Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 11-05-2009, 07:16 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Help
I recently did an ad aware scan on my computer and it found it was infected with Win32.Trojan.Spy, Win32.Trojan.Neptunia, and Win32.FraudTool.Malware. I Quarantined them all but the my computers performance is still poor even both ad aware and avast say that it is clean! can anybody help? i need to do some ebanking but am waiting till i get the all clear. Fireforx seems to be very slow and bbciplayer wont load in firefox but will in Ie! Windows defender has also just found another trojan win32/hiloti.gen!A

Below are my log results:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Josh at 13:32:53.24 on 05/11/2009
Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.871 [GMT 0:00]

AV: avast! antivirus 4.8.1356 [VPS 091105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1356 [VPS 091105-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Josh\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Ohukodad] rundll32.exe "c:\users\josh\appdata\local\mlasA7.dll",Startup
uRun: [Windows System Defender] "c:\programdata\3b171\WS0b2.exe" /s /d
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\kiyut12j.default\
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-25 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-25 53328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2007-3-15 217600]

=============== Created Last 30 ================

2009-11-01 18:00:19 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 12:49:52 0 d-----w- c:\program files\Trend Micro
2009-10-28 11:07:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 11:07:28 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 11:07:27 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-28 11:07:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 11:07:24 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 22:32:02 0 d-----w- c:\programdata\McAfee
2009-10-25 22:32:01 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-25 19:07:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-25 18:16:25 0 d-sh--w- c:\programdata\WSDDSys
2009-10-25 17:55:35 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 17:55:12 0 d-----w- c:\program files\Lavasoft
2009-10-25 17:17:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 17:17:49 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-25 12:52:41 0 d---a-w- c:\programdata\TEMP
2009-10-25 12:50:37 0 d-----w- c:\programdata\Avg7
2009-10-25 11:09:38 0 d-sh--w- c:\programdata\3b171
2009-10-25 11:09:31 0 d-sh--w- c:\users\josh\appdata\roaming\Windows System Defender
2009-10-20 11:33:18 0 d-----w- c:\windows\system32\Adobe
2009-10-14 19:50:09 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 19:50:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-14 19:50:02 389120 ----a-w- c:\windows\system32\html.iec
2009-10-06 15:39:31 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-06 15:39:03 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-06 15:38:48 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-06 15:38:48 171608 ----a-w- c:\windows\system32\wuwebv.dll

==================== Find3M ====================

2009-10-24 14:32:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-24 14:32:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-01 09:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-14 09:50:54 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-07 13:22:24 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 12:38:11 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 15:21:17 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 15:17:39 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-08-31 15:16:28 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 03:41:42 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57:38 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56:05 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:42:08 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40:56 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40:52 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25:10 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:23:53 22016 ----a-w- c:\windows\system32\netiougc.exe
2008-12-10 10:59:13 174 --sha-w- c:\program files\desktop.ini
2008-08-28 15:09:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:34:08.07 ===============
Attached Files
File Type: zip ark.zip (476 Bytes, 1 views)
File Type: zip Attach.zip (1.9 KB, 1 views)
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-07-2009, 02:47 PM   #2 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file from one of the two below listed places :
    For information regarding this download, please visit this webpage:
    http://www.bleepingcomputer.com/comb...o-use-combofix

    Link1
    Link2

    **Note: It is important that it is saved directly to your desktop**
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Then right click combofix.exe, select Run as administrator & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Please post the Combofix log for my review
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 05:48 AM   #3 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
Hi, thanks for your time! Here's the combofix log!
Attached Files
File Type: zip combofix log.zip (11.8 KB, 1 views)
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 08:27 AM   #4 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
Hello again,

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent, Kazaa Lite, LimeWire

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/...D-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

I would recommend that you uninstall BitTorrent, Kazaa Lite, LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Programs and Features.

If you wish to keep it, please do not use it until your computer is cleaned.

Note:
If you have malware cleaned from your system by one of our Security Team/Malware Hunters and then later return with more infections....and these P2P programs are still installed, you maybe refused help.

===========================

Disable Windows Defender until the computer is clean

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.

