sys
0xF72D0000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6D72000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF6D62000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF6D52000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A9E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7D05000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7BE0000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF6D42000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF72C4000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF5AAE000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF6D32000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF6D22000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7AA6000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF5A9D000 \SystemRoot\System32\DRIVERS\psched.sys
0xF6D12000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7AAE000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7AB6000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7946000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF6D02000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7956000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7BE2000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF5A3F000 \SystemRoot\System32\DRIVERS\update.sys
0xF795E000 \SystemRoot\System32\DRIVERS\omci.sys
0xF72B0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF78EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF790E000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7BEE000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7240000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAE76E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xAEB08000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7C6E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xACE42000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C64000 \SystemRoot\System32\Drivers\Beep.SYS
0xAE52A000 \SystemRoot\System32\drivers\vga.sys
0xF7C66000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAE522000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAE51A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAEB04000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xAAE80000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xAAE27000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xAADD0000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
0xAADAA000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xAE6D8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAAD85000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xAAD2D000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101208.001\IDSxpx86.sys
0xAAD05000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAE754000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAACE3000 \SystemRoot\System32\drivers\afd.sys
0xAE6C8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAACC4000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0xAE750000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xAE698000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xAE50A000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xAE502000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA72F8000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0xA5ECC000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA5E52000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xA72E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8031000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xA775D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xA802D000 \SystemRoot\System32\Drivers\BrScnUsb.sys
0xA7755000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA5DF4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA5DD7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA5D58000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0xA5CAC000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
0xA6DB5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA5C39000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7B83000 \SystemRoot\System32\drivers\Dxapi.sys
0xA6B13000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7DE0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF083000 \SystemRoot\System32\ati3duag.dll
0xBF257000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAEB0C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA4BBC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7BF8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA4C09000 \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS
0xA4B14000 \SystemRoot\System32\DRIVERS\srv.sys
0xACD46000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xADEF0000 \SystemRoot\system32\drivers\sysaudio.sys
0xA486E000 \SystemRoot\system32\drivers\kmixer.sys
0xA4791000 \SystemRoot\system32\drivers\wdmaud.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
644 C:\WINDOWS\SYSTEM32\smss.exe
700 csrss.exe
724 C:\WINDOWS\SYSTEM32\winlogon.exe
772 C:\WINDOWS\SYSTEM32\services.exe
784 C:\WINDOWS\SYSTEM32\lsass.exe
960 C:\WINDOWS\SYSTEM32\ati2evxx.exe
976 C:\WINDOWS\SYSTEM32\svchost.exe
1048 svchost.exe
1144 C:\WINDOWS\SYSTEM32\svchost.exe
1212 svchost.exe
1344 svchost.exe
1480 C:\WINDOWS\SYSTEM32\brsvc01a.exe
1512 C:\WINDOWS\SYSTEM32\spoolsv.exe
1520 C:\WINDOWS\SYSTEM32\brss01a.exe
1764 svchost.exe
1796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1808 C:\Program Files\Bonjour\mDNSResponder.exe
1836 C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
1876 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
1904 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
264 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
460 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
236 C:\WINDOWS\SYSTEM32\svchost.exe
296 wdfmgr.exe
352 C:\WINDOWS\SYSTEM32\fxssvc.exe
804 C:\WINDOWS\SYSTEM32\wuauclt.exe
2108 wmiprvse.exe
2288 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
2304 C:\WINDOWS\explorer.exe
2580 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
2588 C:\Program Files\Dell\Media Experience\PCMService.exe
2612 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2644 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
2688 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
2696 C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
2708 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
2780 C:\WINDOWS\SYSTEM32\ctfmon.exe
3068 C:\Documents and Settings\gary\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.05

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

mackayg1, Dec 13, 2010

#26

Broni Malware Annihilator Posts: 40,051 +187
Good job

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File:: c:\windows\system32\drivers\SBREdrv.sys c:\docume~1\gary\LOCALS~1\Temp\kbeepm.sys Folder:: c:\program files\Common Files\AntiVirus Driver:: SBRE kbeepm Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Broni, Dec 13, 2010

#27
mackayg1 Newcomer, in training Posts: 32

Combo Fix Log:

ComboFix 10-12-14.01 - gary 14/12/2010 18:04:42.2.2 - x86
Running from: c:\documents and settings\gary\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\gary\Desktop\CFScript.txt

