Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[randomname].sys file post MBAM removal of Anti Malware Doctor, GMER says rootkit


  • This topic is locked This topic is locked
94 replies to this topic

#1 apsdub79

apsdub79

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 23 July 2010 - 10:41 AM

EDIT: I'm in a different timezone to these forums which is why my log dates appear to be from the future ;) 6 hours ahead.

Just as a starting point I must state that the possibly still infected machine is a laptop with a broken screen, and the HDTV it is connected to does not receive a signal until the Windows logon screen. So Safe Mode is a no no and I already spent days trying to get a Windows XP repair done ‘blind’. Also I know typically you prefer fresh issues and I apologise for the length of this post and posting of MBAM logs done independently, but I figured it would be useful to anyone attempting to help me.

First off I was downloading stuff I shouldn’t be downloading (lesson well and truly learnt, believe me), and left my laptop to do this. When I returned I had all of the fake Antimalware Doctor stuff all on my screen. So I disconnected from the internet quickly and then ran MBAM. This was the first log

=============================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4238

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2010-07-20 07:18:31
mbam-log-2010-07-20 (07-18-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 198734
Time elapsed: 38 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{262cbb8a-d7d6-4530-acf3-d551a9dff836} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{262cbb8a-d7d6-4530-acf3-d551a9dff836} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{262cbb8a-d7d6-4530-acf3-d551a9dff836} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{262cbb8a-d7d6-4530-acf3-d551a9dff836} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a1e75c7-ef7f-4ef4-b525-77bc8fd03fdf} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a1e75c7-ef7f-4ef4-b525-77bc8fd03fdf} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun.B) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Not selected for removal.
C:\WINDOWS\system32\joeqp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-7208770901-3945963791-648614088-3897\mgrls32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\temp\seowrxmanc.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\woeqp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\cndrive32.exe (Worm.Palevo) -> Not selected for removal.
C:\WINDOWS\system32\foeqp.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

=============================================================

So after this I noticed I was still having internet activity when I shouldn’t so I disconnected and ran MBAM again for a second quick scan log

=============================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4329

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2010-07-20 09:08:06
mbam-log-2010-07-20 (09-08-06).txt

Scan type: Quick scan
Objects scanned: 150199
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\W34BCG2GRJ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> No action taken.

=============================================================

Soon after this I lost my ability to connect to the internet with ‘No connectivity’ errors. Being the idiot I was, I was still on the internet with being able to regain a connection by disconnecting my router. Now I lost connection at some point completely and had big yellow exclamation marks in the Hardware>Device Manager section next to all of my network connections.

In any case I ran MBAM which at this point gave a clean bill of health. So I now tried to fix my internet issue. First I ran scannow but that did nothing. Next I used ‘expand’ commands from the XP disc for related files including ntndis.sys, and 5 minutes later my laptop BSOD’d because of ndis.sys. Now I was stuck in a reboot cycle due to this file, and after a few days of trying I eventually managed a repair of XP ‘blind’ (my screen is broken and no signal to HDTV as monitor). This brings me to where I am now. Recent run of MBAM:-

=============================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4340

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-07-23 13:09:39
mbam-log-2010-07-23 (13-09-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 215150
Time elapsed: 39 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=============================================================

Now here is a list of files where I was looking around

Files created upon repair of XP
C:\WINDOWS\OEWABLog.txt
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\sessmgr.setup.log
C:\WINDOWS\DtcInstall.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\cmsetacl.log
C:\WINDOWS\regopt.log
C:\WINDOWS\SET76.tmp
C:\WINDOWS\SET68.tmp
C:\WINDOWS\SET63.tmp
C:\WINDOWS\setupapi.log
C:\WINDOWS\setuplog.txt

Files created prior to crash, post running of MBAM

C:\WINDOWS\tabletoc.log
C:\WINDOWS\ocmsn.log
C:\WINDOWS\netfxocm
C:\WINDOWS\msmqinst.log
C:\WINDOWS\msgsocm.log
C:\WINDOWS\MedCtrOC.log
C:\WINDOWS\imsins.log
C:\WINDOWS\imsins.BAK
C:\WINDOWS\tsoc.log
C:\WINDOWS\setuperr.log
C:\WINDOWS\setupact.log
C:\WINDOWS\ocgen.log
C:\WINDOWS\ntdtcsetup.log
C:\WINDOWS\iis6.log
C:\WINDOWS\faxSetup.log
C:\WINDOWS\comsetup.log
C:\WINDOWS\KB914882.log
C:\WINDOWS\setupapi.old
C:\WINDOWS\0.log

Dodgy looking file
C:\WINDOWS\system32\drivers\izecgzg.sys

This isn’t being detected by MBAM and it seems to be constantly modifying itself as if I look into the folder and sort by Date Modified that file always goes to the top with a new modified stamp matching the exact time on the OS clock. Also corresponding to this is

C:\Documents and Settings\Administrator\ntuser.dat.LOG

being constantly modified aswell. I took the risk of going online and scanned the above odd file izecgzg.sys with jotti online scanner. It returned the file as being empty with 0 bytes which again points to something odd going on (?). In any case I wrote the above prior to running GMER which has now pegged it as a rootkit.

So that’s my story to explain where I’ve been and where I am at, and hopefully one of you kind souls will be able to offer assistance to this fool. Below is the copy/paste of DDS and attached are the DDS Attach file and GMER txt file named ark.txt.

================================


DDS (Ver_10-03-17.01) - NTFSx86
Run by 98277332 at 14:50:16.60 on 2010-07-23
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.479 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\program files\unlocker\unlockerassistant.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [UnlockerAssistant] "c:\program files\unlocker\unlockerassistant.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229599472503
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229599412970
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-1-27 3968]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-5-8 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
S1 ntiomin;ntiomin; [x]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2008-1-22 25773]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]

=============== Created Last 30 ================

2010-07-23 12:35:29 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-23 10:03:19 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-07-23 09:46:04 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-07-23 09:46:04 76288 -c--a-w- c:\windows\system32\dllcache\cnfgprts.ocx
2010-07-23 09:46:04 275968 -c--a-w- c:\windows\system32\dllcache\certwiz.ocx
2010-07-23 09:45:37 0 d-----w- c:\windows\LastGood.Tmp
2010-07-23 09:43:53 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-07-23 09:43:45 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-07-23 09:43:45 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-07-23 09:43:45 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-07-23 09:43:45 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-07-23 09:43:45 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-07-23 09:40:13 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2010-07-23 09:40:13 27136 ----a-w- c:\windows\system32\irmon.dll
2010-07-23 09:40:13 152576 ----a-w- c:\windows\system32\irftp.exe
2010-07-23 09:40:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-07-23 09:33:07 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-07-23 09:29:56 1086058 ----a-r- c:\windows\SET68.tmp
2010-07-23 09:29:53 1042903 ----a-r- c:\windows\SET63.tmp
2010-07-20 13:45:31 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-07-20 13:33:02 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-20 10:03:37 2068 ----a-w- c:\windows\setupapi.old
2010-07-20 10:00:46 0 d-----w- c:\windows\system32\MpEngineStore
2010-07-20 05:04:21 766976 ----a-w- c:\windows\system32\drivers\izecgzg.sys
2010-07-12 02:44:09 0 d-----w- c:\program files\AsfTools 3.1
2010-07-12 02:37:50 413760 ----a-w- c:\windows\system32\MPG4c32.dll
2010-07-10 02:42:50 0 d-----w- C:\BraCa Soft
2010-06-29 02:26:03 37 ----a-w- c:\windows\ULVIO40.INI
2010-06-29 02:25:53 212 ----a-w- c:\windows\ULead32.ini
2010-06-29 02:25:53 0 d-----w- c:\windows\ulead.dat
2010-06-29 02:25:40 78 ---ha-w- c:\windows\system32\Kene32.uns
2010-06-29 02:25:13 3908 ----a-w- c:\windows\system32\Gaeffect.sti
2010-06-29 02:25:13 2024 ----a-w- c:\windows\system32\Gafilter.sti
2010-06-29 02:25:12 0 d-----w- c:\windows\Noslip
2010-06-29 02:25:12 0 d-----w- c:\program files\Ulead GIF Animator 2.0
2010-06-29 02:22:01 0 d-----w- C:\Multimedia Files
2010-06-29 02:21:53 0 d-----w- c:\program files\Microsoft GIF Animator

==================== Find3M ====================

2010-07-23 09:42:03 23584 ----a-w- c:\windows\system32\emptyregdb.dat
2008-05-22 03:47:25 2 --shatr- c:\windows\winstart.bat

============= FINISH: 14:50:38.56 ===============

Attached Files


Edited by apsdub79, 23 July 2010 - 11:10 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 31 July 2010 - 07:25 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 07:31 AM

Thanks for the response. I'll run those programs and report back.

Also have a quick question. Been browsing here/googling and it seems that Combofix is possibly the next route, and when Combofix finds modified system files it tries to replace them with files (possibly from i386 folder). I deleted this folder from my infected machine due to space squeeze, so if I copy i386 from another XP installation will that do the job if Combofix goes looking? I may have changed the source path in the registry and if so is this where Combofix looks and thus requires changing back to the default of C:\ where I’ll copy the i386 folder to? Also the folder I am copying is named i386 and not I386, will that make a difference?

Thanks again.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 31 July 2010 - 07:37 AM

Hi apsdub79,

Don't worry about it for now, we can always manually replace and I'm sure there's more than 1 location of common files. smile.gif


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 07:43 AM

Just hit a bit of a snag. I'm currently on one laptop and transferring via usb OTL, gmer to the infected laptop. When I opened the USB on the infected machine there was a bunch of hidden files on it

FINDER.DAT
Desktop DB (file with no extension)
Desktop DF (file with no extension)
6phx.com (MS-DOS Application)
.System (file folder)

Is the USB infected?

EDIT: Just tried another USB which did not have any weird files/folders on it. Should I use that one instead? Does this also mean the 'clean' laptop I am posting from might now be infected because I plugged the USB with the weird stuff on it into it?

Edited by apsdub79, 31 July 2010 - 07:46 AM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 31 July 2010 - 07:57 AM

FINDER.DAT is related to the file system (e.g. format) of your pen drive.
DESKTOP DB and DF are legit as well.
SYSTEM may be htere if you're using a U3 formatt drive.
6phx.com is concerning.

It's not bad if it didn't run. Here's something to minimize your chance of getting infected. Do this on your CLEAN computer. It ensures malware can't write to autorun when you plug your drive in.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

You may also want to scan that drive with your antivirus.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 08:23 AM

I did the Flash Disinfector stuff.

I ran OTL but it only produced one log, OTL.txt. I'm fairly certain I followed your OTL instructions to the letter, but should I go again?

Sorry for being a pain in the ass who can't follow simple instructions. GMER is currently scanning so if required I'll re-run OTL when GMER is done.


