Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with sdra64.exe (running Vista)


  • This topic is locked This topic is locked
10 replies to this topic

#1 trishk1988

trishk1988

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 17 October 2009 - 09:57 AM

Hi people, :(

I've been infected with this extremely bothersome malware for quite a while now, and it's a nightmare to get rid of.

Following guides on the internet to remove it have proved pointless - as they all talk about accessing the HKEY through the regedit program in order to remove it. However I am running Vista, and Spybot S&D has showed me that the location of the file is along the ..Appdata\Roaming\sdra64.exe path.

Another thing. I had a problem running Rootrepeal, which kept throwing up the following error messages:

"FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000dc)
Could not initialise driver. Please contact the author."

Anyhoo, the dds.txt report is below. Thank you so much for your help in advance - this thing's becoming a headache quickly!

:(

=============================================

DDS (Ver_09-10-13.01) - NTFSx86
Run by Amrit at 14:03:04.45 on 17/10/2009
Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.44.1033.18.1014.148 [GMT 1:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: ESET Smart Security 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\ProgramData\SeekService\seekservice129.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SeekService\seekservice.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Users\Amrit\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amrit\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
uSEARCH PAGE = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {140BD8E3-C167-11D4-B4A3-080000180323} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: : {a6984c00-c6eb-11d4-b4a4-080000180323} - c:\progra~1\rapidown\rapi310.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} -
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [?????????] ??????????????e
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [audio deaf] "c:\programdata\SETUP LOCKS LOCKS.3f44ddf"
uRun: [userinit] c:\users\amrit\appdata\roaming\sdra64.exe
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [THGuard] "c:\program files\trojanhunter 4.7\THGuard.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Flashget] "c:\program files\flashget\FlashGet.exe" /min
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\amrit\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\r3hook.dll c:\progra~1\kasper~1\kasper~1.0\adialhk.dll eNetHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath - c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2008-8-26 162432]
R2 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2008-8-26 12032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-9-9 600912]
R2 SeekService Service;SeekService Service;c:\programdata\seekservice\seekservice129.exe [2009-10-10 54784]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-3-31 5120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 FBUUQLYVFR;FBUUQLYVFR; [x]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-9-14 80744]

=============== Created Last 30 ================

2009-10-17 13:06 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 13:06 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-17 13:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 13:52 <DIR> --d----- c:\programdata\WEBREG
2009-10-16 13:52 <DIR> --d----- c:\progra~2\WEBREG
2009-10-16 13:30 <DIR> --d----- c:\programdata\HPSSUPPLY
2009-10-16 13:09 <DIR> --d----- c:\program files\common files\HP
2009-10-16 12:54 117,760 a------- c:\windows\system32\hpzll4v2.dll
2009-10-16 12:51 <DIR> --d----- c:\program files\HP
2009-10-16 12:49 133,481 a------- c:\windows\hppins20.dat
2009-10-16 12:48 <DIR> --d----- c:\programdata\HP
2009-10-16 12:48 258,048 a------- c:\windows\system32\SETB891.tmp
2009-10-16 12:48 16,655 a------- c:\windows\hppmdl20.dat
2009-10-15 20:39 832,512 a------- c:\windows\system32\wininet.dll
2009-10-15 20:39 389,120 a------- c:\windows\system32\html.iec
2009-10-15 20:34 216,576 a------- c:\windows\system32\msv1_0.dll
2009-10-15 20:29 3,467,864 a------- c:\windows\system32\ntoskrnl.exe
2009-10-15 20:29 3,502,152 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-15 20:28 428,032 a------- c:\windows\system32\EncDec.dll
2009-10-15 20:28 292,352 a------- c:\windows\system32\psisdecd.dll
2009-10-15 20:28 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-15 20:28 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-10-15 20:28 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-15 20:28 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-10-15 20:28 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-10-15 20:28 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-10-15 20:27 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-15 20:27 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-10-15 20:27 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 00:34 <DIR> --d----- c:\programdata\14346422
2009-10-13 00:34 <DIR> --d----- c:\progra~2\14346422
2009-10-10 20:00 <DIR> --d----- c:\programdata\SeekService
2009-10-10 20:00 <DIR> --d----- c:\program files\SeekService
2009-10-10 20:00 <DIR> --d----- c:\progra~2\SeekService
2009-10-10 19:59 <DIR> --d----- c:\program files\Free Video To Audio Converter
2009-10-08 21:04 <DIR> --d----- c:\programdata\67810224
2009-10-08 21:04 <DIR> --d----- c:\progra~2\67810224
2009-10-02 22:02 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-27 13:08 <DIR> --d----- c:\users\amrit\appdata\roaming\URSoft
2009-09-27 13:08 <DIR> --d----- c:\program files\Your Uninstaller 2008
2009-09-26 22:06 <DIR> --d----- c:\users\amrit\appdata\roaming\ESET
2009-09-26 22:01 <DIR> --d----- c:\programdata\ESET
2009-09-26 19:11 <DIR> --d----- c:\programdata\Sky
2009-09-26 19:11 <DIR> --d----- c:\program files\Sky
2009-09-26 19:11 <DIR> --d----- c:\progra~2\Sky
2009-09-26 16:13 <DIR> --d----- C:\SDFix
2009-09-26 15:40 <DIR> --d----- c:\users\amrit\appdata\roaming\Malwarebytes
2009-09-26 15:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-26 15:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-22 21:43 <DIR> --d----- c:\users\amrit\appdata\roaming\Desktopicon
2009-09-22 21:42 <DIR> --d----- c:\program files\Unlocker