FILE ::
"c:\docume~1\gary\LOCALS~1\Temp\kbeepm.sys"
"c:\windows\system32\drivers\SBREdrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\AntiVirus
c:\program files\Common Files\AntiVirus\Definitions\acertdefs0.std
c:\program files\Common Files\AntiVirus\Definitions\adsrules.dat
c:\program files\Common Files\AntiVirus\Definitions\AdviceTx.vdx
c:\program files\Common Files\AntiVirus\Definitions\api0.std
c:\program files\Common Files\AntiVirus\Definitions\apincl.dat
c:\program files\Common Files\AntiVirus\Definitions\apprules.dat
c:\program files\Common Files\AntiVirus\Definitions\bhmem.vtd
c:\program files\Common Files\AntiVirus\Definitions\bhsl.vtd
c:\program files\Common Files\AntiVirus\Definitions\bmem.vtd
c:\program files\Common Files\AntiVirus\Definitions\CatDesc.vdx
c:\program files\Common Files\AntiVirus\Definitions\CatID.vdx
c:\program files\Common Files\AntiVirus\Definitions\cblk.vtd
c:\program files\Common Files\AntiVirus\Definitions\cmem.vtd
c:\program files\Common Files\AntiVirus\Definitions\cname.wtd
c:\program files\Common Files\AntiVirus\Definitions\comp0.std
c:\program files\Common Files\AntiVirus\Definitions\Cookies.vdx
c:\program files\Common Files\AntiVirus\Definitions\CoreVer.txt
c:\program files\Common Files\AntiVirus\Definitions\ctid.vtd
c:\program files\Common Files\AntiVirus\Definitions\defs0.std
c:\program files\Common Files\AntiVirus\Definitions\DefVer.txt
c:\program files\Common Files\AntiVirus\Definitions\EPSigs.vdx
c:\program files\Common Files\AntiVirus\Definitions\FastSigs.vdx
c:\program files\Common Files\AntiVirus\Definitions\FileDT.vdx
c:\program files\Common Files\AntiVirus\Definitions\FolderDT.vdx
c:\program files\Common Files\AntiVirus\Definitions\fsigs.vdx
c:\program files\Common Files\AntiVirus\Definitions\hcol.wtd
c:\program files\Common Files\AntiVirus\Definitions\heur0.std
c:\program files\Common Files\AntiVirus\Definitions\HistoryCleaner.xml
c:\program files\Common Files\AntiVirus\Definitions\hstn.vtd
c:\program files\Common Files\AntiVirus\Definitions\idsrules.dat
c:\program files\Common Files\AntiVirus\Definitions\ih.vdx
c:\program files\Common Files\AntiVirus\Definitions\IncompatiblePrograms.dll
c:\program files\Common Files\AntiVirus\Definitions\incompats.dat
c:\program files\Common Files\AntiVirus\Definitions\ip.vtd
c:\program files\Common Files\AntiVirus\Definitions\JSSigs.vdx
c:\program files\Common Files\AntiVirus\Definitions\kbu.dat
c:\program files\Common Files\AntiVirus\Definitions\kbu.dll
c:\program files\Common Files\AntiVirus\Definitions\lgpl.dll
c:\program files\Common Files\AntiVirus\Definitions\lib7zip.dll
c:\program files\Common Files\AntiVirus\Definitions\libBase64.dll
c:\program files\Common Files\AntiVirus\Definitions\libCHM.dll
c:\program files\Common Files\AntiVirus\Definitions\LIBEMAIL.DLL
c:\program files\Common Files\AntiVirus\Definitions\libMsi.dll
c:\program files\Common Files\AntiVirus\Definitions\libNSIS.dll
c:\program files\Common Files\AntiVirus\Definitions\Libolea.dll
c:\program files\Common Files\AntiVirus\Definitions\libRar.dll
c:\program files\Common Files\AntiVirus\Definitions\LIBTD.DLL
c:\program files\Common Files\AntiVirus\Definitions\libVvs.dll
c:\program files\Common Files\AntiVirus\Definitions\libZip.dll
c:\program files\Common Files\AntiVirus\Definitions\macroptn.std
c:\program files\Common Files\AntiVirus\Definitions\MFastSigs.vdx
c:\program files\Common Files\AntiVirus\Definitions\mime0.std
c:\program files\Common Files\AntiVirus\Definitions\networkrules.dat
c:\program files\Common Files\AntiVirus\Definitions\pack0.std
c:\program files\Common Files\AntiVirus\Definitions\patchw32.dll
c:\program files\Common Files\AntiVirus\Definitions\qscnf.vdx
c:\program files\Common Files\AntiVirus\Definitions\qscnr.vdx
c:\program files\Common Files\AntiVirus\Definitions\RegDT.vdx
c:\program files\Common Files\AntiVirus\Definitions\rem0.std
c:\program files\Common Files\AntiVirus\Definitions\remediation.dll
c:\program files\Common Files\AntiVirus\Definitions\RootCA.wtd
c:\program files\Common Files\AntiVirus\Definitions\RTmem.vdx
c:\program files\Common Files\AntiVirus\Definitions\SBFC.dat
c:\program files\Common Files\AntiVirus\Definitions\SBSP.dat
c:\program files\Common Files\AntiVirus\Definitions\SBTS.dat
c:\program files\Common Files\AntiVirus\Definitions\SBWL.dat
c:\program files\Common Files\AntiVirus\Definitions\script0.std
c:\program files\Common Files\AntiVirus\Definitions\sdll0.std
c:\program files\Common Files\AntiVirus\Definitions\sel.dat
c:\program files\Common Files\AntiVirus\Definitions\smim0.std
c:\program files\Common Files\AntiVirus\Definitions\ThreatCategoryGlossary.xml
c:\program files\Common Files\AntiVirus\Definitions\ThreatCategoryGlossary.xsd
c:\program files\Common Files\AntiVirus\Definitions\ThreatDT.vdx
c:\program files\Common Files\AntiVirus\Definitions\ThreatID.vdx
c:\program files\Common Files\AntiVirus\Definitions\TImem.vdx
c:\program files\Common Files\AntiVirus\Definitions\unpck0.std
c:\program files\Common Files\AntiVirus\Definitions\vcore.dll
c:\program files\Common Files\AntiVirus\Definitions\VVSSigs.vdx
c:\program files\Common Files\AntiVirus\Definitions\white.wtd
c:\program files\Common Files\AntiVirus\Definitions\white0.std
c:\program files\Common Files\AntiVirus\Definitions\whmem.wtd
c:\program files\Common Files\AntiVirus\Definitions\whsl.wtd
c:\program files\Common Files\AntiVirus\Definitions\wmem.wtd
c:\program files\Common Files\AntiVirus\SBAMConfig.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KBEEPM
-------\Legacy_SBRE
-------\Service_kbeepm
-------\Service_SBRE