#8 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 09:38 AM

As I said above, only one log file created OTL.txt (note the 'original' listed files etc. in My Documents which I wasn't comfortable with posting on an open internet forum. If you would like that full version then let me know and I'll pm it to you)

=========
OTL LOG
=========


OTL logfile created on: 2010-07-31 14:08:04 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: yyyy-MM-dd

1,015.00 Mb Total Physical Memory | 402.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.72 Gb Total Space | 2.51 Gb Free Space | 21.42% Space Free | Partition Type: NTFS
Drive D: | 25.46 Gb Total Space | 0.75 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 244.99 Mb Total Space | 50.67 Mb Free Space | 20.68% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 2C2XS1J
Current User Name: 98277332
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-07-31 13:33:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010-06-01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010-03-25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008-05-02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2005-03-04 11:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2005-02-01 20:28:12 | 001,469,952 | ---- | M] (Hagel Technologies) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2004-10-30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004-09-07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004-09-07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004-09-07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004-09-07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004-09-07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004-08-04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 13:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2004-08-04 13:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010-07-31 13:33:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008-05-02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006-08-25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - [2010-03-25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004-09-07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004-09-07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004-09-07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004-09-07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004-08-04 13:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004-08-04 13:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2004-08-04 13:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2004-08-04 13:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010-05-05 20:06:42 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010-05-05 20:06:42 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010-03-25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008-11-17 16:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008-11-17 16:11:06 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008-11-17 16:11:04 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008-01-22 05:30:37 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2007-02-16 10:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2007-01-31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005-11-21 06:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005-08-16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005-03-10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004-10-21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004-08-31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004-08-18 14:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004-08-13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004-08-13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-08-13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-08-13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-08-13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-08-13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-08-13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-08-13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-08-13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-08-13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-08-12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004-08-04 13:00:00 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2004-08-04 13:00:00 | 000,200,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMCast.sys -- (RMCAST)
DRV - [2004-08-04 13:00:00 | 000,072,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2004-08-04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-07-14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004-06-17 21:57:02 | 000,200,064 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004-06-17 21:55:38 | 000,685,056 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004-06-17 21:55:04 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004-05-26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004-03-24 10:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002-10-15 14:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001-08-17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-1580436667-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-854245398-1580436667-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-09-06 19:41:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009-07-22 12:37:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\program files\unlocker\unlockerassistant.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-854245398-1580436667-725345543-500..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-854245398-1580436667-725345543-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1580436667-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1580436667-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-854245398-1580436667-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1580436667-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-854245398-1580436667-725345543-500\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1229599472503 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1229599412970 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ucd.ie
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-06-23 13:22:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-07-20 10:40:30 | 000,618,964 | ---- | M] () - F:\Autoruns.zip -- [ FAT ]
O32 - AutoRun File - [2009-08-30 20:17:12 | 000,048,904 | ---- | M] () - F:\autoruns.chm -- [ FAT ]
O32 - AutoRun File - [2010-06-11 10:28:34 | 000,585,080 | ---- | M] (Sysinternals - www.sysinternals.com) - F:\autorunsc.exe -- [ FAT ]
O32 - AutoRun File - [2010-06-11 10:28:38 | 000,703,352 | ---- | M] (Sysinternals - www.sysinternals.com) - F:\autoruns.exe -- [ FAT ]
O33 - MountPoints2\{6a46a074-8463-11dd-bc06-c414279315ed}\Shell - "" = AutoRun
O33 - MountPoints2\{6a46a074-8463-11dd-bc06-c414279315ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a46a074-8463-11dd-bc06-c414279315ed}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /k:D *sprestrt) - File not found
O34 - HKLM BootExecute: (prestrt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: 070700Setup.exe - hkey= - key= - C:\Documents and Settings\Administrator\Application Data\E6289A10BA1288988B7B845BC616BEF3\070700Setup.exe File not found
MsConfig - StartUpReg: ContentTransferWMDetector.exe - hkey= - key= - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: JDK5SWFMZY - hkey= - key= - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tbl.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: sta - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

File not found -- D:\My Documents\Tricia__ra211[1].wmv.
[2010-07-23 13:35:29 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010-07-23 10:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010-07-23 10:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010-07-20 14:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2010-07-20 14:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010-07-20 14:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010-07-20 11:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010-07-20 09:00:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010-07-15 19:37:06 | 000,000,000 | ---D | C] -- D:\My Documents\spain holland post
[2010-07-12 03:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\AsfTools 3.1
[2010-07-10 03:42:50 | 000,000,000 | ---D | C] -- C:\BraCa Soft
[2010-07-08 06:05:49 | 000,000,000 | ---D | C] -- D:\My Documents\FM Genie Scout 10
[2010-07-01 18:22:50 | 000,000,000 | ---D | C] -- D:\My Documents\fm mark
[2010-06-29 03:25:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ulead.dat
[2010-06-29 03:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead GIF Animator 2.0
[2010-06-29 03:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Noslip
[2010-06-29 03:22:01 | 000,000,000 | ---D | C] -- C:\Multimedia Files
[2010-06-29 03:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft GIF Animator
[2010-06-23 14:03:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010-06-21 15:21:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010-06-21 15:18:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010-06-21 15:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010-06-21 15:11:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-06-19 00:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\BitrateViewer
[2010-06-18 18:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StreamTorrent
[2010-06-18 18:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTorrent 1.0
[2010-05-21 14:57:20 | 000,000,000 | ---D | C] -- D:\My Documents\AQA Research 2010
[2010-05-09 09:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2010-05-09 09:01:11 | 000,642,632 | ---- | C] (EFD Software ) -- D:\My Documents\hdtune_255.exe
[2010-05-06 03:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2010-05-06 03:50:53 | 004,750,949 | ---- | C] (DiskInternals Research) -- D:\My Documents\CD_DVD_Recovery.exe
[2010-05-06 03:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net
[2010-05-06 03:43:08 | 000,405,592 | ---- | C] (Roadkil.Net ) -- D:\My Documents\UnstopCpy_4_4_Win2K_UP_Setup.exe
[2010-05-05 20:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[9 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[44 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

File not found -- D:\My Documents\Tricia__ra211[1].wmv.
[2010-07-31 14:10:10 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\izecgzg.sys
[2010-07-31 13:34:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010-07-31 13:33:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010-07-23 14:52:40 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-23 14:20:16 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to IEXPLORE.EXE.lnk
[2010-07-23 13:35:28 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010-07-23 12:22:44 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-23 11:03:02 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-23 11:02:35 | 000,658,106 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-23 11:02:35 | 000,545,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-23 11:02:35 | 000,100,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-23 10:57:31 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-07-23 10:52:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-23 10:51:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-23 10:49:19 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-07-23 10:45:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010-07-23 10:45:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-07-23 10:45:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-07-23 10:44:58 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010-07-23 10:43:53 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-07-23 10:43:53 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-07-23 10:43:26 | 000,001,076 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-23 10:42:03 | 000,023,584 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-07-23 10:41:16 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010-07-23 10:39:42 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010-07-23 10:30:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-20 15:03:34 | 000,002,068 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010-07-20 14:47:29 | 012,845,056 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010-07-20 14:33:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-07-20 14:33:04 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010-07-20 14:32:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-06-29 03:38:32 | 000,000,212 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010-06-29 03:38:32 | 000,000,037 | ---- | M] () -- C:\WINDOWS\ULVIO40.INI
[2010-06-29 03:26:00 | 000,003,908 | ---- | M] () -- C:\WINDOWS\System32\Gaeffect.sti
[2010-06-29 03:26:00 | 000,002,024 | ---- | M] () -- C:\WINDOWS\System32\Gafilter.sti
[2010-06-29 03:25:58 | 000,000,078 | -H-- | M] () -- C:\WINDOWS\System32\Kene32.uns
[2010-06-21 17:17:55 | 001,465,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Logfile.CSV
[2010-06-21 15:18:50 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-06-19 00:12:54 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bitrate Viewer.lnk
[2010-06-18 18:23:52 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\StreamTorrent 1.0.lnk.xml
[2010-05-09 09:01:39 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HD Tune.lnk
[2010-05-09 09:01:16 | 000,642,632 | ---- | M] (EFD Software ) -- D:\My Documents\hdtune_255.exe
[2010-05-06 03:50:53 | 004,750,949 | ---- | M] (DiskInternals Research) -- D:\My Documents\CD_DVD_Recovery.exe
[2010-05-06 03:45:11 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[9 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[44 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-31 13:36:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\7564huid74.exe
[2010-07-23 14:20:16 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to IEXPLORE.EXE.lnk
[2010-07-23 12:22:44 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-23 10:43:53 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-07-23 10:43:45 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-07-23 10:30:11 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010-07-23 10:30:11 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010-07-23 10:30:11 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010-07-23 10:30:11 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010-07-23 10:30:11 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010-07-23 10:30:11 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010-07-23 10:30:11 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010-07-23 10:30:10 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010-07-23 10:30:10 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010-07-23 10:30:10 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010-07-23 10:30:10 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010-07-23 10:30:10 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010-07-23 10:30:10 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010-07-23 10:30:10 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010-07-23 10:30:10 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010-07-23 10:30:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010-07-23 10:30:09 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010-07-23 10:30:09 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010-07-20 14:39:33 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-07-20 14:33:04 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010-07-20 14:32:56 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-07-20 11:03:37 | 000,002,068 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010-07-20 06:04:21 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\izecgzg.sys
[2010-07-13 13:52:53 | 001,141,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-07-12 03:44:10 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AsfTools 3.1.lnk
[2010-07-10 03:43:01 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FMRTE.lnk
[2010-06-29 03:26:03 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ULVIO40.INI
[2010-06-29 03:25:53 | 000,000,212 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2010-06-29 03:25:40 | 000,000,078 | -H-- | C] () -- C:\WINDOWS\System32\Kene32.uns
[2010-06-29 03:25:13 | 000,003,908 | ---- | C] () -- C:\WINDOWS\System32\Gaeffect.sti
[2010-06-29 03:25:13 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\Gafilter.sti
[2010-06-21 17:17:54 | 001,465,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Logfile.CSV
[2010-06-19 00:12:54 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bitrate Viewer.lnk
[2010-06-18 18:23:52 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\StreamTorrent 1.0.lnk
[2010-05-09 09:01:39 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HD Tune.lnk
[2010-05-06 03:45:11 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Roadkil's Unstoppable Copier.lnk
[2009-11-26 04:57:03 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-11-26 04:57:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-11-26 04:57:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-11-26 04:57:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-11-26 04:57:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-11-26 04:57:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-06 19:44:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-12-18 00:49:31 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2007-12-17 06:35:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007-12-17 03:41:19 | 000,000,134 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2007-10-31 10:10:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007-09-04 22:30:54 | 000,000,109 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2007-09-04 22:21:23 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\pdfutil.ini
[2007-07-05 04:27:55 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2007-07-05 04:27:55 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007-07-05 04:27:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2007-07-05 04:27:55 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007-06-08 00:57:05 | 000,001,210 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007-06-02 05:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007-06-01 23:56:13 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007-03-18 00:09:58 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2007-01-24 09:45:58 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006-08-12 23:32:39 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Cryvideoslpitter.ini
[2006-01-16 18:38:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2005-11-06 00:56:30 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005-08-09 23:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005-08-09 23:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005-06-28 16:36:06 | 000,000,679 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005-06-28 13:06:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2005-06-27 12:52:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-06-24 16:00:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2004-09-22 20:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004-08-12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004-08-04 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001-07-06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008-05-11 18:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado
[2006-03-21 20:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010-02-10 03:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2009-05-30 02:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BraCa_Soft
[2009-11-17 12:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CDRoller
[2008-10-21 14:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010-04-28 07:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FLV Extract
[2010-01-25 08:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
[2007-03-28 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GEAR DVD Standard Edition 7.02
[2007-03-30 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GEAR PRO Mastering Edition 7.01
[2010-02-09 21:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2008-09-17 17:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2010-02-11 03:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2009-03-31 13:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iPodder
[2006-05-09 03:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KeySafe
[2005-09-02 14:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008-08-05 22:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mael
[2007-06-01 22:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2008-11-14 06:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ReaSoft
[2008-01-22 05:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Regrun
[2007-03-30 21:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RelevantReach
[2010-07-08 00:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sports Interactive
[2010-06-18 18:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StreamTorrent
[2007-11-15 10:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010-06-12 02:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008-08-24 04:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VideoReDoPlus
[2010-07-04 22:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2010-04-21 10:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinFF
[2010-05-05 20:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008-10-10 15:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2008-01-23 21:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006-12-16 00:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2008-01-25 01:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005-06-24 15:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010-07-08 00:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2008-10-19 06:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-08-21 23:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010-07-23 10:57:31 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2004-08-04 13:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010-07-23 11:26:08 | 001,048,576 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-07-20 14:33:38 | 000,786,432 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010-07-23 11:26:08 | 030,932,992 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-07-23 11:26:08 | 006,029,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2005-06-23 13:22:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008-01-26 17:10:56 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2010-07-23 10:39:42 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2004-08-04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010-01-25 17:49:53 | 000,151,211 | ---- | M] () -- C:\ComboFix.txt
[2005-06-23 13:22:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-07-12 03:15:27 | 000,035,115 | ---- | M] () -- C:\debug.log
[2007-06-19 06:32:56 | 002,473,984 | ---- | M] (Sports Interactive) -- C:\fm data editor.exe
[2007-08-03 04:36:02 | 000,006,367 | ---- | M] () -- C:\grab55129.jpg
[2005-06-23 13:22:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-07-15 02:43:31 | 000,000,158 | ---- | M] () -- C:\Java hello world.java
[2008-07-27 15:38:56 | 004,195,950 | ---- | M] () -- C:\Latitude D510 Service Manual.exe
[2010-05-21 00:03:10 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005-06-23 13:22:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010-07-23 10:51:38 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2007-09-04 22:36:51 | 000,000,140 | ---- | M] () -- C:\pdfinfo.ini
[2008-05-27 11:11:22 | 000,003,792 | ---- | M] () -- C:\rapport.txt
[2006-11-01 13:06:18 | 000,162,616 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\RegDelNull.exe
[2005-09-25 20:29:56 | 001,221,561 | ---- | M] () -- C:\usersgd.chm
[2008-01-13 10:30:24 | 000,000,502 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004-03-22 23:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004-08-04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004-08-04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005-04-25 16:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008-04-14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009-02-06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009-02-06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004-08-04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004-08-04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005-05-17 23:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005-05-17 23:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004-08-04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004-08-04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008-04-14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: USER32.DLL >
[2005-03-02 19:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007-03-08 16:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2007-03-08 16:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
[2008-04-14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[2007-03-08 16:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
[2004-08-04 13:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\ERDNT\cache\user32.dll
[2004-08-04 13:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll
[2005-03-02 19:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll

< MD5 for: WS2_32.DLL >
[2008-04-14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[2004-08-04 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004-08-04 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 792 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFCC8572
@Alternate Data Stream - 56376 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_MVPUV9PFSVSJTX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPPX45BB8LLSV5XLFUT1YHS6J5KV14TEJSVVNJTK
@Alternate Data Stream - 56376 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_MVPUV9PFSVSJTX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPPX45BB8LLSV5XLFUT1YHS6J5KV14TEJSVVNJTK
@Alternate Data Stream - 56213 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_MVPUV9PFSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFLPXB564BPLBB5N14D0B8F0LFUTVLJVMVFVV14TE
@Alternate Data Stream - 56213 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_MVPUV9PFSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFLPXB564BPLBB5N14D0B8F0LFUTVLJVMVFVV14TE
@Alternate Data Stream - 55966 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVVUV9PFSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFVLPV5VTBVPBV5
@Alternate Data Stream - 55920 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_MVVUV9PKSVSJTX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPPX45BB8LLSV5VVVVVVVVVVJVK
@Alternate Data Stream - 55920 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_MVVUV9PKSVSJTX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPPX45BB8LLSV5VVVVVVVVVVJVK
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVVUV9PKSVSJTX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPPX45BB8LLSV5VVVVVVVVVVJVK
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVVUV9PKSVSJTX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPPX45BB8LLSV5VVVVVVVVVVJVK
@Alternate Data Stream - 164 bytes -> D:\My Documents\StateSpace.pdf:SummaryInformation
@Alternate Data Stream - 164 bytes -> D:\My Documents\lecture1.pdf:SummaryInformation
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC8F170A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

Attached Files

  • Attached File  ark.txt   7.8KB   1 downloads


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 31 July 2010 - 09:55 AM

Hello, apsdub79.

A few more things before we start cleaning. You definitely have a rootkit.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case several of them). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Do you know what this file is?

C:\Documents and Settings\Administrator\Desktop\7564huid74.exe



Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 3

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 10:22 AM

Re backdoor/rootkit

As I mentioned in my opening post the screen is busted on the laptop and the HDTV it is connected to only receives a signal once the Windows logon appears. So doing a format/clean install isn't an option and I cannot financially afford a new machine at this moment. Changing passwords and contacting my bank (and other websites with credit card details) was the first thing I did, plus I have been in consistent contact over the phone so hopefully I'm okay on that front.

Re Peer to Peer

Believe me, lesson learnt although when I got infected (as far as I knew) I was downloading from known file hosters which I had never had any issues with before.

Re Trusted Zones
Can you point me to where in the logs it suggests I have something set? The reason I ask is there are none set in the IE Security options. there are a bunch of sites in the Restricted section but to be honest I do not remember setting those manually and do not recognise any of them e.g. install.007guard.com.

Re 7564huid74.exe
The last time I ran GMER it was automatically renamed to a random name when I downloaded it. This time it didn't so I renamed it myself before running it. If this was an amateur hour mistake my apologies and let me know if I should run it again (I can almost see you face palming ;))

========
MBR Check
========


MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 MBR Code Faked!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit.

=====
HAlog
=====


C:\Documents and Settings\Administrator\Desktop\HAMeb_check.exe
2010-07-31 at 16:17:05.17

Account active No
Local Group Memberships *Administrators

~~ Checking profile list ~~

S-1-5-21-854245398-1580436667-725345543-1000
%SystemDrive%\Documents and Settings\HelpAssistant

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8621FB4C]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x04A8143F
malicious code @ sector 0x04A81442 !
PE file found in sector at 0x04A81458 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll present!


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Disabled:Remote Desktop

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Disabled:Remote Desktop


~~ EOF ~~

-----------------------------------

I'm guessing fixing the MBR is going to be difficult considering I have a broken laptop screen and only get a signal on the HDTV when the Windows logon appears.





#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 31 July 2010 - 10:49 AM

Hello, apsdub79.
It has "msn" in the trusted zone; although it's not set up like "msn.com" so it's probably just an orphaned entry from MS.

No worires on GMER, that's fine.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 11:07 AM

I don't have the Recovery Console installed. Should I take the 'clean' laptop I am typing from off the network before connecting the infected one in order to download?

The reason I ask is that when I first had no connectivity issues with the infected machine, I tried from this laptop and also got the same connectivity issues. Once the network connection was disabled on the infected machine the 'clean' machine was able to connect. So as a 'noob' that makes me concerned about the 'infection' spreading via the router/network.

Again, apologies for the constant questions but I'd rather be safe than sorry as this isn't my laptop I am typing from.

EDIT
So I went ahead and did that but my Network connections are not functioning on the infected machine. I get 'Connection failed!' error flash up on the screen. At this moment I have the Combofix Error message

'You do not appear to be connected to the internet. Kindly connect before clicking OK'

What should I do now?

EDIT 2 @ 18:40 GMT (about 12:40 forum clock)

So I clicked okay and Combofix ran. It rebooted straight away because of a rootkit. I'm paraphrasing here because it happened very quickly

Combofix found rootkit
needs to reboot
[red x error]Application failed to initialise
…DLLs
…nircmd.exe


So Windows rebooted and Combofix ran. When combofix finished (the log file appeared and taskbar returned) a couple of command prompt screens popped up real quickly and I didn’t catch if anything was written in them. Also Adobe Flash Player popped up telling me an update was available. I have not clicked anything just in case and the ‘Update Adobe Flash’ GUI is still sitting on my desktop.

==========
COMBOFIX LOG
==========


ComboFix 10-07-30.04 - 98277332 2010-07-31 18:23:43.80.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.566 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\etavaresCF.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
d:\my documents\backup.reg