==================== Find3M ====================

2009-10-16 13:01 86,016 a------- c:\windows\inf\infpub.dat
2009-10-16 13:01 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-16 13:00 86,016 a------- c:\windows\inf\infstor.dat
2009-09-26 21:50 81,984 a------- c:\windows\system32\bdod.bin
2009-08-29 04:41 1,686,528 a------- c:\windows\system32\gameux.dll
2009-08-29 04:40 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-29 04:40 449,024 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 04:40 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 04:40 2,143,744 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 04:40 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 00:31 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:15 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-27 14:57 56,320 a------- c:\windows\system32\iesetup.dll
2009-08-27 14:57 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-27 14:57 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-08-27 14:56 72,704 a------- c:\windows\system32\admparse.dll
2009-08-27 12:24 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-27 10:51 48,128 a------- c:\windows\system32\mshtmler.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-16 00:58 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-16 00:54 416,768 a------- c:\windows\system32\IKEEXT.DLL
2009-08-16 00:54 543,232 a------- c:\windows\system32\FWPUCLNT.DLL
2009-08-16 00:53 317,440 a------- c:\windows\system32\BFE.DLL
2009-08-15 22:30 22,016 a------- c:\windows\system32\netiougc.exe
2009-08-14 17:40 103,936 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:40 15,360 a------- c:\windows\system32\netevent.dll
2009-08-14 15:25 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:25 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:25 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:25 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:25 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:25 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:25 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2008-12-23 04:34 174 a--sh--- c:\program files\desktop.ini
2008-08-07 13:37 87,608 a------- c:\users\amrit\appdata\roaming\inst.exe
2008-08-07 13:37 47,360 a------- c:\users\amrit\appdata\roaming\pcouffin.sys
2008-06-11 11:54 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-22 13:46 87,608 a------- c:\users\amrit\appdata\roaming\ezpinst.exe
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:47 77,312 a----r-- c:\users\amrit\appdata\roaming\sdra64.exe
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-16 00:27 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-16 00:27 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-16 00:27 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2006-05-03 11:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-08-19 14:56 581,664 a--sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 14:05:19.88 ===============

Edited by trishk1988, 17 October 2009 - 09:58 AM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:04 PM

Posted 29 October 2009 - 01:25 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 trishk1988

trishk1988
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 October 2009 - 03:24 AM

Hi Blade thanks so much for replying! :( The fresh DDS log is below.

=====================================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Amrit at 8:18:39.91 on 29/10/2009
Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1014.87 [GMT 0:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: ESET Smart Security 3.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\ProgramData\SeekService\seekservice133.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\SeekService\seekservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Users\Amrit\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Amrit\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
uSEARCH PAGE = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {140BD8E3-C167-11D4-B4A3-080000180323} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: : {a6984c00-c6eb-11d4-b4a4-080000180323} - c:\progra~1\rapidown\rapi310.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} -
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [?????????] ??????????????e
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [audio deaf] "c:\programdata\SETUP LOCKS LOCKS.3f44ddf"
uRun: [userinit] c:\users\amrit\appdata\roaming\sdra64.exe
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [THGuard] "c:\program files\trojanhunter 4.7\THGuard.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Flashget] "c:\program files\flashget\FlashGet.exe" /min
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\amrit\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\r3hook.dll c:\progra~1\kasper~1\kasper~1.0\adialhk.dll eNetHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath - c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2008-8-26 162432]
R2 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2008-8-26 12032]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-3-31 5120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 FBUUQLYVFR;FBUUQLYVFR; [x]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-9-14 80744]

=============== Created Last 30 ================

2009-10-27 20:05:37 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:05:33 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-27 20:05:27 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-27 20:05:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-27 20:05:16 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-17 13:11:45 0 ----a-w- c:\windows\system32\settings.dat
2009-10-17 12:06:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 12:06:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 12:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 12:52:39 0 d-----w- c:\programdata\WEBREG
2009-10-16 12:30:08 0 d-----w- c:\programdata\HPSSUPPLY
2009-10-16 12:09:51 0 d-----w- c:\program files\common files\HP
2009-10-16 11:54:08 117760 ----a-w- c:\windows\system32\hpzll4v2.dll
2009-10-16 11:51:16 0 d-----w- c:\program files\HP
2009-10-16 11:49:04 133481 ----a-w- c:\windows\hppins20.dat
2009-10-16 11:48:50 0 d-----w- c:\programdata\HP
2009-10-16 11:48:35 258048 ----a-w- c:\windows\system32\SETB891.tmp
2009-10-16 11:48:28 16655 ----a-w- c:\windows\hppmdl20.dat
2009-10-15 19:39:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-15 19:39:04 389120 ----a-w- c:\windows\system32\html.iec
2009-10-15 19:34:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 19:29:10 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 19:29:08 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 19:28:28 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 19:28:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 19:28:27 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 19:28:20 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-15 19:28:19 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-15 19:28:19 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2009-10-15 19:28:11 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 19:28:10 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2009-10-15 19:27:32 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 19:27:24 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 19:27:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-12 23:34:34 0 d-----w- c:\programdata\14346422
2009-10-10 19:00:12 0 d-----w- c:\programdata\SeekService
2009-10-10 19:00:12 0 d-----w- c:\program files\SeekService
2009-10-10 18:59:54 0 d-----w- c:\program files\Free Video To Audio Converter
2009-10-08 20:04:58 0 d-----w- c:\programdata\67810224
2009-10-02 21:02:11 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-16 12:01:03 86016 ----a-w- c:\windows\inf\infpub.dat
2009-10-16 12:01:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-16 12:00:52 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-26 20:50:17 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-29 03:41:42 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57:38 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56:05 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 23:58:19 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-15 23:54:25 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-08-15 23:54:01 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-08-15 23:53:03 317440 ----a-w- c:\windows\system32\BFE.DLL
2009-08-15 21:30:09 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-14 16:40:56 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40:52 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25:10 10240 ----a-w- c:\windows\system32\finger.exe
2008-12-23 03:34:12 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:54:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-15 23:27:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-15 23:27:34 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-15 23:27:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2008-08-19 13:56:09 581664 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 8:22:03.76 ===============

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:04 PM

Posted 29 October 2009 - 04:08 AM

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 trishk1988

trishk1988
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 October 2009 - 04:55 AM

That's unfortunate. :(

Could we attempt to clean it up please? I don't have the resources at the moment, but when I do, and if it really is compromised, then I'll downgrade to Windows XP.