((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-05 18:32 . 2010-12-05 18:32 -------- d-----w- c:\documents and settings\gary\Application Data\Malwarebytes
2010-12-05 18:31 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:31 . 2010-12-05 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 18:31 . 2010-12-05 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:31 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 20:47 . 2010-11-30 20:47 -------- d-----w- c:\documents and settings\gary\Local Settings\Application Data\Sports Interactive
2010-11-29 12:26 . 2010-11-29 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-11-29 10:08 . 2010-11-29 10:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2010-11-29 10:05 . 2010-11-29 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest
2010-11-29 10:03 . 2010-12-04 12:39 -------- d-----w- C:\_Backup
2010-11-29 10:02 . 2010-11-29 10:52 -------- d-----w- c:\documents and settings\gary\Application Data\Avanquest
2010-11-29 10:01 . 2010-11-29 10:01 -------- d-----w- c:\program files\Avanquest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-26 21:42 . 2010-10-26 21:42 53248 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}\ARPPRODUCTICON.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-10-26 21:10 . 2010-10-26 21:10 69632 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\DesktopMgr.exe
2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-10-26 21:10 . 2010-10-26 21:10 49152 ----a-r- c:\documents and settings\gary\Application Data\Microsoft\Installer\{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-10-13 13:58 . 2010-10-04 17:44 1139200 ----a-w- c:\windows\bsdsetup.dll
2010-09-18 11:23 . 2002-08-29 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-08-29 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-29 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-29 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\gary\Start Menu\Programs\Startup\AutorunsDisabled
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-7-23 1819992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-7-15 802816]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=