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-23 12:35 . 2010-07-23 12:35 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-23 10:03 . 2006-06-06 17:05 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-07-23 09:40 . 2004-08-03 23:56 152576 ----a-w- c:\windows\system32\irftp.exe
2010-07-23 09:40 . 2004-08-03 23:56 27136 ----a-w- c:\windows\system32\irmon.dll
2010-07-23 09:40 . 2004-08-03 22:00 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2010-07-23 09:40 . 2004-08-03 23:56 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-07-23 09:33 . 2001-08-17 12:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-07-23 09:30 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-07-23 09:30 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-07-20 13:45 . 2010-05-21 13:14 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-07-20 13:36 . 2010-07-20 13:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2010-07-20 13:36 . 2010-07-20 13:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-07-20 13:33 . 2010-07-20 13:33 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-20 10:00 . 2010-07-20 10:05 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-20 05:04 . 2010-07-20 05:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-20 05:04 . 2010-07-31 17:32 766976 ----a-w- c:\windows\system32\drivers\izecgzg.sys
2010-07-13 12:52 . 2010-07-17 07:30 1141248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-12 02:44 . 2010-07-12 02:44 -------- d-----w- c:\program files\AsfTools 3.1
2010-07-12 02:37 . 2001-01-07 17:30 413760 ----a-w- c:\windows\system32\MPG4c32.dll
2010-07-10 08:43 . 2010-07-10 08:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-10 02:42 . 2010-07-10 02:42 -------- d-----w- C:\BraCa Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 11:22 . 2008-09-17 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 09:42 . 2005-06-23 12:19 23584 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-20 13:26 . 2005-06-24 14:08 -------- d-----w- c:\program files\Sophos
2010-07-18 22:55 . 2010-04-28 07:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-07 23:53 . 2008-11-19 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-07-07 23:53 . 2008-11-19 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sports Interactive
2010-07-05 05:21 . 2007-03-25 05:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2010-07-04 21:26 . 2007-12-01 11:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2010-06-29 02:29 . 2010-06-29 02:25 -------- d-----w- c:\program files\Ulead GIF Animator 2.0
2010-06-29 02:23 . 2010-06-29 02:21 -------- d-----w- c:\program files\Microsoft GIF Animator
2010-06-21 20:14 . 2010-03-06 12:03 -------- d-----w- c:\program files\CCleaner
2010-06-18 23:12 . 2010-06-18 23:12 -------- d-----w- c:\program files\BitrateViewer
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\StreamTorrent
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\program files\StreamTorrent 1.0
2010-06-12 01:18 . 2008-11-20 00:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-05-05 19:06 . 2010-05-05 19:06 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-05-05 19:06 . 2010-05-05 19:06 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-05-05 19:06 . 2010-05-05 19:06 132480 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-05-05 19:06 . 2010-05-05 19:06 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2008-05-22 03:47 . 2007-09-21 00:10 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((( SnapShot_2010-01-25_16.47.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-31 17:22 . 2010-07-31 17:22 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat
+ 2010-07-31 17:22 . 2010-07-31 17:22 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
+ 2005-06-29 12:35 . 2009-08-06 19:24 44768 c:\windows\system32\wups2.dll
+ 2004-05-20 01:00 . 2004-05-20 01:00 28672 c:\windows\system32\VXBLOCK.dll
+ 2010-02-08 15:04 . 2004-08-13 01:05 61498 c:\windows\system32\tfswapi.dll
+ 2005-06-24 12:12 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-01-27 21:51 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
+ 2010-01-25 23:45 . 2009-08-06 19:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-01-25 23:45 . 2009-08-06 19:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-24 15:06 . 2004-08-24 15:06 10752 c:\windows\system32\PXWMA.dll
+ 2007-06-03 02:31 . 2010-03-06 12:14 25992 c:\windows\system32\pgdfgsvc.exe
- 2007-06-03 02:31 . 2007-06-03 02:31 25992 c:\windows\system32\pgdfgsvc.exe
+ 2006-06-29 07:05 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 07:05 . 2006-06-29 07:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 16:59 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 16:59 . 2006-06-28 16:59 24576 c:\windows\system32\nlsdl.dll
+ 2007-08-13 17:36 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 17:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:39 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
- 2006-06-29 07:05 . 2006-06-29 07:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 07:05 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 17:36 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2004-08-03 23:15 . 2004-08-04 12:00 60800 c:\windows\system32\drivers\sysaudio.sys
- 2004-08-03 23:15 . 2004-08-03 23:15 60800 c:\windows\system32\drivers\sysaudio.sys
- 2001-08-17 14:00 . 2001-08-17 14:00 54272 c:\windows\system32\drivers\swmidi.sys
+ 2001-08-17 14:00 . 2004-08-04 12:00 54272 c:\windows\system32\drivers\swmidi.sys
+ 2010-02-08 15:04 . 2004-07-14 11:28 23545 c:\windows\system32\drivers\ssrtln.sys
+ 2004-08-02 02:03 . 2004-08-02 02:03 20576 c:\windows\system32\drivers\pxhelp20.sys
- 2008-09-17 17:59 . 2010-01-07 16:07 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2008-09-17 17:59 . 2010-04-29 14:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2008-09-17 17:59 . 2010-04-29 14:39 20952 c:\windows\system32\drivers\mbam.sys
- 2006-02-13 00:28 . 2005-08-12 05:20 40544 c:\windows\system32\drivers\DRVNDDM.SYS
+ 2010-02-08 15:04 . 2004-08-13 02:56 40544 c:\windows\system32\drivers\drvnddm.sys
+ 2010-02-08 15:04 . 2004-08-04 03:21 87136 c:\windows\system32\drivers\drvmcdb.sys
+ 2004-08-03 23:08 . 2004-08-04 12:00 60288 c:\windows\system32\drivers\drmk.sys
- 2004-08-03 23:08 . 2004-08-03 23:08 60288 c:\windows\system32\drivers\drmk.sys
+ 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\dllcache\rassapi.dll
+ 2004-08-03 23:56 . 2004-08-03 23:56 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 45083 c:\windows\system32\dllcache\dispex.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\dllcache\defrag.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 27136 c:\windows\system32\dllcache\ctl3d32.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 60416 c:\windows\system32\dllcache\cryptsvc.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 63488 c:\windows\system32\dllcache\cryptnet.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 53760 c:\windows\system32\dllcache\cryptext.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 33280 c:\windows\system32\dllcache\cryptdll.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 74752 c:\windows\system32\dllcache\cryptdlg.dll
+ 2007-06-01 22:39 . 2004-08-04 12:00 46592 c:\windows\system32\dllcache\coadmin.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\dllcache\cfgmgr32.dll
+ 2004-08-03 23:56 . 2004-08-03 23:56 16439 c:\windows\system32\dllcache\author.exe
+ 2004-08-03 23:56 . 2004-08-03 23:56 20540 c:\windows\system32\dllcache\author.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 30208 c:\windows\system32\dllcache\atmlib.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 65024 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 98304 c:\windows\system32\dllcache\ahui.exe
+ 2005-06-24 12:18 . 2004-08-04 12:00 43520 c:\windows\system32\dllcache\admwprox.dll
+ 2004-08-03 23:56 . 2004-08-03 23:56 16439 c:\windows\system32\dllcache\admin.exe
+ 2004-08-03 23:56 . 2004-08-03 23:56 20540 c:\windows\system32\dllcache\admin.dll
+ 2010-02-08 15:04 . 2004-08-13 01:05 98714 c:\windows\system32\dla\tfsnudf.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 14715 c:\windows\system32\dla\tfsnopio.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 86202 c:\windows\system32\dla\tfsnifs.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 34843 c:\windows\system32\dla\tfsncofs.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 25723 c:\windows\system32\dla\tfsnboio.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 77882 c:\windows\system32\dla\dlainst.dll
+ 2009-05-23 04:49 . 2010-07-23 09:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-23 04:49 . 2010-01-25 16:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-23 09:52 . 2010-07-23 09:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010072320100724\index.dat
- 2005-06-23 12:25 . 2010-01-25 16:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-23 12:25 . 2010-07-23 09:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-25 16:28 . 2010-01-25 16:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-23 09:32 . 2010-07-23 09:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-01-23 03:48 . 2005-10-12 23:12 22752 c:\windows\SoftwareDistribution\Download\e60a088c9764a807d8772c4702fa7671\update\spcustom.dll
- 2008-01-23 03:48 . 2005-10-12 23:12 14048 c:\windows\SoftwareDistribution\Download\e60a088c9764a807d8772c4702fa7671\spmsg.dll
- 2006-11-20 10:17 . 2006-11-20 10:17 33280 c:\windows\SoftwareDistribution\Download\e60a088c9764a807d8772c4702fa7671\sp2qfe\snmp.exe
- 2006-11-20 08:42 . 2006-11-20 08:42 33280 c:\windows\SoftwareDistribution\Download\e60a088c9764a807d8772c4702fa7671\sp2gdr\snmp.exe
- 2007-10-27 16:39 . 2007-10-27 16:39 13536 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\spmsg.dll
+ 2010-06-29 02:25 . 1997-10-13 11:21 15872 c:\windows\Noslip\ToUrl.exe
+ 2010-02-08 15:04 . 2010-02-08 15:04 49152 c:\windows\Installer\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}\ARPIcon.exe
- 2007-11-29 09:41 . 2007-11-29 09:41 49152 c:\windows\Installer\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}\ARPIcon.exe
+ 2010-06-21 14:14 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-21 14:14 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-21 14:14 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-21 14:12 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-06-21 14:11 . 2007-08-13 18:36 44544 c:\windows\ie8\pngfilt.dll
+ 2010-06-21 14:11 . 2007-08-13 18:01 48128 c:\windows\ie8\mshtmler.dll
+ 2010-06-21 14:11 . 2007-08-13 18:32 45568 c:\windows\ie8\mshta.exe
+ 2010-06-21 14:11 . 2007-08-13 17:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-06-21 14:11 . 2007-08-13 17:54 50688 c:\windows\ie8\msfeedsbs.dll
+ 2010-06-21 14:11 . 2007-08-13 18:44 40960 c:\windows\ie8\licmgr10.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 27136 c:\windows\ie8\jsproxy.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 92672 c:\windows\ie8\inseng.dll
+ 2010-06-21 14:11 . 2007-08-13 18:36 36352 c:\windows\ie8\imgutil.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 55296 c:\windows\ie8\iesetup.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 43008 c:\windows\ie8\iernonce.dll
+ 2010-06-21 14:11 . 2007-08-13 18:45 78336 c:\windows\ie8\ieencode.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 54784 c:\windows\ie8\ie4uinit.exe
+ 2010-06-21 14:11 . 2007-08-13 17:36 61952 c:\windows\ie8\icardie.dll
+ 2010-06-21 14:11 . 2007-08-13 18:18 60416 c:\windows\ie8\hmmapi.dll
+ 2010-06-21 14:11 . 2007-08-13 18:42 17408 c:\windows\ie8\corpol.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 71680 c:\windows\ie8\admparse.dll
- 2009-07-21 03:07 . 2007-08-13 17:52 66048 c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2009-07-21 03:07 . 2007-08-13 18:52 66048 c:\windows\ie7\spuninst\ieResetIcons.exe
- 2009-07-21 03:07 . 2007-08-13 17:54 32960 c:\windows\ie7\spuninst\iecustom.dll
+ 2009-07-21 03:07 . 2007-08-13 18:54 32960 c:\windows\ie7\spuninst\iecustom.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 39424 c:\windows\ie7\pngfilt.dll
- 2009-07-21 03:06 . 2008-10-16 10:37 39424 c:\windows\ie7\pngfilt.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 96256 c:\windows\ie7\occache.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 96256 c:\windows\ie7\occache.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 56832 c:\windows\ie7\mshtmler.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 56832 c:\windows\ie7\mshtmler.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 29184 c:\windows\ie7\mshta.exe
+ 2010-01-26 01:18 . 2004-08-04 12:00 29184 c:\windows\ie7\mshta.exe
- 2009-07-21 03:06 . 2004-08-04 12:00 22016 c:\windows\ie7\licmgr10.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 22016 c:\windows\ie7\licmgr10.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 15872 c:\windows\ie7\jsproxy.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 96256 c:\windows\ie7\inseng.dll
- 2009-07-21 03:06 . 2008-10-16 10:37 96256 c:\windows\ie7\inseng.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 35840 c:\windows\ie7\imgutil.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 35840 c:\windows\ie7\imgutil.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 93184 c:\windows\ie7\iexplore.exe
- 2009-07-21 03:06 . 2004-08-03 23:56 93184 c:\windows\ie7\iexplore.exe
+ 2010-01-26 01:18 . 2004-08-04 12:00 62976 c:\windows\ie7\iesetup.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 62976 c:\windows\ie7\iesetup.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 48640 c:\windows\ie7\iernonce.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 48640 c:\windows\ie7\iernonce.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 81920 c:\windows\ie7\ieencode.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 81920 c:\windows\ie7\ieencode.dll
- 2009-07-21 03:06 . 2008-10-15 09:45 18432 c:\windows\ie7\iedw.exe
+ 2010-01-26 01:18 . 2004-08-04 12:00 18432 c:\windows\ie7\iedw.exe
- 2009-07-21 03:06 . 2004-08-04 12:00 34304 c:\windows\ie7\ie4uinit.exe
+ 2010-01-26 01:18 . 2004-08-04 12:00 34304 c:\windows\ie7\ie4uinit.exe
- 2009-07-21 03:06 . 2004-08-03 23:56 38912 c:\windows\ie7\hmmapi.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 38912 c:\windows\ie7\hmmapi.dll
- 2009-07-21 03:06 . 2008-10-16 10:37 55808 c:\windows\ie7\extmgr.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 55808 c:\windows\ie7\extmgr.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 35328 c:\windows\ie7\corpol.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 35328 c:\windows\ie7\corpol.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 99840 c:\windows\ie7\advpack.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 99840 c:\windows\ie7\advpack.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 61440 c:\windows\ie7\admparse.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 61440 c:\windows\ie7\admparse.dll
+ 2010-02-08 15:04 . 2004-08-13 01:05 98358 c:\windows\dla.exe
+ 2010-06-21 14:14 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB982632-IE8\update\spcustom.dll
+ 2010-06-21 14:14 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB982632-IE8\spmsg.dll
+ 2010-06-21 14:05 . 2010-04-16 11:12 41984 c:\windows\$hf_mig$\KB982632-IE8\SP3QFE\iecompat.dll
+ 2010-06-21 14:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2010-06-21 14:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2010-06-21 14:07 . 2010-05-06 10:36 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2010-06-21 14:07 . 2010-05-06 10:36 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2010-06-21 14:07 . 2010-05-06 10:36 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2010-06-29 02:25 . 2010-06-29 02:25 2484 c:\windows\ulead.dat\VIOFMT40.DAT
+ 2010-02-08 15:04 . 2004-07-14 11:29 5627 c:\windows\system32\drivers\sscdbhk5.sys
- 2004-08-03 22:58 . 2004-08-03 22:58 4992 c:\windows\system32\drivers\MSPQM.sys
+ 2004-08-03 22:58 . 2004-08-04 12:00 4992 c:\windows\system32\drivers\mspqm.sys
+ 2004-08-03 22:58 . 2004-08-04 12:00 5376 c:\windows\system32\drivers\mspclock.sys
- 2004-08-03 22:58 . 2004-08-03 22:58 5376 c:\windows\system32\drivers\MSPCLOCK.sys
+ 2004-08-03 22:58 . 2004-08-04 12:00 7552 c:\windows\system32\drivers\mskssrv.sys
- 2004-08-03 22:58 . 2004-08-03 22:58 7552 c:\windows\system32\drivers\MSKSSRV.sys
+ 2004-08-03 23:07 . 2004-08-04 12:00 2944 c:\windows\system32\drivers\drmkaud.sys
- 2004-08-03 23:07 . 2004-08-03 23:07 2944 c:\windows\system32\drivers\drmkaud.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 6363 c:\windows\system32\dla\tfsnpool.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 2239 c:\windows\system32\dla\tfsndres.sys
+ 2010-02-08 15:04 . 2004-08-13 01:05 4123 c:\windows\system32\dla\tfsndrct.sys
+ 2010-06-21 14:14 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB982632-IE8\iecompat.dll
+ 2005-06-23 13:11 . 2004-08-04 12:00 921088 c:\windows\WinSxS\InstallTemp\73434\comctl32.dll
- 2009-07-21 03:04 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
+ 2009-07-21 03:04 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2005-06-24 12:19 . 2004-08-04 12:00 120320 c:\windows\system32\wuweb.dll
+ 2004-08-04 12:00 . 2004-08-11 01:45 871160 c:\windows\system32\wmvdmod.dll
- 2004-08-04 12:00 . 2004-08-11 00:45 871160 c:\windows\system32\wmvdmod.dll
+ 2004-08-04 12:00 . 2004-08-11 01:45 531192 c:\windows\system32\wmspdmod.dll
- 2004-08-04 12:00 . 2004-08-11 00:45 531192 c:\windows\system32\wmspdmod.dll
+ 2004-08-04 12:00 . 2004-08-11 01:45 773368 c:\windows\system32\wmsdmod.dll
- 2004-08-04 12:00 . 2004-08-11 00:45 773368 c:\windows\system32\wmsdmod.dll
+ 2004-08-04 12:00 . 2004-08-11 01:45 380144 c:\windows\system32\wmadmod.dll
- 2004-08-04 12:00 . 2004-08-11 00:45 380144 c:\windows\system32\wmadmod.dll
+ 2007-08-13 17:45 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-24 15:04 . 2004-08-24 15:04 339968 c:\windows\system32\PxWave.dll
+ 2004-08-24 15:04 . 2004-08-24 15:04 159744 c:\windows\system32\pxmas.dll
+ 2004-09-07 01:01 . 2004-09-07 01:01 389120 c:\windows\system32\pxdrv.dll
+ 2004-08-24 15:05 . 2004-08-24 15:05 360448 c:\windows\system32\Px.dll
- 2001-08-23 12:00 . 2010-01-25 16:36 545812 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-07-23 10:02 545812 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-01-25 16:36 100946 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-07-23 10:02 100946 c:\windows\system32\perfc009.dat
+ 2005-01-20 15:25 . 2005-01-20 15:25 339968 c:\windows\system32\msvcr70.dll
+ 2007-08-13 17:54 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2007-08-13 17:54 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2007-07-11 11:27 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2010-03-25 20:30 . 2010-03-25 20:30 151216 c:\windows\system32\drivers\MpFilter.sys
+ 2004-08-03 23:07 . 2004-08-04 12:00 171776 c:\windows\system32\drivers\kmixer.sys
- 2004-08-03 23:07 . 2004-08-03 23:07 171776 c:\windows\system32\drivers\kmixer.sys
- 2004-08-03 22:39 . 2004-08-03 22:39 142464 c:\windows\system32\drivers\aec.sys
+ 2004-08-03 22:39 . 2004-08-04 12:00 142464 c:\windows\system32\drivers\aec.sys
+ 2007-06-01 22:56 . 2004-08-04 12:00 138752 c:\windows\system32\dllcache\sndvol32.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 924432 c:\windows\system32\dllcache\mfc40u.dll
+ 2004-08-03 23:56 . 2004-08-03 23:56 184435 c:\windows\system32\dllcache\fp4amsft.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 143360 c:\windows\system32\dllcache\fastfat.sys
+ 2004-08-04 12:00 . 2004-08-04 12:00 137216 c:\windows\system32\dllcache\dssenh.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 512512 c:\windows\system32\dllcache\cryptui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 597504 c:\windows\system32\dllcache\crypt32.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 252928 c:\windows\system32\dllcache\compatui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 276992 c:\windows\system32\dllcache\comdlg32.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 611328 c:\windows\system32\dllcache\comctl32.dll
+ 2004-08-03 23:56 . 2004-08-03 23:56 188480 c:\windows\system32\dllcache\cfgwiz.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 580608 c:\windows\system32\dllcache\autofmt.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 126976 c:\windows\system32\dllcache\apphelp.dll
+ 2007-06-01 22:39 . 2004-08-04 12:00 290816 c:\windows\system32\dllcache\adsiis51.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 244736 c:\windows\system32\dllcache\acspecfc.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 114688 c:\windows\system32\dllcache\aclui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 450048 c:\windows\system32\dllcache\aclayers.dll
+ 2010-02-08 15:04 . 2004-08-13 01:05 118842 c:\windows\system32\dla\tfswshx.dll
+ 2010-02-08 15:04 . 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe
+ 2010-02-08 15:04 . 2004-08-13 01:05 241727 c:\windows\system32\dla\tfswcres.dll
+ 2010-02-08 15:04 . 2004-08-13 01:05 258106 c:\windows\system32\dla\tfswcmd.exe
+ 2010-02-08 15:04 . 2004-08-13 01:05 100603 c:\windows\system32\dla\tfsnudfa.sys
- 2008-01-23 03:48 . 2005-10-12 23:12 371424 c:\windows\SoftwareDistribution\Download\e60a088c9764a807d8772c4702fa7671\update\updspapi.dll
- 2008-01-23 03:48 . 2005-10-12 23:12 716000 c:\windows\SoftwareDistribution\Download\e60a088c9764a807d8772c4702fa7671\update\update.exe
- 2008-01-23 03:48 . 2005-10-12 23:12 213216 c:\windows\SoftwareDistribution\Download\e60a088c9764a807d8772c4702fa7671\spuninst.exe
- 2007-10-27 17:39 . 2007-10-27 17:39 230912 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\wmp9nl\wmasf.dll
- 2007-10-27 17:38 . 2007-10-27 17:38 222720 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\wmp9l\wmasf.dll
- 2007-10-27 17:40 . 2007-10-27 17:40 222720 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\wmp11\wmasf.dll
- 2007-10-27 17:40 . 2007-10-27 17:40 227328 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\wmp10\wmasf.dll
- 2007-10-27 16:39 . 2007-10-27 16:39 371424 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\update\updspapi.dll
- 2007-10-27 16:39 . 2007-10-27 16:39 716000 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\update\update.exe
- 2007-10-27 16:39 . 2007-10-27 16:39 213216 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\spuninst.exe
- 2007-10-27 17:39 . 2007-10-27 17:39 228864 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\emerald\wmasf.dll
- 2005-06-23 12:25 . 2010-01-25 16:22 843776 c:\windows\repair\ntuser.dat
+ 2005-06-23 12:25 . 2010-07-23 09:45 843776 c:\windows\repair\ntuser.dat
+ 2010-03-02 12:32 . 2004-08-11 01:45 871160 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2005-06-29 13:03 . 2004-08-11 00:45 871160 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2010-03-02 12:32 . 2004-08-11 01:45 531192 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2005-06-29 13:03 . 2004-08-11 00:45 531192 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2010-03-02 12:32 . 2004-08-11 01:45 773368 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2005-06-29 13:03 . 2004-08-11 00:45 773368 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2005-06-29 13:03 . 2004-08-11 00:45 380144 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2010-03-02 12:32 . 2004-08-11 01:45 380144 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2010-02-08 15:04 . 2010-02-08 15:04 198144 c:\windows\Installer\5122b7.msi