Thanks Blade.

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:04 PM

Posted 29 October 2009 - 05:21 AM

Yes, we may attempt cleaning if you want to.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 trishk1988

trishk1988
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 October 2009 - 10:43 AM

Hi Blade,

First is the Combofix report. Following that is the DDS report.

============================
ComboFix 09-10-28.08 - Amrit 29/10/2009 15:01.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1014.203 [GMT 0:00]
Running from: c:\users\Amrit\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: ESET Smart Security 3.0 *disabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\StormII
c:\program files\StormII\config.xml
c:\program files\StormII\media.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\score.dll
c:\program files\StormII\sexpert.dll
c:\program files\StormII\Skin\±©·ç2¾­µä.zip
c:\program files\StormII\sparser.dll
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\sprobe.dll
c:\program files\StormII\storm.cfg
c:\program files\StormII\Storm.exe
c:\program files\StormII\supdate.dll
c:\program files\StormII\uninst.exe
c:\programdata\14346422
c:\programdata\14346422\14346422.exe
c:\users\Amrit\AppData\Roaming\Desktopicon
c:\users\Amrit\AppData\Roaming\inst.exe
c:\users\Amrit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 15:22 . 2009-10-29 15:22 -------- d-----w- c:\users\Mum\AppData\Local\temp
2009-10-29 15:22 . 2009-10-29 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-29 15:22 . 2009-10-29 15:22 -------- d-----w- c:\users\Dad\AppData\Local\temp
2009-10-29 15:01 . 2008-02-14 00:42 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-27 20:05 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:05 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-27 20:05 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-27 20:05 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-17 13:11 . 2009-10-17 13:11 0 ----a-w- c:\windows\system32\settings.dat
2009-10-17 12:06 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 12:06 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 12:06 . 2009-10-17 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 12:52 . 2009-10-16 12:52 -------- d-----w- c:\programdata\WEBREG
2009-10-16 12:47 . 2009-10-16 12:47 -------- d-----w- c:\users\Amrit\AppData\Roaming\HP
2009-10-16 12:30 . 2009-10-16 12:30 -------- d-----w- c:\programdata\HPSSUPPLY
2009-10-16 12:09 . 2009-10-16 12:29 -------- d-----w- c:\program files\Common Files\HP
2009-10-16 11:54 . 2007-01-29 13:22 117760 ----a-w- c:\windows\system32\hpzll4v2.dll
2009-10-16 11:51 . 2009-10-16 12:30 -------- d-----w- c:\program files\HP
2009-10-16 11:49 . 2009-10-16 12:52 133481 ----a-w- c:\windows\hppins20.dat
2009-10-16 11:48 . 2009-10-16 12:47 -------- d-----w- c:\programdata\HP
2009-10-16 11:48 . 2007-03-01 02:21 16655 ----a-w- c:\windows\hppmdl20.dat
2009-10-15 19:39 . 2009-08-27 14:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-15 19:34 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 19:29 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 19:29 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 19:28 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 19:28 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 19:28 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-15 19:27 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 19:27 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 19:27 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 19:00 . 2009-10-22 08:34 -------- d-----w- c:\program files\SeekService
2009-10-10 19:00 . 2009-10-22 08:25 -------- d-----w- c:\programdata\SeekService
2009-10-10 18:59 . 2009-10-10 19:00 -------- d-----w- c:\program files\Free Video To Audio Converter
2009-10-08 20:04 . 2009-10-09 01:17 -------- d-----w- c:\programdata\67810224
2009-10-02 21:02 . 2009-10-01 10:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 15:22 . 2008-01-20 19:28 -------- d-----w- c:\programdata\Kontiki
2009-10-29 14:52 . 2008-02-28 12:49 -------- d-----w- c:\program files\Steam
2009-10-28 11:51 . 2009-07-28 19:48 -------- d-sh--w- c:\users\Amrit\AppData\Roaming\lowsec
2009-10-27 19:46 . 2008-02-28 12:49 -------- d-----w- c:\program files\Common Files\Steam
2009-10-17 13:59 . 2007-09-09 19:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-16 12:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 10:54 . 2007-08-12 23:01 -------- d-----w- c:\programdata\Microsoft Help
2009-10-12 19:34 . 2009-01-22 13:51 -------- d-----w- c:\users\Amrit\AppData\Roaming\dvdcss
2009-09-27 22:03 . 2008-01-20 19:28 -------- d-----w- c:\program files\Kontiki
2009-09-27 15:59 . 2007-08-31 20:56 -------- d-----w- c:\program files\ESET
2009-09-27 14:47 . 2009-09-27 12:08 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-09-27 14:31 . 2007-06-08 00:45 -------- d-----w- c:\users\Amrit\AppData\Roaming\Azureus
2009-09-27 14:10 . 2009-09-27 14:10 -------- d-----w- c:\users\Dad\AppData\Roaming\Malwarebytes
2009-09-27 14:10 . 2009-09-27 14:10 -------- d-----w- c:\users\Dad\AppData\Roaming\FlashGet
2009-09-27 14:10 . 2007-04-11 21:23 100712 ----a-w- c:\users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-27 13:31 . 2007-07-11 11:19 -------- d-----w- c:\users\Amrit\AppData\Roaming\uTorrent
2009-09-27 12:15 . 2008-07-21 20:52 -------- d-----w- c:\program files\Rapidown
2009-09-27 12:15 . 2008-03-05 21:16 -------- d-----w- c:\program files\RegCure
2009-09-27 12:08 . 2009-09-27 12:08 -------- d-----w- c:\users\Amrit\AppData\Roaming\URSoft
2009-09-26 20:52 . 2007-09-05 22:42 -------- d-----w- c:\program files\BitDefender
2009-09-26 20:50 . 2008-05-15 17:04 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-26 18:11 . 2009-09-26 18:11 -------- d-----w- c:\programdata\Sky
2009-09-26 18:11 . 2009-09-26 18:11 -------- d-----w- c:\program files\Sky
2009-09-26 16:49 . 2009-09-26 16:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-26 14:40 . 2009-09-26 14:40 -------- d-----w- c:\users\Amrit\AppData\Roaming\Malwarebytes
2009-09-26 14:39 . 2009-09-26 14:39 -------- d-----w- c:\programdata\Malwarebytes
2009-09-26 14:06 . 2009-05-14 21:38 1356 ----a-w- c:\users\Amrit\AppData\Local\d3d9caps.dat
2009-09-22 20:47 . 2009-09-22 20:42 -------- d-----w- c:\program files\Unlocker
2009-09-22 20:23 . 2009-08-05 13:38 -------- d-----w- c:\users\Amrit\AppData\Roaming\FileZilla
2009-09-07 10:53 . 2007-06-08 00:36 -------- d-----w- c:\program files\Java
2009-08-29 03:41 . 2009-09-02 23:54 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-02 23:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-02 23:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57 . 2009-10-15 19:38 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-10-15 19:38 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-15 19:38 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-10-15 19:38 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-10-15 19:38 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 00:32 . 2009-09-09 12:10 214104 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-15 23:58 . 2009-09-09 12:10 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-15 23:54 . 2009-09-09 12:10 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-08-15 23:54 . 2009-09-09 12:10 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-08-15 23:53 . 2009-09-09 12:10 317440 ----a-w- c:\windows\system32\BFE.DLL
2009-08-15 21:30 . 2009-09-09 12:10 816640 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-15 21:30 . 2009-09-09 12:10 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-15 21:29 . 2009-09-09 12:10 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2009-08-14 16:40 . 2009-09-09 12:10 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-09 12:10 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-09 12:10 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-09 12:10 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-09 12:10 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-09 12:10 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-09 12:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-09 12:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-09 12:10 10240 ----a-w- c:\windows\system32\finger.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2009-04-02 15:16 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-04-02 15:16 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-04-02 15:16 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-08-19 13:56 . 2008-08-19 13:45 581664 --sha-w- c:\windows\System32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?????????"="??????????????e" [?]
"audio deaf"="c:\programdata\SETUP LOCKS LOCKS.3f44ddf" [X]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-22 1830128]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-04-13 1006264]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"THGuard"="c:\program files\TrojanHunter 4.7\THGuard.exe" [2007-09-03 523264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\users\Amrit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-13 528384]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-5-26 106496]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-22 22:02 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=c:\windows\pss\Picture Package Menu.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Amrit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rapidown.lnk]
backup=c:\windows\pss\Rapidown.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2008 14:07 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14:07 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 07:21 468224]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [31/03/2008 16:32 5120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14:07 7408]
S2 SeekService Service;SeekService Service;c:\programdata\SeekService\seekservice133.exe [22/10/2009 08:24 54784]
S3 FBUUQLYVFR;FBUUQLYVFR; [x]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [14/09/2007 15:47 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-29 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-03-21 14:45]