R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2006-11-09 2560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2005-12-27 664064]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-21 102448]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101210.001\IDSxpx86.sys [2010-11-09 341944]

.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-12-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - doreen.job
- c:\program files\Norton Internet Security\Engine\17.8.0.5\navw32.exe [2010-09-24 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Search with Freeserve - c:\progra~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD}
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 18:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST316002 rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x867C7B78]<<
_asm { MOV EAX, 0x867c7a98; XCHG [ESP], EAX; PUSH EAX; PUSH 0x867a1a74; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8677EAB8]
\Driver\Disk[0x8674F910] -> IRP_MJ_CREATE -> 0x867C7B78
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x867c7b78
\Driver\iaStor -> 0x867c7e30
user & kernel MBR OK
Warning: possible MBR rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\Port Vale.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009e3e
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="44-0140-40FF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"HistoryDir"="c:\\Documents and Settings\\gary\\My Documents\\Sports Interactive\\Football Manager 2010\\FM Genie Scout 10\\History Points"

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000000
"WindowState"=dword:00000000
"WindowHeight"=dword:000002e2
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:00000042
"WindowTop"=dword:0000003f
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:0000000f
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000010
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000011
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000012
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000013
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000014
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000015
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000016
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000017
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000018
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000019
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001a
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001b
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001c
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001d
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001e
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001f
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000020
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000021
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000022
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000023
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000024
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000025
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000026
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000027
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000028
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:00000029
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:0000002a
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002b
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:0000002c
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002d
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:0000002e
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:0000002f
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:00000030
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000031
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000032
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000033
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000034
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:00000035
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:00000036
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:00000037
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:00000038
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:00000039
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003a
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:0000003b
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:0000003c
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:0000003d
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:0000003e
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:0000003f
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000040
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000041
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000042
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000043
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:00000044
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:00000045
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:00000046
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:00000047
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:00000048
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000049
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000004a
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:0000004b
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:0000004c
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:0000004d
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:0000004e
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:0000004f
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000050
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000051
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000052
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000053
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000054
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:00000055
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:00000056
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:00000057
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:00000058
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000059
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000005a
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:0000005b
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:0000005c
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:0000005d
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:0000005e
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:0000005f
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000060
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000061
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000062
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000063
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000064
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:00000065
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:00000066
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:00000067
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:00000068
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000069
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000006a
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:0000006b
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:0000006c
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:0000006d
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:0000006e
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000006f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000070
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:00000071
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000072
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000073
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000074
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:0000000a
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:0000000a
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028

mackayg1, Dec 14, 2010

#28
mackayg1 Newcomer, in training Posts: 32

continued:

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000069
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006c
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000067
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:00000068
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000068
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000067
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009b76
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="44-0140-40FF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-3298848140-1881262419-2955372717-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="44-0140-40FF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:1c,38,a1,f5,06,54,25,8c,18,fc,be,1c,62,1b,3b,ab,86,42,f1,81,d3,98,17,
3b,1b,c9,98,e1,90,f0,88,8d,23,fc,2b,f5,2c,20,cd,7c,16,5f,bd,77,8b,9e,26,bb,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:59,c8,db,4e,44,81,2c,dd
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\drivers\CDAC11BA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-12-14 18:30:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-14 18:30
ComboFix2.txt 2010-12-09 20:24

Pre-Run: 112,358,924,288 bytes free
Post-Run: 112,261,578,752 bytes free

- - End Of File - - 50C8005DA41D62BB901C4BC161018C82

mackayg1, Dec 14, 2010

#29
Broni Malware Annihilator Posts: 40,051 +187
Looks good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Dec 14, 2010

#30
mackayg1 Newcomer, in training Posts: 32

The computer is running alot better but that error message still comes up quite often when im trying to run programmes.

I will run the OTL now.