+ 2010-07-20 13:33 . 2010-07-20 13:33 272384 c:\windows\Installer\3aabc.msi
+ 2010-07-20 13:33 . 2010-07-20 13:33 254976 c:\windows\Installer\3aab6.msi
+ 2010-07-20 13:31 . 2010-07-20 13:31 301056 c:\windows\Installer\3aab0.msi
+ 2010-07-10 02:43 . 2010-07-10 02:44 362870 c:\windows\Installer\{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}\_6FEFF9B68218417F98F549.exe
+ 2010-07-10 02:43 . 2010-07-10 02:44 362870 c:\windows\Installer\{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}\_600D5F3B75BD1933260DF9.exe
+ 2010-07-10 02:43 . 2010-07-10 02:44 362870 c:\windows\Installer\{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}\_05A8DE730FD698176E19C7.exe
+ 2010-06-21 14:14 . 2009-05-26 09:01 382840 c:\windows\ie8updates\KB982632-IE8\spuninst\updspapi.dll
+ 2010-06-21 14:14 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB982632-IE8\spuninst\spuninst.exe
+ 2010-06-21 14:14 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-21 14:14 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-21 14:14 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-21 14:14 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-21 14:14 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-21 14:14 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-21 14:14 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-21 14:14 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-21 14:14 . 2009-03-08 03:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-21 14:14 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-21 14:14 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-21 14:11 . 2007-08-13 18:54 818688 c:\windows\ie8\wininet.dll
+ 2010-06-21 14:11 . 2007-08-13 17:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-06-21 14:11 . 2007-08-13 18:54 231424 c:\windows\ie8\webcheck.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 765952 c:\windows\ie8\vgx.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 413696 c:\windows\ie8\vbscript.dll
+ 2010-06-21 14:11 . 2007-08-13 18:44 105984 c:\windows\ie8\url.dll
+ 2010-06-21 14:12 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-06-21 14:12 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-06-21 14:11 . 2006-09-06 17:43 213216 c:\windows\ie8\spuninst.exe
+ 2010-06-21 14:11 . 2007-08-13 18:44 101376 c:\windows\ie8\occache.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 670720 c:\windows\ie8\mstime.dll
+ 2010-06-21 14:11 . 2007-08-13 18:44 192000 c:\windows\ie8\msrating.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 156160 c:\windows\ie8\msls31.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 475648 c:\windows\ie8\mshtmled.dll
+ 2010-06-21 14:11 . 2007-08-13 17:54 458752 c:\windows\ie8\msfeeds.dll
+ 2010-06-21 14:11 . 2007-08-13 18:38 491520 c:\windows\ie8\jscript.dll
+ 2010-06-21 14:11 . 2007-08-13 18:43 622080 c:\windows\ie8\iexplore.exe
+ 2010-06-21 14:11 . 2007-08-13 17:54 180736 c:\windows\ie8\ieui.dll
+ 2010-06-21 14:11 . 2007-08-13 17:34 266752 c:\windows\ie8\iertutil.dll
+ 2010-06-21 14:11 . 2007-08-13 17:54 287744 c:\windows\ie8\ieproxy.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 191488 c:\windows\ie8\iepeers.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 382976 c:\windows\ie8\iedkcs32.dll
+ 2010-06-21 14:11 . 2007-07-11 11:27 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-06-21 14:11 . 2007-08-13 17:56 161792 c:\windows\ie8\ieakui.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 229376 c:\windows\ie8\ieaksie.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 152064 c:\windows\ie8\ieakeng.dll
+ 2010-06-21 14:11 . 2007-08-13 18:35 214528 c:\windows\ie8\dxtrans.dll
+ 2010-06-21 14:11 . 2007-08-13 18:35 346624 c:\windows\ie8\dxtmsft.dll
+ 2010-06-21 14:11 . 2007-08-13 18:39 123904 c:\windows\ie8\advpack.dll
+ 2009-07-21 03:06 . 2004-08-04 12:00 656384 c:\windows\ie7\wininet.dll
+ 2009-07-21 03:06 . 2004-08-04 12:00 601088 c:\windows\ie7\urlmon.dll
+ 2009-07-21 03:07 . 2006-09-06 17:43 371424 c:\windows\ie7\spuninst\updspapi.dll
- 2009-07-21 03:07 . 2006-09-06 16:43 371424 c:\windows\ie7\spuninst\updspapi.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 473600 c:\windows\ie7\shlwapi.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 530432 c:\windows\ie7\mstime.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 146432 c:\windows\ie7\msrating.dll
- 2009-07-21 03:06 . 2008-10-16 10:37 146432 c:\windows\ie7\msrating.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 146432 c:\windows\ie7\msls31.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 146432 c:\windows\ie7\msls31.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 448512 c:\windows\ie7\mshtmled.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 450560 c:\windows\ie7\jscript.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 450560 c:\windows\ie7\jscript.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 249344 c:\windows\ie7\iepeers.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 323584 c:\windows\ie7\iedkcs32.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 323584 c:\windows\ie7\iedkcs32.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 221184 c:\windows\ie7\ieakui.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 221184 c:\windows\ie7\ieakui.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 216576 c:\windows\ie7\ieaksie.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 216576 c:\windows\ie7\ieaksie.dll
- 2009-07-21 03:06 . 2004-08-04 12:00 139264 c:\windows\ie7\ieakeng.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 139264 c:\windows\ie7\ieakeng.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 201728 c:\windows\ie7\dxtrans.dll
- 2009-07-21 03:06 . 2008-10-16 10:37 357888 c:\windows\ie7\dxtmsft.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 357888 c:\windows\ie7\dxtmsft.dll
+ 2009-07-21 03:05 . 2006-05-24 12:32 371424 c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
- 2009-07-21 03:05 . 2006-05-24 11:32 371424 c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2009-07-21 03:05 . 2006-05-24 12:32 213216 c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
- 2009-07-21 03:05 . 2006-05-24 11:32 213216 c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
- 2009-07-21 03:05 . 2006-05-25 09:29 371424 c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2009-07-21 03:05 . 2006-05-25 10:29 371424 c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
- 2009-07-21 03:05 . 2006-05-25 09:29 213216 c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2009-07-21 03:05 . 2006-05-25 10:29 213216 c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2010-06-21 14:14 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB982632-IE8\update\updspapi.dll
+ 2010-06-21 14:14 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB982632-IE8\update\update.exe
+ 2010-06-21 14:14 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB982632-IE8\spuninst.exe
+ 2010-06-21 14:14 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2010-06-21 14:14 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2010-06-21 14:14 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2010-06-21 14:07 . 2010-05-06 10:36 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2010-06-21 14:07 . 2010-05-06 10:36 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2010-06-21 14:07 . 2010-05-06 10:36 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2010-06-21 14:07 . 2010-05-06 10:36 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2010-06-21 14:06 . 2010-05-06 10:36 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2010-06-21 14:06 . 2010-05-06 10:36 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2010-06-21 14:06 . 2010-05-06 10:36 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2010-06-21 14:06 . 2010-05-06 10:36 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2010-06-21 14:06 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2004-09-22 17:46 . 2004-08-11 01:45 1181944 c:\windows\system32\wmvadvd.dll
- 2004-09-22 17:46 . 2004-08-11 00:45 1181944 c:\windows\system32\wmvadvd.dll
+ 2005-01-20 15:32 . 2005-01-20 15:32 1024000 c:\windows\system32\mfc70.dll
+ 2006-06-19 15:19 . 2009-06-25 13:20 1485176 c:\windows\system32\LegitCheckControl.DLL
+ 2007-08-13 17:34 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2007-02-12 15:10 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2004-08-04 12:00 1852416 c:\windows\system32\dllcache\acgenral.dll
- 2007-10-27 17:37 . 2007-10-27 17:37 2109440 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\wmp9nl\wmvcore.dll
- 2007-10-27 16:39 . 2007-10-27 16:39 2064384 c:\windows\SoftwareDistribution\Download\0eee9353a41e1ffb7bc4207f5acf499f\wmp9l\wmvcore.dll
+ 2010-03-02 12:32 . 2004-08-11 01:45 1181944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2005-06-29 13:03 . 2004-08-11 00:45 1181944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2010-07-10 02:43 . 2010-07-10 02:43 1660416 c:\windows\Installer\17df533.msi
+ 2010-06-21 14:14 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-21 14:14 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-21 14:14 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 1162240 c:\windows\ie8\urlmon.dll
+ 2010-06-21 14:11 . 2007-08-13 18:54 3578368 c:\windows\ie8\mshtml.dll
+ 2010-06-21 14:11 . 2007-08-13 17:54 6049280 c:\windows\ie8\ieframe.dll
+ 2010-06-21 14:11 . 2007-02-12 15:10 2451312 c:\windows\ie8\ieapfltr.dat
+ 2010-01-26 01:18 . 2004-08-04 12:00 1483264 c:\windows\ie7\shdocvw.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 3003392 c:\windows\ie7\mshtml.dll
+ 2010-01-26 01:18 . 2004-08-04 12:00 1016832 c:\windows\ie7\browseui.dll
+ 2010-06-21 14:06 . 2010-05-06 10:36 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2010-06-21 14:06 . 2010-05-06 10:36 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2010-06-21 14:06 . 2010-05-06 10:36 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2005-06-24 17:03 . 2010-07-02 11:39 34045896 c:\windows\system32\MRT.exe
+ 2007-08-13 17:54 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2010-06-21 14:14 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-05-06 15:06 . 2010-05-06 15:06 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"MsmqIntCert"="mqrt.dll" [2004-08-04 177152]
"UnlockerAssistant"="c:\program files\unlocker\unlockerassistant.exe" [2008-05-02 15872]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:D *sprestrt\0prestrt\0\0\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-07-30 16:05 497000 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-08 00:42 376832 ----a-w- c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-06-06 17:10 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-06-06 17:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-07-02 02:43 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 15:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 01:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-05-08 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
S1 ntiomin;ntiomin; [x]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2008-01-22 25773]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - izecgzg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-07-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-070700Setup - c:\documents and settings\Administrator\Application Data\E6289A10BA1288988B7B845BC616BEF3\070700Setup.exe
MSConfigStartUp-JDK5SWFMZY - c:\docume~1\ADMINI~1\LOCALS~1\Temp\Tbl.exe
MSConfigStartUp-sta - joeqp.dll
AddRemove-Football Manager 2009 Beta - c:\program files\Sports Interactive\Football Manager 2009 Beta\Uninstall_Football Manager 2009 Beta\Uninstall Football Manager 2009 Beta.exe
AddRemove-Football Manager 2010 Beta - c:\program files\Sports Interactive\Football Manager 2010 Beta\Uninstall_Football Manager 2010 Beta\Uninstall Football Manager 2010 Beta.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 18:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86BE8B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf745ecb8
\Driver\atapi -> atapi.sys @ 0xf73367b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
copy of MBR has been found in sector 0x04A8143F
malicious code @ sector 0x04A81442 !
PE file found in sector at 0x04A81458 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\izecgzg]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout]
"GameDir"="d:\\My Documents\\Bieffe_GAMES_588504786\\6346986033\\user data\\games"
"ShortlistDir"="d:\\My Documents\\Bieffe_GAMES_588504786\\6346986033\\user data\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\Administrator\\Desktop\\comparison screenshots"
"SaveDir"="d:\\My Documents\\Bieffe_GAMES_588504786\\6346986033\\user data"
"HistoryDir"="c:\\Documents and Settings\\Administrator\\Desktop\\FM Genie Scout 2007\\FM Genie Scout 2007\\History Points"
"LangDB"="d:\\My Documents\\Bieffe_GAMES_588504786\\6346986033\\data\\db\\702\\lang_db.dat"
"LastSaveGame"="d:\\My Documents\\Sports Interactive\\Football Manager 2007\\games\\youngsters.fm"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"HighQualityGUI"=dword:00000000
"AdvancedGeneration"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"Currency"=dword:00000056
"WindowHeight"=dword:00000251
"WindowWidth"=dword:000003d3
"WindowLeft"=dword:00000016
"WindowTop"=dword:00000057
"Language"="English"
"MinCondition"=dword:00000032
"LastUpdateCheck"=dword:00009a64
"AutomaticallyUpdateCheck"=dword:00000001
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000002
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000003
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000004
"Visible3"=dword:00000001
"Width3"=dword:0000003c
"Position4"=dword:00000005
"Visible4"=dword:00000000
"Width4"=dword:00000032
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000001
"Visible6"=dword:00000000
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000000
"Width7"=dword:00000090
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000001
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:00000035
"Position12"=dword:0000000c
"Visible12"=dword:00000001
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000099
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000054
"Position3"=dword:00000004
"Visible3"=dword:00000001
"Width3"=dword:00000055
"Position4"=dword:00000009
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:0000000a
"Visible5"=dword:00000001
"Width5"=dword:00000057
"Position6"=dword:0000000c
"Visible6"=dword:00000001
"Width6"=dword:0000003b
"Position7"=dword:00000033
"Visible7"=dword:00000001
"Width7"=dword:00000052
"Position8"=dword:00000031
"Visible8"=dword:00000001
"Width8"=dword:00000048
"Position9"=dword:00000034
"Visible9"=dword:00000000
"Width9"=dword:0000000a
"Position10"=dword:00000035
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000036
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000037
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000038
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000039
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:0000003a
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:0000003b
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:0000003c
"Visible17"=dword:00000000
"Width17"=dword:0000000a
"Position18"=dword:0000003d
"Visible18"=dword:00000000
"Width18"=dword:0000000a
"Position19"=dword:0000003e
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000003f
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000003
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:00000040
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:00000041
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:00000042
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:00000043
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000044
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000045
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000046
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000047
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000094
"Visible30"=dword:00000000
"Width30"=dword:0000000a
"Position31"=dword:0000000b
"Visible31"=dword:00000001
"Width31"=dword:0000004b
"Position32"=dword:00000048
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000049
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:0000004a
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000004b
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000004c
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:0000004d
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000004e
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:0000004f
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:00000050
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000051
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000052
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:00000053
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000054
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000055
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000056
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000057
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:00000058
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:00000059
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000005a
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000005b
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000005c
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000005d
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:0000005e
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:0000005f
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000060
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000061
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000062
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000063
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000064
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000065
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000066
"Visible62"=dword:00000000
"Width62"=dword:0000003d
"Position63"=dword:00000067
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:00000068
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:00000069
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000006a
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000006b
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000006c
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000006d
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:0000006e
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:0000006f
"Visible71"=dword:00000000
"Width71"=dword:0000000a
"Position72"=dword:00000091
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000093
"Visible73"=dword:00000001
"Width73"=dword:00000038
"Position74"=dword:00000092
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:0000000e
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:0000000f
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000010
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000011
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000012
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:00000013
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:00000014
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:00000015
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:00000016
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000017
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000018
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000019
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:0000001a
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:0000001b
"Visible88"=dword:00000000
"Width88"=dword:00000035
"Position89"=dword:0000001c
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:0000001d
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:0000001e
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:0000001f
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000020
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000021
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000022
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:00000023
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:00000024
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:00000025
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:00000026
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000027
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000028
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000029
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:0000002a
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:0000002b
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:0000002c
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000002e
"Visible106"=dword:00000000
"Width106"=dword:00000050
"Position107"=dword:0000000d
"Visible107"=dword:00000000
"Width107"=dword:00000028
"Position108"=dword:0000002d
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000030
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000070
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000071
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000072
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:00000073
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:00000074
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:00000075
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:00000076
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:00000077
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:00000078
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:00000079
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:0000007a
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:0000007b
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:0000007c
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:0000007d
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:0000007e
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:0000007f
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000080
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000081
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000082
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:00000083
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:00000084
"Visible132"=dword:00000000
"Width132"=dword:0000003a
"Position133"=dword:00000085
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:00000086
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:00000087
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:00000088
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:00000089
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:0000008a
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:0000008b
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:0000008c
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:0000008d
"Visible141"=dword:00000000
"Width141"=dword:00000070
"Position142"=dword:0000008e
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:0000008f
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000090
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000005
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000006
"Visible147"=dword:00000000
"Width147"=dword:0000003f
"Position148"=dword:00000007
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000008
"Visible149"=dword:00000000
"Width149"=dword:00000028