2009-10-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 21:18]

2009-08-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
FF - ProfilePath - c:\users\Amrit\AppData\Roaming\Mozilla\Firefox\Profiles\dyvelu42.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Amrit\AppData\Roaming\Mozilla\Firefox\Profiles\dyvelu42.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-storm2 - c:\program files\StormII\uninst.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2931882512-117023986-3369521659-1000\Software\G*e*n*i*e*"!\FM Genie Scout]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"=""
"SaveDir"=""
"HistoryDir"=""
"LangDB"=""
"LastSaveGame"=""
"Language"=""
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000000
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000000
"AutomaticallyUpdateCheck"=dword:00000000
"AdvancedGeneration"=dword:00000000
"ShowHistory"=dword:00000000
"WindowState"=dword:00000000
"WindowHeight"=dword:00000313
"WindowWidth"=dword:00000404
"WindowLeft"=dword:0000007e
"WindowTop"=dword:00000006
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-2931882512-117023986-3369521659-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-2931882512-117023986-3369521659-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028

[HKEY_USERS\S-1-5-21-2931882512-117023986-3369521659-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-2931882512-117023986-3369521659-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Questionnaire]
"FormCountry"=dword:00000000
"FormAge"=dword:00000000
"FormFMStart"=dword:00000000
"FormScoutStart"=dword:00000000
"FormFMPeriodicity"=dword:00000000
"FormScoutPeriodicity"=dword:00000000
"FormScoutFrequency"=dword:00000000
"FormScoutRate"=dword:00000000
"FormInternetFrequency"=dword:00000000
"FormScoutPrice"=dword:00000000
"QuestionnaireComplete"=dword:00000000
"QuestionnaireReminds"=dword:00000000