===========================

Run a custom CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code:
KillAll::

File::
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\Josh\AppData\Local\Cquzusadiy.dat
c:\users\Josh\AppData\Local\Khuyeyajof.bin

Folder::
c:\programdata\WSDDSys
c:\users\Josh\AppData\Roaming\Windows System Defender

RegNull::
[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===========================

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

===========================

Please post the following in your next reply:
  • The Combofix log
  • The Kaspersky log
  • A description of how your computer is behaving
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 03:36 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
Okay, i've done all that! Kaspersky found no threats so the log was empty. The combofix one is attached. Was anything found? Re the p2p message, i did uninstall bitcomet before i posted the blog but kept a p2p media broadcaster (sopcast) is this still something that i am running a risk with? Last question...if i had two computer hooked to a home hub but had a p2p downloader on one of them would this be potentially harmful to the other? BBC iplayer still dosnt seem to work in firefox but is working in ie!

ComboFix 09-11-07.02 - Josh 08/11/2009 19:30.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.1095 [GMT 0:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091108-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1356 [VPS 091108-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Josh\AppData\Local\Cquzusadiy.dat"
"c:\users\Josh\AppData\Local\Khuyeyajof.bin"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\cb.exe"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\cid.dll"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\energy.sys"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\exec.drv"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.drv"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.sys"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\grid.exe"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\grid.sys"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\pal.dll"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.dll"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.drv"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.exe"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.sys"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\SM.drv"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll"
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\WSDDSys
c:\programdata\WSDDSys\wsd.cfg
c:\users\Josh\AppData\Local\Cquzusadiy.dat
c:\users\Josh\AppData\Local\Khuyeyajof.bin
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Josh\AppData\Roaming\Windows System Defender
c:\users\Josh\AppData\Roaming\Windows System Defender\cookies.sqlite
c:\users\Josh\AppData\Roaming\Windows System Defender\Instructions.ini