Thanks for all your support its been amazing

mackayg1, Dec 15, 2010

#31
Broni Malware Annihilator Posts: 40,051 +187

You're very welcome

Broni, Dec 15, 2010

#32
mackayg1 Newcomer, in training Posts: 32

OTL Log:

OTL logfile created on: 15/12/2010 18:05:32 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\gary\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 536.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.48 Gb Total Space | 104.58 Gb Free Space | 71.89% Space Free | Partition Type: NTFS

Computer Name: D6M2681J | User Name: gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/17 16:42:32 | 000,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2005/03/17 13:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/11/10 18:23:45 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
PRC - [2004/03/23 11:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 11:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brsvc01a.exe
PRC - [2001/12/12 23:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brss01a.exe

========== Modules (SafeList) ==========

MOD - [2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
MOD - [2010/09/20 19:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 07:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 07:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2006/11/09 22:06:17 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2004/11/10 18:23:45 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2004/03/23 11:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/12/09 18:17:44 | 001,360,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101214.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/09 18:17:44 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101214.001\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/09 00:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101210.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/04 00:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/21 12:47:19 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/21 12:47:19 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/21 12:03:12 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 04:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 05:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 03:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 02:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 02:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/04 01:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/12/27 20:17:52 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2005/12/27 20:16:01 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/11/10 18:23:44 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 05:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 05:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 05:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 05:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 05:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 05:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 05:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 05:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 05:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 05:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 05:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/05/25 22:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/23 11:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/12 10:01:44 | 000,053,168 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2002/11/12 10:01:42 | 000,748,544 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/08/22 10:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/08/21 12:23:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/12/14 18:23:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/11/13 08:39:31 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\gary\Start Menu\Programs\Startup\AutorunsDisabled [2010/11/13 08:39:35 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102070229218 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191600504750 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: 193
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 06:41:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/12/15 18:04:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
[2010/12/14 18:52:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/09 18:41:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/09 18:32:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/09 18:32:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/09 18:32:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/09 18:32:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/09 18:32:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/09 18:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/05 18:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Malwarebytes
[2010/12/05 18:31:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/05 18:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/05 18:31:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/05 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/05 18:30:08 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.0.0.exe
[2010/11/30 20:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Local Settings\Application Data\Sports Interactive
[2010/11/29 12:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/29 10:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BVRP Software
[2010/11/29 10:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/11/29 10:03:45 | 000,000,000 | R--D | C] -- C:\_Backup.RC
[2010/11/29 10:03:42 | 000,000,000 | ---D | C] -- C:\_Backup
[2010/11/29 10:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gary\Application Data\Avanquest
[2010/11/29 10:01:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/29 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe
[2010/12/15 17:57:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/15 17:57:29 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/14 18:23:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/12/14 17:57:44 | 003,989,579 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
[2010/12/12 21:14:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/09 18:41:16 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2010/12/06 20:00:10 | 000,000,738 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - doreen.job
[2010/12/05 18:31:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 18:30:08 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/01 20:44:49 | 027,519,836 | ---- | M] () -- C:\Documents and Settings\gary\My Documents\RD5 - Final.rar
[2010/11/30 20:08:22 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2011.lnk
[2010/11/29 22:50:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/29 22:50:23 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/11/29 22:50:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 14:16:51 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2010/11/29 12:42:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 10:22:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/09 18:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/09 18:41:13 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/09 18:32:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/09 18:32:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/09 18:32:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/09 18:32:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/09 18:32:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/09 18:21:12 | 003,989,579 | R--- | C] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
[2010/12/05 18:31:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/01 20:44:47 | 027,519,836 | ---- | C] () -- C:\Documents and Settings\gary\My Documents\RD5 - Final.rar
[2010/11/30 20:08:21 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2011.lnk
[2010/11/29 11:56:51 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2009/09/11 14:28:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2007/07/22 12:53:23 | 000,001,072 | ---- | C] () -- C:\Documents and Settings\gary\Application Data\filterclsid.dat
[2007/07/21 16:46:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/07/11 17:05:45 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/05/12 17:49:18 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/12 17:49:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/09 22:06:18 | 000,000,825 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2006/11/09 22:06:17 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2006/08/03 20:21:03 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/07/15 14:29:31 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/15 14:29:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/07/15 14:29:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/07/15 13:24:43 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/05/14 12:30:52 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/10 12:00:30 | 000,402,736 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2006/04/08 16:10:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/16 22:38:34 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/12/27 20:16:01 | 000,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2005/12/27 20:16:01 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0029.sys

mackayg1, Dec 16, 2010

#33
mackayg1 Newcomer, in training Posts: 32

OTL Log continued:

[2005/06/28 17:32:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/12 22:02:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/23 12:24:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/01/23 12:24:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/01/03 14:21:41 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/12 12:07:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/25 18:43:08 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/09/07 10:14:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/07 10:09:12 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/07 10:04:25 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/07 09:53:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/07 09:34:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/05 20:16:12 | 000,498,688 | ---- | C] () -- C:\WINDOWS\System32\clbcatq.dll
[2002/09/03 07:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/29 04:00:00 | 000,792,064 | ---- | C] () -- C:\WINDOWS\System32\comres.dll
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1979/12/31 23:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/11/29 10:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/10/04 17:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/11/29 12:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/25 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/11/02 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/12/20 16:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/10/26 21:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/08/15 19:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ringo
[2006/07/15 13:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/15 15:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/12/01 21:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/09/07 10:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/12 12:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/28 19:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/03/19 22:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Atari
[2010/11/29 10:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Avanquest
[2010/10/04 17:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\BSD
[2010/08/28 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\DNA
[2010/02/24 18:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\FUJIFILM
[2006/04/30 12:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\funkitron
[2010/03/15 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\iolo
[2004/11/02 08:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Leadertech
[2006/03/11 13:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Microgaming
[2010/10/26 21:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Research In Motion
[2007/07/21 16:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Samsung
[2009/02/08 09:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Shareaza
[2010/11/30 20:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Sports Interactive
[2004/11/04 18:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Template
[2010/07/31 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Tific

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/29 22:50:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/09 18:41:16 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 07:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2007/07/21 16:46:48 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2010/12/14 18:30:07 | 000,072,143 | ---- | M] () -- C:\ComboFix.txt
[2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/07/21 16:17:15 | 000,000,000 | ---- | M] () -- C:\conmgr.log
[2004/09/07 09:44:32 | 000,005,340 | RH-- | M] () -- C:\DELL.SDR
[2010/12/15 17:57:29 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/09/07 10:13:01 | 000,000,881 | -H-- | M] () -- C:\IPH.PH
[2006/09/02 11:13:29 | 000,020,946 | ---- | M] () -- C:\log.txt
[2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2010/11/29 22:50:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/29 22:50:23 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/12/15 17:57:28 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
[2010/08/18 19:40:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/08/18 19:46:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/08/18 19:56:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/08/18 20:08:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/08/18 20:45:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/08/21 07:28:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/08/04 19:08:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/08/05 06:52:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/08/05 17:49:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/08/08 15:32:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/08/09 18:06:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/08/11 21:53:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/08/12 06:54:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/08/12 20:54:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/08/15 07:23:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/08/16 21:03:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/08/17 06:44:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/08/17 21:51:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/08/18 19:25:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/08/18 19:38:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/08/18 19:40:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/08/18 19:46:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/08/18 19:56:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/08/18 20:08:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/08/18 20:45:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/08/21 07:28:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/08/04 19:08:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/08/05 06:52:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/08/05 17:49:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/08/08 15:32:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/08/09 18:06:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/08/11 21:53:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/08/12 06:54:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/08/12 20:54:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/08/15 07:23:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/08/16 21:03:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/08/17 06:44:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/08/17 21:51:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/08/18 19:25:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/08/18 19:38:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/12/07 18:06:06 | 000,053,634 | ---- | M] () -- C:\TDSSKiller.2.4.10.1_07.12.2010_18.04.41_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2002/09/03 07:59:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/08 23:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\brmfpp1.dll
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2001/11/20 13:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\ppbiPr.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/07/18 21:40:16 | 000,843,776 | ---- | M] () -- C:\WINDOWS\Ringo Screensaver.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/03/28 12:41:38 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2002/09/03 07:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 07:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 07:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/27 16:32:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/07/11 07:32:12 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/10/25 18:39:33 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/14 17:57:44 | 003,989,579 | R--- | M] () -- C:\Documents and Settings\gary\Desktop\ComboFix.exe
[2010/03/07 11:36:53 | 188,960,768 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\FM2010_v10.3.0_PC_Patch.exe
[2010/11/13 11:30:19 | 180,137,984 | ---- | M] () -- C:\Documents and Settings\gary\Desktop\fm2011v11.1.1_pc_dit_patch.exe
[2007/05/21 18:38:05 | 037,873,216 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\gary\Desktop\iTunesSetup2.exe
[2010/12/05 18:30:08 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gary\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/15 18:04:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gary\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/10/26 20:37:16 | 272,322,392 | ---- | M] () -- C:\Documents and Settings\gary\My Documents\501_b082_multilanguage.exe
[2010/10/06 10:14:00 | 000,729,464 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\gary\My Documents\autoruns.exe
[2010/10/06 10:13:50 | 000,594,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\gary\My Documents\autorunsc.exe
[2009/06/07 19:46:15 | 000,556,192 | ---- | M] (Google Inc.) -- C:\Documents and Settings\gary\My Documents\GoogleEarthPluginSetup.exe
[2006/07/25 18:11:47 | 059,310,760 | ---- | M] (Apple Computer, Inc. ) -- C:\Documents and Settings\gary\My Documents\iPodSetup2.exe
[2009/05/25 18:18:48 | 074,302,760 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\gary\My Documents\iTunesSetup8.1.exe
[2009/02/24 19:42:02 | 001,228,648 | ---- | M] (Registry Fix ) -- C:\Documents and Settings\gary\My Documents\registryfix.exe
[2009/02/08 09:43:05 | 006,745,696 | ---- | M] (Shareaza Development Team ) -- C:\Documents and Settings\gary\My Documents\Shareaza_2.4.0.0.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2002/08/29 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/07/11 07:32:12 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\gary\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Prison Tycoon 2 Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/15 19:30:58 | 000,573,440 | ---- | M] () -- C:\Documents and Settings\gary\Cookies\INDEX.DAT