[HKEY_USERS\S-1-5-21-2931882512-117023986-3369521659-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Rating]
"GKPositionCoef"=dword:00000000
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000005
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000005
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:0000000a
"GKPenaltiesCoef"=dword:00000005
"GKTacklingCoef"=dword:0000000a
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000005
"GKRightFootCoef"=dword:00000005
"GKAggressionCoef"=dword:0000001e
"GKAnticipationCoef"=dword:0000000a
"GKBraveryCoef"=dword:0000001e
"GKComposureCoef"=dword:0000001e
"GKConcentrationCoef"=dword:00000014
"GKConsistencyCoef"=dword:00000014
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:0000001e
"GKDeterminationCoef"=dword:00000014
"GKDirtinessCoef"=dword:fffffff6
"GKFlairCoef"=dword:00000005
"GKImportantMatchesCoef"=dword:00000014
"GKInfluenceCoef"=dword:0000000f
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:0000003c
"GKTeamworkCoef"=dword:0000000a
"GKWorkRateCoef"=dword:00000005
"GKAccelerationCoef"=dword:0000000a
"GKAgilityCoef"=dword:00000014
"GKBalanceCoef"=dword:00000014
"GKInjuryPronenessCoef"=dword:fffffff6
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:0000000a
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000005
"GKStrengthCoef"=dword:0000001e
"GKVersatilityCoef"=dword:00000005
"GKAerialAbilityCoef"=dword:00000050
"GKCommandOfAreaCoef"=dword:00000032
"GKCommunicationCoef"=dword:0000003c
"GKEccentricityCoef"=dword:ffffffe7
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:00000019
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:0000001e
"GKTendencyToPunchCoef"=dword:ffffffe7
"GKThrowingCoef"=dword:00000019
"GKAdaptabilityCoef"=dword:0000000a
"GKAmbitionCoef"=dword:00000014
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:0000000a
"GKPressureCoef"=dword:00000014
"GKProfessionalismCoef"=dword:0000000f
"GKSportsmanshipCoef"=dword:0000000a
"GKTemperamentCoef"=dword:00000005
"SWPositionCoef"=dword:00000000
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:0000000a
"SWCrossingCoef"=dword:00000005
"SWDribblingCoef"=dword:00000005
"SWFinishingCoef"=dword:00000005
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:00000005
"SWLongThrowsCoef"=dword:00000005
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:00000014
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000f
"SWLeftFootCoef"=dword:0000000a
"SWRightFootCoef"=dword:0000000a
"SWAggressionCoef"=dword:0000000f
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:00000028
"SWConsistencyCoef"=dword:00000014
"SWCreativityCoef"=dword:00000005
"SWDecisionsCoef"=dword:0000001e
"SWDeterminationCoef"=dword:00000014
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000005
"SWImportantMatchesCoef"=dword:00000014
"SWInfluenceCoef"=dword:0000000f
"SWOffTheBallCoef"=dword:00000005
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:0000000a
"SWAccelerationCoef"=dword:00000019
"SWAgilityCoef"=dword:00000005
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffff6
"SWJumpingCoef"=dword:00000050
"SWNaturalFitnessCoef"=dword:0000000a
"SWPaceCoef"=dword:00000019
"SWStaminaCoef"=dword:0000000f
"SWStrengthCoef"=dword:0000003c
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:0000000a
"SWAmbitionCoef"=dword:00000014
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:0000000a
"SWPressureCoef"=dword:00000014
"SWProfessionalismCoef"=dword:0000000f
"SWSportsmanshipCoef"=dword:0000000a
"SWTemperamentCoef"=dword:00000005
"CBPositionCoef"=dword:00000000
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000014
"CBCrossingCoef"=dword:0000000a
"CBDribblingCoef"=dword:00000005
"CBFinishingCoef"=dword:00000005
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:00000014
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:00000005
"CBLongThrowsCoef"=dword:00000005
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:0000001e
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000f
"CBLeftFootCoef"=dword:0000000a
"CBRightFootCoef"=dword:0000000a
"CBAggressionCoef"=dword:0000000f
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:0000001e
"CBConcentrationCoef"=dword:0000001e
"CBConsistencyCoef"=dword:00000014
"CBCreativityCoef"=dword:00000005
"CBDecisionsCoef"=dword:0000001e
"CBDeterminationCoef"=dword:00000014
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000005
"CBImportantMatchesCoef"=dword:00000014
"CBInfluenceCoef"=dword:0000000f
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:0000000a
"CBAccelerationCoef"=dword:00000023
"CBAgilityCoef"=dword:00000005
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffff6
"CBJumpingCoef"=dword:00000050
"CBNaturalFitnessCoef"=dword:0000000a
"CBPaceCoef"=dword:00000023
"CBStaminaCoef"=dword:00000014
"CBStrengthCoef"=dword:00000032
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:0000000a
"CBAmbitionCoef"=dword:00000014
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:0000000a
"CBPressureCoef"=dword:00000014
"CBProfessionalismCoef"=dword:0000000f
"CBSportsmanshipCoef"=dword:0000000a
"CBTemperamentCoef"=dword:00000005
"FBPositionCoef"=dword:00000000
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:00000014
"FBCrossingCoef"=dword:00000023
"FBDribblingCoef"=dword:0000001e
"FBFinishingCoef"=dword:0000000a
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:00000014
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:00000050
"FBPassingCoef"=dword:00000023
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:0000001e
"FBLeftFootCoef"=dword:0000000a
"FBRightFootCoef"=dword:0000000a
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:0000003c
"FBBraveryCoef"=dword:00000019
"FBComposureCoef"=dword:00000019
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:00000014
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000019
"FBDeterminationCoef"=dword:00000014
"FBDirtinessCoef"=dword:fffffff1
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:00000014
"FBInfluenceCoef"=dword:0000000f
"FBOffTheBallCoef"=dword:0000000f
"FBPositioningCoef"=dword:00000050
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:00000032
"FBAgilityCoef"=dword:00000005
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffff6
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:0000000a
"FBPaceCoef"=dword:00000032
"FBStaminaCoef"=dword:00000032
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:0000000a
"FBAmbitionCoef"=dword:00000014
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:0000000a
"FBPressureCoef"=dword:00000014
"FBProfessionalismCoef"=dword:0000000f
"FBSportsmanshipCoef"=dword:0000000a
"FBTemperamentCoef"=dword:00000005
"WBPositionCoef"=dword:00000000
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:00000014
"WBCrossingCoef"=dword:0000004b
"WBDribblingCoef"=dword:0000003c
"WBFinishingCoef"=dword:0000001e
"WBFirstTouchCoef"=dword:00000019
"WBFreeKicksCoef"=dword:00000014
"WBHeadingCoef"=dword:00000019
"WBLongShotsCoef"=dword:0000000f
"WBLongThrowsCoef"=dword:0000000f
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000050
"WBTechniqueCoef"=dword:00000032
"WBLeftFootCoef"=dword:0000000a
"WBRightFootCoef"=dword:0000000a
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000032
"WBBraveryCoef"=dword:0000000f
"WBComposureCoef"=dword:00000014
"WBConcentrationCoef"=dword:00000019
"WBConsistencyCoef"=dword:00000014
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:00000014
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:00000014
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:0000003c
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:0000001e
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:00000005
"WBBalanceCoef"=dword:0000000f
"WBInjuryPronenessCoef"=dword:fffffff6
"WBJumpingCoef"=dword:00000019
"WBNaturalFitnessCoef"=dword:0000000a
"WBPaceCoef"=dword:0000005a
"WBStaminaCoef"=dword:0000004b
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:0000000a
"WBAmbitionCoef"=dword:00000014
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:0000000a
"WBPressureCoef"=dword:00000014
"WBProfessionalismCoef"=dword:0000000f
"WBSportsmanshipCoef"=dword:0000000a
"WBTemperamentCoef"=dword:00000005
"DMPositionCoef"=dword:00000000
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:00000014
"DMCrossingCoef"=dword:00000028
"DMDribblingCoef"=dword:00000019
"DMFinishingCoef"=dword:0000001e
"DMFirstTouchCoef"=dword:00000019
"DMFreeKicksCoef"=dword:00000014
"DMHeadingCoef"=dword:00000032
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:0000000a
"DMMarkingCoef"=dword:0000004b
"DMPassingCoef"=dword:00000032
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000050
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:0000000a
"DMRightFootCoef"=dword:0000000a
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:0000000f
"DMComposureCoef"=dword:00000014
"DMConcentrationCoef"=dword:00000019