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:000000b6
"Position3"=dword:00000005
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000006
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000008
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000007
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000009
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:0000000a
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:0000000b
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000c
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000d
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000e
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000f
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:00000010
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:00000011
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000012
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000013
"Visible17"=dword:00000001
"Width17"=dword:0000003c
"Position18"=dword:00000014
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000015
"Visible19"=dword:00000001
"Width19"=dword:00000070
"Position20"=dword:00000016
"Visible20"=dword:00000001
"Width20"=dword:00000046
"Position21"=dword:00000003
"Visible21"=dword:00000001
"Width21"=dword:0000004b
"Position22"=dword:00000017
"Visible22"=dword:00000001
"Width22"=dword:00000046
"Position23"=dword:00000018
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000019
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:0000001a
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001b
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001c
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001d
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001e
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001f
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:00000020
"Visible31"=dword:00000001
"Width31"=dword:00000078
"Position32"=dword:00000021
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000022
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000023
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000024
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000025
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000026
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000027
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000028
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000029
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:0000002a
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002b
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002c
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002e
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002f
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:00000030
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000031
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000032
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000033
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000034
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000035
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000036
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000037
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000038
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000039
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:0000003a
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003b
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003c
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003d
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003e
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003f
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:00000040
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000041
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000042
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000043
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000044
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000045
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000046
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000047
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000048
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000004
"Visible72"=dword:00000001
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000001
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout\History Points]
"Arsenal 03 edited 03"="c:\\Documents and Settings\\Administrator\\Desktop\\FM Genie Scout 2007\\FM Genie Scout 2007\\History Points\\Arsenal 03 edited 03"