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 00:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 09:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 09:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 09:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 09:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
[2002/12/17 09:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 09:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 09:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 09:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 18:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\gary\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC

< End of report >

mackayg1, Dec 16, 2010

#34
mackayg1 Newcomer, in training Posts: 32

OTL Extras logfile created on: 15/12/2010 18:05:32 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\gary\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 536.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.48 Gb Total Space | 104.58 Gb Free Space | 71.89% Space Free | Partition Type: NTFS

Computer Name: D6M2681J | User Name: gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:EnabledNA -- (BitTorrent, Inc.)
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe" = C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}" = BT Openworld Dell Signup
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}" = BlackBerry Desktop Software 5.0.1
"{572F2464-AB8F-4D1C-B934-FD133E6B7CA2}" = Philips Digital Audio Player
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ATI Display Driver" = ATI Display Driver
"BlackBerry_{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}" = BlackBerry Desktop Software 5.0.1
"CdaC13Ba" = SafeCast Shared Components
"Football Manager 2010" = Football Manager 2010
"Football Manager 2011" = Football Manager 2011
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Shareaza_is1" = Shareaza 2.5.2.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/12/2010 13:57:15 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 08/12/2010 18:20:26 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 09/12/2010 14:04:08 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 11/12/2010 05:28:37 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 12/12/2010 17:15:40 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 13/12/2010 14:27:48 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 13/12/2010 14:51:51 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 14/12/2010 13:48:14 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 14/12/2010 14:23:52 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

Error - 15/12/2010 13:58:19 | Computer Name = D6M2681J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800700c1.

< End of report >

mackayg1, Dec 16, 2010

#35
Broni Malware Annihilator Posts: 40,051 +187
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - Reg Error: Value error. File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2004/09/07 10:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\gary\My Documents\Shareaza Downloads:Shareaza.GUID @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Dec 16, 2010

#36
mackayg1 Newcomer, in training Posts: 32

I downloaded the latest java and removed the old ones.

When i run the runfix from OTL it runs but then the image error comes up again and OTL scan doesnt go any further. I left it for some time and it still hadnt gone any further and the error message doesnt leave either.

Should i try something else or skip this point and go and download security check?

Thanks

Gary

mackayg1, Dec 20, 2010

#37
Broni Malware Annihilator Posts: 40,051 +187

Try to run OTL fix with your AV program disabled, or from Safe Mode.

Broni, Dec 20, 2010

#38
mackayg1 Newcomer, in training Posts: 32

I have tried to run OTL again this time with out my anti virus on and in safe mode. im still getting the same thing. OTL runs and I put in the run fix and click it. it begins but then the error message comes up again and OTL then just stops and the error message doesnt leave!!

any ideas?

Thanks

mackayg1, Dec 21, 2010

#39
Broni Malware Annihilator Posts: 40,051 +187

Delete your OTL file, download fresh one and try again.

Broni, Dec 21, 2010

#40

Page 2 of 3

Topic Status:: Not open for further replies.

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.