"DMConsistencyCoef"=dword:00000014
"DMCreativityCoef"=dword:00000019
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:00000014
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000f
"DMImportantMatchesCoef"=dword:00000014
"DMInfluenceCoef"=dword:0000000f
"DMOffTheBallCoef"=dword:00000019
"DMPositioningCoef"=dword:0000003c
"DMTeamworkCoef"=dword:0000001e
"DMWorkRateCoef"=dword:0000003c
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:00000005
"DMBalanceCoef"=dword:0000000f
"DMInjuryPronenessCoef"=dword:fffffff6
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:0000000a
"DMPaceCoef"=dword:00000023
"DMStaminaCoef"=dword:00000041
"DMStrengthCoef"=dword:00000032
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:0000000a
"DMAmbitionCoef"=dword:00000014
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:0000000a
"DMPressureCoef"=dword:00000014
"DMProfessionalismCoef"=dword:0000000f
"DMSportsmanshipCoef"=dword:0000000a
"DMTemperamentCoef"=dword:00000005
"MPositionCoef"=dword:00000000
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:00000019
"MCrossingCoef"=dword:00000032
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000028
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:00000014
"MHeadingCoef"=dword:00000028
"MLongShotsCoef"=dword:00000019
"MLongThrowsCoef"=dword:0000000a
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:0000004b
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:00000028
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:0000000a
"MRightFootCoef"=dword:0000000a
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:00000014
"MConcentrationCoef"=dword:00000014
"MConsistencyCoef"=dword:00000014
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:00000014
"MDeterminationCoef"=dword:00000014
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:00000014
"MImportantMatchesCoef"=dword:00000014
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:0000001e
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000023
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:0000002d
"MAgilityCoef"=dword:00000005
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffff6
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:0000000a
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:00000023
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:0000000a
"MAmbitionCoef"=dword:00000014
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:0000000a
"MPressureCoef"=dword:00000014
"MProfessionalismCoef"=dword:0000000f
"MSportsmanshipCoef"=dword:0000000a
"MTemperamentCoef"=dword:00000005
"AMPositionCoef"=dword:00000000
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:00000019
"AMCrossingCoef"=dword:00000046
"AMDribblingCoef"=dword:00000046
"AMFinishingCoef"=dword:00000032
"AMFirstTouchCoef"=dword:00000028
"AMFreeKicksCoef"=dword:00000014
"AMHeadingCoef"=dword:0000001e
"AMLongShotsCoef"=dword:0000001e
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000f
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:0000000a
"AMRightFootCoef"=dword:0000000a
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:00000023
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:00000014
"AMConcentrationCoef"=dword:00000014
"AMConsistencyCoef"=dword:00000014
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000014
"AMDeterminationCoef"=dword:00000014
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:0000001e
"AMImportantMatchesCoef"=dword:00000014
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:00000028
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:00000028
"AMWorkRateCoef"=dword:00000019
"AMAccelerationCoef"=dword:00000032
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffff6
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:0000000a
"AMPaceCoef"=dword:00000032
"AMStaminaCoef"=dword:00000028
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:0000000a
"AMAmbitionCoef"=dword:00000014
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:0000000a
"AMPressureCoef"=dword:00000014
"AMProfessionalismCoef"=dword:0000000f
"AMSportsmanshipCoef"=dword:0000000a
"AMTemperamentCoef"=dword:00000005
"WPositionCoef"=dword:00000000
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:00000019
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:00000014
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000019
"WLongThrowsCoef"=dword:0000000a
"WMarkingCoef"=dword:00000019
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:00000014
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:0000000a
"WRightFootCoef"=dword:0000000a
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000023
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:00000014
"WConcentrationCoef"=dword:00000014
"WConsistencyCoef"=dword:00000014
"WCreativityCoef"=dword:00000032
"WDecisionsCoef"=dword:0000000f
"WDeterminationCoef"=dword:00000014
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000001e
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:00000005
"WOffTheBallCoef"=dword:00000032
"WPositioningCoef"=dword:00000019
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffff6
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:0000000a
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:00000032
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:0000000a
"WAmbitionCoef"=dword:00000014
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:0000000a
"WPressureCoef"=dword:00000014
"WProfessionalismCoef"=dword:0000000f
"WSportsmanshipCoef"=dword:0000000a
"WTemperamentCoef"=dword:00000005
"FSTPositionCoef"=dword:00000000
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:00000014
"FSTCrossingCoef"=dword:0000001e
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:00000014
"FSTHeadingCoef"=dword:0000003c
"FSTLongShotsCoef"=dword:0000001e
"FSTLongThrowsCoef"=dword:00000005
"FSTMarkingCoef"=dword:0000000a
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:0000000a
"FSTTechniqueCoef"=dword:0000004b
"FSTLeftFootCoef"=dword:0000000a
"FSTRightFootCoef"=dword:0000000a
"FSTAggressionCoef"=dword:00000014
"FSTAnticipationCoef"=dword:00000014
"FSTBraveryCoef"=dword:0000000f
"FSTComposureCoef"=dword:00000014
"FSTConcentrationCoef"=dword:00000014
"FSTConsistencyCoef"=dword:00000014
"FSTCreativityCoef"=dword:00000032
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:00000014
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:00000019
"FSTImportantMatchesCoef"=dword:00000014
"FSTInfluenceCoef"=dword:00000005
"FSTOffTheBallCoef"=dword:0000003c
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:0000001e
"FSTBalanceCoef"=dword:00000014
"FSTInjuryPronenessCoef"=dword:fffffff6
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:0000000a
"FSTPaceCoef"=dword:0000005a
"FSTStaminaCoef"=dword:00000014
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:0000000a
"FSTAmbitionCoef"=dword:00000014
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:0000000a
"FSTPressureCoef"=dword:00000014
"FSTProfessionalismCoef"=dword:0000000f
"FSTSportsmanshipCoef"=dword:0000000a
"FSTTemperamentCoef"=dword:00000005
"TSTPositionCoef"=dword:00000000
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000014
"TSTCrossingCoef"=dword:0000001e
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:0000003c
"TSTFirstTouchCoef"=dword:00000028
"TSTFreeKicksCoef"=dword:00000014
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:0000001e
"TSTLongThrowsCoef"=dword:00000005
"TSTMarkingCoef"=dword:0000000a
"TSTPassingCoef"=dword:0000001e
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:0000000a
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:0000000a
"TSTRightFootCoef"=dword:0000000a
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:00000014
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:00000014
"TSTConcentrationCoef"=dword:00000014
"TSTConsistencyCoef"=dword:00000014
"TSTCreativityCoef"=dword:00000028
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:00000014
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:00000019
"TSTImportantMatchesCoef"=dword:00000014
"TSTInfluenceCoef"=dword:00000005
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:0000000a
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffff6
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:0000000a
"TSTPaceCoef"=dword:00000023
"TSTStaminaCoef"=dword:0000000f
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:0000000a
"TSTAmbitionCoef"=dword:00000014
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:0000000a
"TSTPressureCoef"=dword:00000014
"TSTProfessionalismCoef"=dword:0000000f
"TSTSportsmanshipCoef"=dword:0000000a
"TSTTemperamentCoef"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\System32\eNetHook.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\System32\eNetHook.dll
.
Completion time: 2009-10-29 15:26
ComboFix-quarantined-files.txt 2009-10-29 15:26