.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 19:37 . 2009-11-08 19:42 -------- d-----w- c:\users\Josh\AppData\Local\temp
2009-11-08 19:37 . 2009-11-08 19:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-08 19:37 . 2009-11-08 19:37 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-11-08 19:37 . 2009-11-08 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-03 23:13 . 2008-12-04 01:25 120832 ----a-w- c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kiyut12j.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-11-01 18:00 . 2009-11-01 18:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 17:58 . 2009-11-01 17:58 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-01 17:58 . 2009-11-01 17:58 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-01 17:58 . 2009-11-01 17:58 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-01 17:58 . 2009-11-01 17:58 640608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-01 17:58 . 2009-11-01 17:58 815760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-01 17:58 . 2009-11-01 17:58 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-01 17:58 . 2009-11-01 17:58 1638104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-01 17:58 . 2009-11-01 17:58 788368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-01 17:58 . 2009-11-01 17:58 1179232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-30 12:49 . 2009-10-30 12:49 -------- d-----w- c:\program files\Trend Micro
2009-10-28 11:07 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 11:07 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 11:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 11:07 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 22:32 . 2009-10-27 22:32 -------- d-----w- c:\programdata\McAfee
2009-10-25 22:32 . 2009-10-25 22:32 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-25 19:07 . 2009-11-01 17:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-25 17:55 . 2009-10-25 17:55 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 17:55 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-25 17:55 . 2009-10-25 17:55 -------- d-----w- c:\program files\Lavasoft
2009-10-25 17:18 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-25 17:18 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-25 17:18 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-25 17:18 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-25 17:18 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-25 17:17 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-25 17:17 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 17:17 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-25 17:17 . 2009-10-25 17:17 -------- d-----w- c:\program files\Alwil Software
2009-10-25 16:37 . 2009-09-10 14:24 710136 ----a-w- c:\programdata\3b171\mozcrt19.dll
2009-10-25 16:37 . 2009-09-10 14:24 443384 ----a-w- c:\programdata\3b171\sqlite3.dll
2009-10-25 12:50 . 2009-10-25 12:50 -------- d-----w- c:\programdata\Avg7
2009-10-25 11:19 . 2009-10-25 11:19 73 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
2009-10-25 11:09 . 2009-10-25 19:07 -------- d-sh--w- c:\programdata\3b171
2009-10-20 11:33 . 2009-10-20 11:33 -------- d-----w- c:\windows\system32\Adobe
2009-10-14 19:50 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 19:50 . 2009-08-27 14:02 832512 ----a-w- c:\windows\system32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 13:27 . 2007-09-12 22:17 -------- d-----w- c:\program files\BitComet
2009-11-05 13:25 . 2009-07-28 14:46 4096 d-----w- c:\program files\Championship Manager 01-02
2009-11-02 20:42 . 2009-10-03 14:03 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 18:00 . 2009-11-01 17:59 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-25 17:55 . 2008-12-18 19:42 -------- d-----w- c:\programdata\Lavasoft
2009-10-25 13:08 . 2007-09-24 21:22 4096 d-----w- c:\program files\CCleaner
2009-10-15 19:10 . 2008-11-03 14:36 4096 d-----w- c:\programdata\Sports Interactive
2009-10-15 19:09 . 2007-09-18 08:14 4096 d-----w- c:\users\Josh\AppData\Roaming\Sports Interactive
2009-10-15 18:54 . 2007-09-17 17:25 4096 d-----w- c:\program files\Sports Interactive
2009-10-15 14:31 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-15 14:02 . 2007-09-12 17:41 12288 d-----w- c:\programdata\Microsoft Help
2009-09-16 21:37 . 2009-09-16 21:37 -------- d-----w- c:\program files\Microsoft
2009-09-16 21:37 . 2009-09-16 21:36 -------- d-----w- c:\program files\Windows Live
2009-09-16 21:37 . 2009-09-16 21:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 21:35 . 2009-09-16 21:35 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-14 09:50 . 2009-10-14 19:49 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 21:16 . 2008-12-03 19:15 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-04 16:44 . 2009-10-15 19:08 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-10-15 19:08 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-10-15 19:08 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-10-15 19:08 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-10-15 19:08 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-10-15 19:08 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-10-15 19:08 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-10-15 19:08 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 12:38 . 2009-10-14 19:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 15:21 . 2009-10-14 19:49 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 15:17 . 2009-10-14 19:49 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-08-31 15:16 . 2009-10-14 19:49 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 03:41 . 2009-09-02 22:03 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-02 22:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-02 22:03 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:57 . 2009-10-14 19:49 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-10-14 19:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-14 19:49 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-10-14 19:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-10-14 19:49 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:16 . 2009-09-09 10:48 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-09 10:48 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-09 10:48 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-09 10:48 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-09 10:48 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-09 10:48 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-09 10:48 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-09 10:48 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-09 10:48 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-09 10:48 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-09 10:48 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-09 10:48 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-09 10:48 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-13 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-18 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-12 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-01 3772416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/10/2009 17:18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/10/2009 17:18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/10/2009 17:17 53328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1179232]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [15/03/2007 15:24 217600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:58]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kiyut12j.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 19:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2008\\games"
"ShortlistDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2008\\shortlists"
"ScreenshotsDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2008"
"SaveDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2008\\"
"HistoryDir"="c:\\Users\\Josh\\Desktop\\FM Genie Scout 2008\\History Points"
"LangDB"=""
"LastSaveGame"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2008\\games\\network.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"Currency"=dword:00000056
"WindowHeight"=dword:000002d9
"WindowWidth"=dword:00000400
"WindowLeft"=dword:000000d0
"WindowTop"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000085
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000066
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000059
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:0000004d
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000021
"Position5"=dword:00000008
"Visible5"=dword:00000001
"Width5"=dword:00000027
"Position6"=dword:00000009
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000b
"Visible7"=dword:00000001
"Width7"=dword:0000004d
"Position8"=dword:0000000c
"Visible8"=dword:00000001
"Width8"=dword:0000004c
"Position9"=dword:0000000d
"Visible9"=dword:00000001
"Width9"=dword:0000004e
"Position10"=dword:0000000e
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000f