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout\Questionnaire]
"FormCountry"=dword:ffffffff
"FormAge"=dword:00000000
"FormFMStart"=dword:ffffffff
"FormScoutStart"=dword:ffffffff
"FormFMPeriodicity"=dword:ffffffff
"FormScoutPeriodicity"=dword:ffffffff
"FormScoutFrequency"=dword:ffffffff
"FormScoutRate"=dword:ffffffff
"FormInternetFrequency"=dword:ffffffff
"FormScoutPrice"=dword:00000000
"QuestionnaireComplete"=dword:00000000
"QuestionnaireReminds"=dword:00000004

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout\Rating]
"GKPositionCoef"=dword:00000000
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000005
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000005
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:0000000a
"GKPenaltiesCoef"=dword:00000005
"GKTacklingCoef"=dword:0000000a
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000005
"GKRightFootCoef"=dword:00000005
"GKAggressionCoef"=dword:0000001e
"GKAnticipationCoef"=dword:0000000a
"GKBraveryCoef"=dword:0000001e
"GKComposureCoef"=dword:0000001e
"GKConcentrationCoef"=dword:00000014
"GKConsistencyCoef"=dword:00000014
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:0000001e
"GKDeterminationCoef"=dword:00000014
"GKDirtinessCoef"=dword:fffffff6
"GKFlairCoef"=dword:00000005
"GKImportantMatchesCoef"=dword:00000014
"GKInfluenceCoef"=dword:0000000f
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:0000003c
"GKTeamworkCoef"=dword:0000000a
"GKWorkRateCoef"=dword:00000005
"GKAccelerationCoef"=dword:0000000a
"GKAgilityCoef"=dword:00000014
"GKBalanceCoef"=dword:00000014
"GKInjuryPronenessCoef"=dword:fffffff6
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:0000000a
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000005
"GKStrengthCoef"=dword:0000001e
"GKVersatilityCoef"=dword:00000005
"GKAerialAbilityCoef"=dword:00000050
"GKCommandOfAreaCoef"=dword:00000032
"GKCommunicationCoef"=dword:0000003c
"GKEccentricityCoef"=dword:ffffffe7
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:00000019
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:0000001e
"GKTendencyToPunchCoef"=dword:ffffffe7
"GKThrowingCoef"=dword:00000019
"GKAdaptabilityCoef"=dword:0000000a
"GKAmbitionCoef"=dword:00000014
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:0000000a
"GKPressureCoef"=dword:00000014
"GKProfessionalismCoef"=dword:0000000f
"GKSportsmanshipCoef"=dword:0000000a
"GKTemperamentCoef"=dword:00000005
"SWPositionCoef"=dword:00000000
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:0000000a
"SWCrossingCoef"=dword:00000005
"SWDribblingCoef"=dword:00000005
"SWFinishingCoef"=dword:00000005
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:00000005
"SWLongThrowsCoef"=dword:00000005
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:00000014
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000f
"SWLeftFootCoef"=dword:0000000a
"SWRightFootCoef"=dword:0000000a
"SWAggressionCoef"=dword:0000000f
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:00000028
"SWConsistencyCoef"=dword:00000014
"SWCreativityCoef"=dword:00000005
"SWDecisionsCoef"=dword:0000001e
"SWDeterminationCoef"=dword:00000014
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000005
"SWImportantMatchesCoef"=dword:00000014
"SWInfluenceCoef"=dword:0000000f
"SWOffTheBallCoef"=dword:00000005
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:0000000a
"SWAccelerationCoef"=dword:00000019
"SWAgilityCoef"=dword:00000005
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffff6
"SWJumpingCoef"=dword:00000050
"SWNaturalFitnessCoef"=dword:0000000a
"SWPaceCoef"=dword:00000019
"SWStaminaCoef"=dword:0000000f
"SWStrengthCoef"=dword:0000003c
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:0000000a
"SWAmbitionCoef"=dword:00000014
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:0000000a
"SWPressureCoef"=dword:00000014
"SWProfessionalismCoef"=dword:0000000f
"SWSportsmanshipCoef"=dword:0000000a
"SWTemperamentCoef"=dword:00000005
"CBPositionCoef"=dword:00000000
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000014
"CBCrossingCoef"=dword:0000000a
"CBDribblingCoef"=dword:00000005
"CBFinishingCoef"=dword:00000005
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:00000014
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:00000005
"CBLongThrowsCoef"=dword:00000005
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:0000001e
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000f
"CBLeftFootCoef"=dword:0000000a
"CBRightFootCoef"=dword:0000000a
"CBAggressionCoef"=dword:0000000f
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:0000001e
"CBConcentrationCoef"=dword:0000001e
"CBConsistencyCoef"=dword:00000014
"CBCreativityCoef"=dword:00000005
"CBDecisionsCoef"=dword:0000001e
"CBDeterminationCoef"=dword:00000014
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000005
"CBImportantMatchesCoef"=dword:00000014
"CBInfluenceCoef"=dword:0000000f
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:0000000a
"CBAccelerationCoef"=dword:00000023
"CBAgilityCoef"=dword:00000005
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffff6
"CBJumpingCoef"=dword:00000050
"CBNaturalFitnessCoef"=dword:0000000a
"CBPaceCoef"=dword:00000023
"CBStaminaCoef"=dword:00000014
"CBStrengthCoef"=dword:00000032
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:0000000a
"CBAmbitionCoef"=dword:00000014
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:0000000a
"CBPressureCoef"=dword:00000014
"CBProfessionalismCoef"=dword:0000000f
"CBSportsmanshipCoef"=dword:0000000a
"CBTemperamentCoef"=dword:00000005
"FBPositionCoef"=dword:00000000
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:00000014
"FBCrossingCoef"=dword:00000023
"FBDribblingCoef"=dword:0000001e
"FBFinishingCoef"=dword:0000000a
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:00000014
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:00000050
"FBPassingCoef"=dword:00000023
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:0000001e
"FBLeftFootCoef"=dword:0000000a
"FBRightFootCoef"=dword:0000000a
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:0000003c
"FBBraveryCoef"=dword:00000019
"FBComposureCoef"=dword:00000019
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:00000014
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000019
"FBDeterminationCoef"=dword:00000014
"FBDirtinessCoef"=dword:fffffff1
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:00000014
"FBInfluenceCoef"=dword:0000000f
"FBOffTheBallCoef"=dword:0000000f
"FBPositioningCoef"=dword:00000050
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:00000032
"FBAgilityCoef"=dword:00000005
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffff6
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:0000000a
"FBPaceCoef"=dword:00000032
"FBStaminaCoef"=dword:00000032
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:0000000a
"FBAmbitionCoef"=dword:00000014
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:0000000a
"FBPressureCoef"=dword:00000014
"FBProfessionalismCoef"=dword:0000000f
"FBSportsmanshipCoef"=dword:0000000a
"FBTemperamentCoef"=dword:00000005
"WBPositionCoef"=dword:00000000
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:00000014
"WBCrossingCoef"=dword:0000004b
"WBDribblingCoef"=dword:0000003c
"WBFinishingCoef"=dword:0000001e
"WBFirstTouchCoef"=dword:00000019
"WBFreeKicksCoef"=dword:00000014
"WBHeadingCoef"=dword:00000019
"WBLongShotsCoef"=dword:0000000f
"WBLongThrowsCoef"=dword:0000000f
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000050
"WBTechniqueCoef"=dword:00000032
"WBLeftFootCoef"=dword:0000000a
"WBRightFootCoef"=dword:0000000a
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000032
"WBBraveryCoef"=dword:0000000f
"WBComposureCoef"=dword:00000014
"WBConcentrationCoef"=dword:00000019
"WBConsistencyCoef"=dword:00000014
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:00000014
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:00000014
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:0000003c
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:0000001e
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:00000005
"WBBalanceCoef"=dword:0000000f
"WBInjuryPronenessCoef"=dword:fffffff6
"WBJumpingCoef"=dword:00000019
"WBNaturalFitnessCoef"=dword:0000000a
"WBPaceCoef"=dword:0000005a
"WBStaminaCoef"=dword:0000004b
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:0000000a
"WBAmbitionCoef"=dword:00000014
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:0000000a
"WBPressureCoef"=dword:00000014
"WBProfessionalismCoef"=dword:0000000f
"WBSportsmanshipCoef"=dword:0000000a
"WBTemperamentCoef"=dword:00000005
"DMPositionCoef"=dword:00000000
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:00000014
"DMCrossingCoef"=dword:00000028
"DMDribblingCoef"=dword:00000019
"DMFinishingCoef"=dword:0000001e
"DMFirstTouchCoef"=dword:00000019
"DMFreeKicksCoef"=dword:00000014
"DMHeadingCoef"=dword:00000032
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:0000000a
"DMMarkingCoef"=dword:0000004b
"DMPassingCoef"=dword:00000032
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000050
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:0000000a
"DMRightFootCoef"=dword:0000000a
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:0000000f
"DMComposureCoef"=dword:00000014
"DMConcentrationCoef"=dword:00000019
"DMConsistencyCoef"=dword:00000014
"DMCreativityCoef"=dword:00000019
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:00000014
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000f
"DMImportantMatchesCoef"=dword:00000014
"DMInfluenceCoef"=dword:0000000f
"DMOffTheBallCoef"=dword:00000019
"DMPositioningCoef"=dword:0000003c
"DMTeamworkCoef"=dword:0000001e
"DMWorkRateCoef"=dword:0000003c
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:00000005
"DMBalanceCoef"=dword:0000000f
"DMInjuryPronenessCoef"=dword:fffffff6
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:0000000a
"DMPaceCoef"=dword:00000023
"DMStaminaCoef"=dword:00000041
"DMStrengthCoef"=dword:00000032
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:0000000a
"DMAmbitionCoef"=dword:00000014
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:0000000a
"DMPressureCoef"=dword:00000014
"DMProfessionalismCoef"=dword:0000000f
"DMSportsmanshipCoef"=dword:0000000a
"DMTemperamentCoef"=dword:00000005
"MPositionCoef"=dword:00000000
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:00000019
"MCrossingCoef"=dword:00000032
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000028
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:00000014
"MHeadingCoef"=dword:00000028
"MLongShotsCoef"=dword:00000019
"MLongThrowsCoef"=dword:0000000a
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:0000004b
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:00000028
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:0000000a
"MRightFootCoef"=dword:0000000a
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:00000014
"MConcentrationCoef"=dword:00000014
"MConsistencyCoef"=dword:00000014
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:00000014
"MDeterminationCoef"=dword:00000014
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:00000014
"MImportantMatchesCoef"=dword:00000014
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:0000001e
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000023
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:0000002d
"MAgilityCoef"=dword:00000005
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffff6
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:0000000a
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:00000023
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:0000000a
"MAmbitionCoef"=dword:00000014
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:0000000a
"MPressureCoef"=dword:00000014
"MProfessionalismCoef"=dword:0000000f
"MSportsmanshipCoef"=dword:0000000a
"MTemperamentCoef"=dword:00000005
"AMPositionCoef"=dword:00000000
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:00000019
"AMCrossingCoef"=dword:00000046
"AMDribblingCoef"=dword:00000046
"AMFinishingCoef"=dword:00000032
"AMFirstTouchCoef"=dword:00000028
"AMFreeKicksCoef"=dword:00000014
"AMHeadingCoef"=dword:0000001e
"AMLongShotsCoef"=dword:0000001e
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000f
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:0000000a
"AMRightFootCoef"=dword:0000000a
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:00000023
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:00000014
"AMConcentrationCoef"=dword:00000014
"AMConsistencyCoef"=dword:00000014
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000014
"AMDeterminationCoef"=dword:00000014
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:0000001e
"AMImportantMatchesCoef"=dword:00000014
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:00000028
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:00000028
"AMWorkRateCoef"=dword:00000019
"AMAccelerationCoef"=dword:00000032
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffff6
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:0000000a
"AMPaceCoef"=dword:00000032
"AMStaminaCoef"=dword:00000028
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:0000000a
"AMAmbitionCoef"=dword:00000014
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:0000000a
"AMPressureCoef"=dword:00000014
"AMProfessionalismCoef"=dword:0000000f
"AMSportsmanshipCoef"=dword:0000000a
"AMTemperamentCoef"=dword:00000005
"WPositionCoef"=dword:00000000
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:00000019
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:00000014
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000019
"WLongThrowsCoef"=dword:0000000a
"WMarkingCoef"=dword:00000019
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:00000014
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:0000000a
"WRightFootCoef"=dword:0000000a
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000023
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:00000014
"WConcentrationCoef"=dword:00000014
"WConsistencyCoef"=dword:00000014
"WCreativityCoef"=dword:00000032
"WDecisionsCoef"=dword:0000000f
"WDeterminationCoef"=dword:00000014
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000001e
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:00000005
"WOffTheBallCoef"=dword:00000032
"WPositioningCoef"=dword:00000019
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffff6
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:0000000a
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:00000032
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:0000000a
"WAmbitionCoef"=dword:00000014
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:0000000a
"WPressureCoef"=dword:00000014
"WProfessionalismCoef"=dword:0000000f
"WSportsmanshipCoef"=dword:0000000a
"WTemperamentCoef"=dword:00000005
"FSTPositionCoef"=dword:00000000
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:00000014
"FSTCrossingCoef"=dword:0000001e
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:00000014
"FSTHeadingCoef"=dword:0000003c
"FSTLongShotsCoef"=dword:0000001e
"FSTLongThrowsCoef"=dword:00000005
"FSTMarkingCoef"=dword:0000000a
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:0000000a
"FSTTechniqueCoef"=dword:0000004b
"FSTLeftFootCoef"=dword:0000000a
"FSTRightFootCoef"=dword:0000000a
"FSTAggressionCoef"=dword:00000014
"FSTAnticipationCoef"=dword:00000014
"FSTBraveryCoef"=dword:0000000f
"FSTComposureCoef"=dword:00000014
"FSTConcentrationCoef"=dword:00000014
"FSTConsistencyCoef"=dword:00000014
"FSTCreativityCoef"=dword:00000032
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:00000014
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:00000019
"FSTImportantMatchesCoef"=dword:00000014
"FSTInfluenceCoef"=dword:00000005
"FSTOffTheBallCoef"=dword:0000003c
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:0000001e
"FSTBalanceCoef"=dword:00000014
"FSTInjuryPronenessCoef"=dword:fffffff6
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:0000000a
"FSTPaceCoef"=dword:0000005a
"FSTStaminaCoef"=dword:00000014
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:0000000a
"FSTAmbitionCoef"=dword:00000014
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:0000000a
"FSTPressureCoef"=dword:00000014
"FSTProfessionalismCoef"=dword:0000000f
"FSTSportsmanshipCoef"=dword:0000000a
"FSTTemperamentCoef"=dword:00000005
"TSTPositionCoef"=dword:00000000
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000014
"TSTCrossingCoef"=dword:0000001e
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:0000003c
"TSTFirstTouchCoef"=dword:00000028
"TSTFreeKicksCoef"=dword:00000014
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:0000001e
"TSTLongThrowsCoef"=dword:00000005
"TSTMarkingCoef"=dword:0000000a
"TSTPassingCoef"=dword:0000001e
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:0000000a
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:0000000a
"TSTRightFootCoef"=dword:0000000a
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:00000014
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:00000014
"TSTConcentrationCoef"=dword:00000014
"TSTConsistencyCoef"=dword:00000014
"TSTCreativityCoef"=dword:00000028
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:00000014
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:00000019
"TSTImportantMatchesCoef"=dword:00000014
"TSTInfluenceCoef"=dword:00000005
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:0000000a
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffff6
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:0000000a
"TSTPaceCoef"=dword:00000023
"TSTStaminaCoef"=dword:0000000f
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:0000000a
"TSTAmbitionCoef"=dword:00000014
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:0000000a
"TSTPressureCoef"=dword:00000014
"TSTProfessionalismCoef"=dword:0000000f
"TSTSportsmanshipCoef"=dword:0000000a
"TSTTemperamentCoef"=dword:00000005