Pre-Run: 2,197,946,368 bytes free
Post-Run: 2,966,487,040 bytes free

- - End Of File - - 5EABD932E219EBF02D8522823AD29655

================================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Amrit at 15:39:33.12 on 29/10/2009
Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1014.86 [GMT 0:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: ESET Smart Security 3.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Amrit\AppData\Local\Temp\RtkBtMnt.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Amrit\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: : {a6984c00-c6eb-11d4-b4a4-080000180323} - c:\progra~1\rapidown\rapi310.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} -
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [?????????] ??????????????e
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [audio deaf] "c:\programdata\SETUP LOCKS LOCKS.3f44ddf"
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [THGuard] "c:\program files\trojanhunter 4.7\THGuard.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Flashget] "c:\program files\flashget\FlashGet.exe" /min
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\amrit\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\enethook.dll c:\windows\system32\eNetHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2008-8-26 162432]
R2 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2008-8-26 12032]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-3-31 5120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S2 SeekService Service;SeekService Service;c:\programdata\seekservice\seekservice133.exe [2009-10-22 54784]
S3 FBUUQLYVFR;FBUUQLYVFR; [x]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-9-14 80744]
SUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2009-10-29 15:01:57 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 14:43:33 98816 ----a-w- c:\windows\sed.exe
2009-10-29 14:43:33 77312 ----a-w- c:\windows\MBR.exe
2009-10-29 14:43:33 236544 ----a-w- c:\windows\PEV.exe
2009-10-29 14:43:33 161792 ----a-w- c:\windows\SWREG.exe
2009-10-27 20:05:37 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:05:33 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-27 20:05:27 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-27 20:05:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-27 20:05:16 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-17 13:11:45 0 ----a-w- c:\windows\system32\settings.dat
2009-10-17 12:06:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 12:06:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 12:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 12:52:39 0 d-----w- c:\programdata\WEBREG
2009-10-16 12:30:08 0 d-----w- c:\programdata\HPSSUPPLY
2009-10-16 12:09:51 0 d-----w- c:\program files\common files\HP
2009-10-16 11:54:08 117760 ----a-w- c:\windows\system32\hpzll4v2.dll
2009-10-16 11:51:16 0 d-----w- c:\program files\HP
2009-10-16 11:49:04 133481 ----a-w- c:\windows\hppins20.dat
2009-10-16 11:48:50 0 d-----w- c:\programdata\HP
2009-10-16 11:48:35 258048 ----a-w- c:\windows\system32\SETB891.tmp
2009-10-16 11:48:28 16655 ----a-w- c:\windows\hppmdl20.dat
2009-10-15 19:39:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-15 19:39:04 389120 ----a-w- c:\windows\system32\html.iec
2009-10-15 19:34:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 19:29:10 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 19:29:08 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 19:28:28 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 19:28:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 19:28:27 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 19:28:20 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-15 19:28:19 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-15 19:28:19 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2009-10-15 19:28:11 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 19:28:10 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2009-10-15 19:27:32 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 19:27:24 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 19:27:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 19:00:12 0 d-----w- c:\programdata\SeekService
2009-10-10 19:00:12 0 d-----w- c:\program files\SeekService
2009-10-10 18:59:54 0 d-----w- c:\program files\Free Video To Audio Converter
2009-10-08 20:04:58 0 d-----w- c:\programdata\67810224
2009-10-02 21:02:11 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-16 12:01:03 86016 ----a-w- c:\windows\inf\infpub.dat
2009-10-16 12:01:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-16 12:00:52 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-26 20:50:17 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-29 03:41:42 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57:38 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56:05 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 23:58:19 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-15 23:54:25 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-08-15 23:54:01 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-08-15 23:53:03 317440 ----a-w- c:\windows\system32\BFE.DLL
2009-08-15 21:30:09 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-14 16:40:56 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40:52 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25:10 10240 ----a-w- c:\windows\system32\finger.exe
2008-12-23 03:34:12 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:54:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-15 23:27:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-15 23:27:34 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-15 23:27:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2008-08-19 13:56:09 581664 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 15:42:30.07 ===============