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000010
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000011
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000012
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000013
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000014
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000015
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000016
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000017
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000018
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000019
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001a
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:00000094
"Visible23"=dword:00000001
"Width23"=dword:00000050
"Position24"=dword:0000001b
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001c
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001d
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001e
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:0000001f
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000020
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000021
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000022
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000023
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000024
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000025
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000026
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:00000027
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000028
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000029
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:0000002a
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002b
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:0000002c
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:0000002d
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002e
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002f
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000030
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000031
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000032
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:00000059
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000005a
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000005b
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000005c
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000005d
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000005e
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:0000005f
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000060
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000061
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000062
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000063
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000064
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000065
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000066
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000067
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:00000068
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:00000069
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000006a
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000006b
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000006c
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000006d
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000006e
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:0000006f
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000070
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000071
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000072
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000073
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000074
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000075
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000076
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000077
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000078
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:00000079
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000007a
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000007b
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000007c
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000007d
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000007e
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:0000007f
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000080
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000081
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000082
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000083
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000084
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000085
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000086
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000087
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000088
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:00000089
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000008a
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000008b
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000008c
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000008d
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000008e
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:0000008f
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000090
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000091
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000092
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:00000093
"Visible106"=dword:00000001
"Width106"=dword:0000004e
"Position107"=dword:0000000a
"Visible107"=dword:00000001
"Width107"=dword:00000027
"Position108"=dword:00000033
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:00000034
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000035
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000036
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000037
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000038
"Visible113"=dword:00000000
"Width113"=dword:0000000a
"Position114"=dword:00000039
"Visible114"=dword:00000000
"Width114"=dword:0000000a
"Position115"=dword:0000003a
"Visible115"=dword:00000000
"Width115"=dword:00000072
"Position116"=dword:0000003b
"Visible116"=dword:00000000
"Width116"=dword:0000000a
"Position117"=dword:0000003c
"Visible117"=dword:00000000
"Width117"=dword:0000000a
"Position118"=dword:0000003d
"Visible118"=dword:00000000
"Width118"=dword:0000000a
"Position119"=dword:0000003e
"Visible119"=dword:00000000
"Width119"=dword:0000000a
"Position120"=dword:0000003f
"Visible120"=dword:00000000
"Width120"=dword:0000000a
"Position121"=dword:00000040
"Visible121"=dword:00000000
"Width121"=dword:0000000a
"Position122"=dword:00000041
"Visible122"=dword:00000000
"Width122"=dword:0000000a
"Position123"=dword:00000042
"Visible123"=dword:00000000
"Width123"=dword:0000000a
"Position124"=dword:00000043
"Visible124"=dword:00000000
"Width124"=dword:0000000a
"Position125"=dword:00000044
"Visible125"=dword:00000000
"Width125"=dword:0000000a
"Position126"=dword:00000045
"Visible126"=dword:00000000
"Width126"=dword:0000000a
"Position127"=dword:00000046
"Visible127"=dword:00000000
"Width127"=dword:0000000a
"Position128"=dword:00000047
"Visible128"=dword:00000000
"Width128"=dword:0000000a
"Position129"=dword:00000048
"Visible129"=dword:00000000
"Width129"=dword:0000000a
"Position130"=dword:00000049
"Visible130"=dword:00000000
"Width130"=dword:0000000a
"Position131"=dword:0000004a
"Visible131"=dword:00000000
"Width131"=dword:0000000a
"Position132"=dword:0000004b
"Visible132"=dword:00000000
"Width132"=dword:0000000a
"Position133"=dword:0000004c
"Visible133"=dword:00000000
"Width133"=dword:0000000a
"Position134"=dword:0000004d
"Visible134"=dword:00000000
"Width134"=dword:0000000a
"Position135"=dword:0000004e
"Visible135"=dword:00000000
"Width135"=dword:0000000a
"Position136"=dword:0000004f
"Visible136"=dword:00000000
"Width136"=dword:0000000a
"Position137"=dword:00000050
"Visible137"=dword:00000000
"Width137"=dword:0000000a
"Position138"=dword:00000051
"Visible138"=dword:00000000
"Width138"=dword:0000000a
"Position139"=dword:00000052
"Visible139"=dword:00000000
"Width139"=dword:0000000a
"Position140"=dword:00000053
"Visible140"=dword:00000000
"Width140"=dword:0000000a
"Position141"=dword:00000054
"Visible141"=dword:00000000
"Width141"=dword:0000000a
"Position142"=dword:00000055
"Visible142"=dword:00000000
"Width142"=dword:0000000a
"Position143"=dword:00000056
"Visible143"=dword:00000000
"Width143"=dword:0000000a
"Position144"=dword:00000057
"Visible144"=dword:00000000
"Width144"=dword:0000000a
"Position145"=dword:00000058
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000005
"Visible146"=dword:00000001
"Width146"=dword:00000038
"Position147"=dword:00000006
"Visible147"=dword:00000001
"Width147"=dword:00000024
"Position148"=dword:00000095
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000027