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout\Rating Coefficients]
"GKWeightCoef"=dword:00000062
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000068
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:00000069
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000066
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:00000067
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000066
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000066
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000064
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000065
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="d:\\My Documents\\FM Genie Scout 10\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009dc0
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="84-74EF-057D"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2008\\games"
"ShortlistDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2008\\shortlists"
"ScreenshotsDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2008"
"SaveDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2008\\"
"HistoryDir"="c:\\Documents and Settings\\Administrator\\Desktop\\FM Genie Scout 2008\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2008 Gold Demo\\data\\db\\800\\lang_db.dat"
"LastSaveGame"="e:\\Fisher Genie Games\\2007_07_07.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"Currency"=dword:00000056
"WindowHeight"=dword:00000239
"WindowWidth"=dword:000002de
"WindowLeft"=dword:00000091
"WindowTop"=dword:00000064
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000001
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000008a
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:0000009c
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000005d
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:0000000a
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:0000000e
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000f
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000013
"Visible7"=dword:00000000
"Width7"=dword:0000004b
"Position8"=dword:0000000b
"Visible8"=dword:00000001
"Width8"=dword:00000061
"Position9"=dword:00000014
"Visible9"=dword:00000000
"Width9"=dword:00000050
"Position10"=dword:00000004
"Visible10"=dword:00000001
"Width10"=dword:00000050
"Position11"=dword:00000015
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000016
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000017
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000018
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000019
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:0000001a
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:0000001b
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:0000001c
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:0000001d
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001e
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001f
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:00000020
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:00000021
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:00000022
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:00000023
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000024
"Visible26"=dword:00000001
"Width26"=dword:00000064
"Position27"=dword:00000025
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000026
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000027
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000028
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000009
"Visible31"=dword:00000001
"Width31"=dword:0000004b
"Position32"=dword:00000029
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:0000002a
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:0000002b
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002c
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002d
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:0000002e
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002f
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000030
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:00000031
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000032
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000033
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:00000034
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000035
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000036
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000037
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000038
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:00000039
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:00000012
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003a
"Visible50"=dword:00000001
"Width50"=dword:0000003c
"Position51"=dword:0000003c
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003d
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003e
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:0000003f
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000040
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:0000000d
"Visible56"=dword:00000001
"Width56"=dword:0000004b
"Position57"=dword:00000041
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000042
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000043
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000044
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000045
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000046
"Visible62"=dword:00000001
"Width62"=dword:00000055
"Position63"=dword:00000047
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:00000048
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:00000049
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004a
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004b
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000004c
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000004d
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:0000004e
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:0000003b
"Visible71"=dword:00000001
"Width71"=dword:00000069
"Position72"=dword:0000004f
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000050
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000011
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000051
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000052
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000053
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000054
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000055
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:00000056
"Visible80"=dword:00000001
"Width80"=dword:0000005a
"Position81"=dword:00000057
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:00000058
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:00000059
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000005a
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000005b
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:0000005c
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:0000005d
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:0000005e
"Visible88"=dword:00000001
"Width88"=dword:0000005a
"Position89"=dword:0000005f
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000060
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000061
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000062
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000063
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000064
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000065
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:00000066
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:00000067
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:00000068
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:00000069
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000006a
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000006b
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:0000006c
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:0000006d
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:0000006e
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:0000006f
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:00000070
"Visible106"=dword:00000000
"Width106"=dword:00000050
"Position107"=dword:00000010
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000071
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:00000072
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000073
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000074
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000075
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000076
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000077
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:00000078
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:00000079
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:0000007a
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:0000007b
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:0000007c
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:0000007d
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:0000007e
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:0000007f
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:00000080
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:00000081
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:00000082
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:00000083
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:00000084
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000085
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000086
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000087
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:00000088
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:00000089
"Visible132"=dword:00000000
"Width132"=dword:0000000a
"Position133"=dword:0000008a
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:0000008b
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:0000008c
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:0000008d
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:0000008e
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:0000008f
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:00000090
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:00000091
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:00000092
"Visible141"=dword:00000000
"Width141"=dword:0000000a
"Position142"=dword:00000093
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:00000094
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000095
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:0000000c
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000005
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000006
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000007
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000008
"Visible149"=dword:00000000
"Width149"=dword:00000028

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000001
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000069
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006c
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000067
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:00000068
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000068
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000067
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="d:\\My Documents\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Demo Official\\data\\db\\900\\lang_db.dat"
"LastSaveGame"="g:\\Documents\\Newcastle 70 2009_08_16 uncompressed.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="84-74EF-057D"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,1f,5f,a0,08,1b,a0,41,b5,2c,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,1f,5f,a0,08,1b,a0,41,b5,2c,a0,\

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-854245398-1580436667-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CDFE8DA-4B71-A3C4-F54D-96E7D4E540C4}*]
"hajhhgkfjhgfkmei"=hex:6b,61,6b,64,6c,66,62,6c,6e,6c,68,67,61,6b,69,68,61,6d,
6a,6a,61,6f,00,00
"ialibgmgfmobmlbino"=hex:6b,61,6b,64,6c,66,62,6c,6e,6c,68,67,61,6b,69,68,61,6d,
6a,6a,61,6f,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-07-31 18:34:59
ComboFix-quarantined-files.txt 2010-07-31 17:34
ComboFix2.txt 2010-01-25 16:49
ComboFix3.txt 2010-01-16 20:21
ComboFix4.txt 2009-11-13 16:57
ComboFix5.txt 2010-07-31 16:00

Pre-Run: 2,627,145,728 bytes free
Post-Run: 2,498,076,672 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 30DB4F60CAE73B5F961650565A1ACE10

=====

Edited by apsdub79, 31 July 2010 - 12:50 PM.


#13 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 12:57 PM

Had some issues with editing prior so new post.

Combofix did not delete that dodgy looking file which GMER flagged as a rootkit. It is still sitting in C:\WINDOWS\system32\drivers\izecgzg.sys and still appears to be modifying itself constantly.

With regards to symptoms I did not notice anything prior other than

- internet connection going (constant traffic) without any open browser
- when attempting to connect with IE it would freeze up
- connectivity issues
- I thought I had a legit MSE installed but after running Combofix the Notification symbol relating to MSE changed. It was a rectangle looking thing with a bar coming out the top and now it is the standard red shield telling me MSE is turned off

so it is hard for me to tell if anything abnormal is still going on without connecting to the internet.

With that .sys file still there I figured I should wait for further instruction before trying to enable any Network Connections to go on the internet.

Thanks for your assistance so far, it is greatly appreciated smile.gif .

Edited by apsdub79, 31 July 2010 - 12:58 PM.


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 31 July 2010 - 01:02 PM

Hello, apsdub79.

Ok, let's try something.

  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.


At the prompt type the bolded line and press Enter.

ren c:\windows\system32\drivers\izecgzg.sys c:\windows\system32\drivers\izecgzg.old

then type the following and press enter to reboot:
exit

If it boots up fine, please let me know. If it doesn't boot up, please go back into the Recovery Console and type this and press Enter.

ren c:\windows\system32\drivers\izecgzg.old c:\windows\system32\drivers\izecgzg.sys

then type the following and press enter to reboot:
exit

Let me know either way.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 apsdub79

apsdub79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 July 2010 - 01:06 PM

Sorry etavares but that is a no go. My laptop screen is completely busted and the HDTV I am connecting to via VGA does not receive a signal until the Windows logon screen appears. Does that mean I'm pretty much done for?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users