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:04 PM

Posted 29 October 2009 - 11:40 AM

Please post attach.txt part of DDS reports too.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 trishk1988

trishk1988
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 October 2009 - 11:52 AM

Whoops totally forgot. I've run a new DDS scan just in case. Attach.txt is attached.

=============================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Amrit at 16:46:33.97 on 29/10/2009
Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1014.375 [GMT 0:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: ESET Smart Security 3.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Amrit\AppData\Local\Temp\RtkBtMnt.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Amrit\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: : {a6984c00-c6eb-11d4-b4a4-080000180323} - c:\progra~1\rapidown\rapi310.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} -
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [?????????] ??????????????e
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [audio deaf] "c:\programdata\SETUP LOCKS LOCKS.3f44ddf"
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [THGuard] "c:\program files\trojanhunter 4.7\THGuard.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Flashget] "c:\program files\flashget\FlashGet.exe" /min
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\amrit\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\enethook.dll c:\windows\system32\eNetHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.manutd.com/default.sps?pagegid={63600C0C-B276-4CB1-8FB1-3460BE926722}
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\amrit\appdata\roaming\mozilla\firefox\profiles\dyvelu42.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2008-8-26 162432]
R2 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2008-8-26 12032]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-3-31 5120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S2 SeekService Service;SeekService Service;c:\programdata\seekservice\seekservice133.exe [2009-10-22 54784]
S3 FBUUQLYVFR;FBUUQLYVFR; [x]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-9-14 80744]
SUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2009-10-29 15:01:57 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 14:43:33 98816 ----a-w- c:\windows\sed.exe
2009-10-29 14:43:33 77312 ----a-w- c:\windows\MBR.exe
2009-10-29 14:43:33 236544 ----a-w- c:\windows\PEV.exe
2009-10-29 14:43:33 161792 ----a-w- c:\windows\SWREG.exe
2009-10-27 20:05:37 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:05:33 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-27 20:05:27 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-27 20:05:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-27 20:05:16 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-17 13:11:45 0 ----a-w- c:\windows\system32\settings.dat
2009-10-17 12:06:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 12:06:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 12:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 12:52:39 0 d-----w- c:\programdata\WEBREG
2009-10-16 12:30:08 0 d-----w- c:\programdata\HPSSUPPLY
2009-10-16 12:09:51 0 d-----w- c:\program files\common files\HP
2009-10-16 11:54:08 117760 ----a-w- c:\windows\system32\hpzll4v2.dll
2009-10-16 11:51:16 0 d-----w- c:\program files\HP
2009-10-16 11:49:04 133481 ----a-w- c:\windows\hppins20.dat
2009-10-16 11:48:50 0 d-----w- c:\programdata\HP
2009-10-16 11:48:35 258048 ----a-w- c:\windows\system32\SETB891.tmp
2009-10-16 11:48:28 16655 ----a-w- c:\windows\hppmdl20.dat
2009-10-15 19:39:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-15 19:39:04 389120 ----a-w- c:\windows\system32\html.iec
2009-10-15 19:34:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 19:29:10 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 19:29:08 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 19:28:28 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 19:28:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 19:28:27 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 19:28:20 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-15 19:28:19 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-15 19:28:19 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2009-10-15 19:28:11 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 19:28:10 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2009-10-15 19:27:32 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 19:27:24 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 19:27:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 19:00:12 0 d-----w- c:\programdata\SeekService
2009-10-10 19:00:12 0 d-----w- c:\program files\SeekService
2009-10-10 18:59:54 0 d-----w- c:\program files\Free Video To Audio Converter
2009-10-08 20:04:58 0 d-----w- c:\programdata\67810224
2009-10-02 21:02:11 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-16 12:01:03 86016 ----a-w- c:\windows\inf\infpub.dat
2009-10-16 12:01:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-16 12:00:52 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-26 20:50:17 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-29 03:41:42 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57:38 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56:05 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 23:58:19 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-15 23:54:25 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-08-15 23:54:01 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-08-15 23:53:03 317440 ----a-w- c:\windows\system32\BFE.DLL
2009-08-15 21:30:09 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-14 16:40:56 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40:52 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25:10 10240 ----a-w- c:\windows\system32\finger.exe
2008-12-23 03:34:12 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:54:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-15 23:27:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-15 23:27:34 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-15 23:27:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2008-08-19 13:56:09 581664 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 16:48:42.34 ===============

Attached Files



#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:04 PM

Posted 29 October 2009 - 12:09 PM

Hi again,

Uninstall these:
CiD Help
DAEMON Tools Toolbar <-- if not installed on purpose
Rapidown 5.9 SE




uTorrent
Azureus Vuze
UseNeXT


Both above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Have you removed BitDefender recently? If that's so, then get uninstall tool here to remove BitDefender remnants.


Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\settings.dat
Folder::
c:\programdata\67810224
c:\program files\rapidown
Driver::
FBUUQLYVFR
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: : {a6984c00-c6eb-11d4-b4a4-080000180323} - c:\progra~1\rapidown\rapi310.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Uninstall these vulnerable Javas:
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 1
Java™ SE Runtime Environment 6 Update 1



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:04 PM

Posted 06 November 2009 - 06:01 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users