[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000001
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000069
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006c
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000067
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:00000068
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000068
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000067
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005

[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"GameDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Josh\\Desktop\\FM Genie Scout 2009\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009b73
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="84-8A00-EC2F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-3486561834-126785545-3200813264-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Josh\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Josh\\Desktop\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009b7b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="84-8A00-EC2F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"GraphStep"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-08 19:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 19:47
ComboFix2.txt 2009-11-08 12:43

Pre-Run: 8,233,562,112 bytes free
Post-Run: 7,993,098,240 bytes free

- - End Of File - - 28C4820DDEA48D6C987A296327D55A9D
Attached Files
File Type: zip ComboFix.zip (11.6 KB, 2 views)
Last edited by Ried; 11-08-2009 at 04:16 PM. Reason: edited in CF.txt for easier review
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 02:34 PM   #6 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
Hi,

Entertainment Programs

Regarding SopCast 2.0.4, it's not uncommon for TV and entertainment portals to utilize unsafe P2P programs, perhaps not even fully understanding the safety issue. Use of entertainment programs often results in symptoms of port traffic and cpu spikes indicative of activity taking place not generated by the user and without his/her knowledge and/or approval. They may be responsible for or contributing to your system being slow.

You may want to consider uninstalling that program.

=================

Quote:
if i had two computer hooked to a home hub but had a p2p downloader on one of them would this be potentially harmful to the other?
It is not uncommon for infections to spread to other computers on a network. So yes, there is the potential for any computer on your home network to be infected if one computer downloads an infection via P2P.

=================

Run a custom CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code:
Rootkit::
c:\windows\system32\wbem\Performance\WmiApRpl_new.h

DirLook::
c:\programdata\3b171
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=================

Show All Files And Folders in Vista
Now you need to show all files and folders
  • Click Start.
  • Open "Computer".
  • Select the Organize menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck Hide file extensions for known file types
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

=================

Upload files for scanning
I'd like you to check a file/some files for malware.
Quote:
c:\programdata\3b171\mozcrt19.dll
c:\programdata\3b171\sqlite3.dll
  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.

=================

Please post the new Combofix log along with the VirusTotal/Jotti results.
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 03:48 PM   #7 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
Okay, done that!
Attached Files
File Type: zip ComboFix.zip (11.4 KB, 1 views)
File Type: zip VirusTotal 1.zip (9.9 KB, 1 views)
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 08:05 PM   #8 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
Hi Hollando,

Open notepad and copy/paste the text in the code box below into it:

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/428842-help.html#post2434205
Comment:: Carolyn - Windows System Defender
Killall::
Collect::
c:\programdata\3b171\WSD.ico
c:\programdata\3b171\WSDDSys\vd952342.bd
c:\programdata\3b171\mozcrt19.dll
c:\programdata\3b171\sqlite3.dll
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
    A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.


Please post the Combofix log for my review. We are almost done here
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 06:54 AM   #9 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
so glad we're nearly there, thanks for all your time, you've been great!
Attached Files
File Type: zip ComboFix.zip (11.4 KB, 1 views)
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 12:46 PM   #10 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
I'm sorry it took so long for me to reply.


Run a custom CFScript

Missed one folder. This should be the last CFScript though.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\programdata\3b171

SkipFix::
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 01:16 PM   #11 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
Dont worry bout taking a while, your helping, thats enough!
Attached Files
File Type: zip ComboFix.zip (11.3 KB, 1 views)
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 01:22 PM   #12 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
Hello again

This is my general post for when your logs show no more signs of malware Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please delete DDS.exe from your computer

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.


Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Please advise if this step is missed for any reason as it performs some important actions.


OTC

Download OTC by Old Timer and save it to your Desktop.
  • Right click OTC.exe and select Run as administrator
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set correct settings for files
    • Click Start > Computer > Organize menu (at top of page) > Folder and Search Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:
    Quote:
    Stop and Disable the DNS Client Service
    Go to Start, in the Start Search box type Run, when the run window opens type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 02:28 PM   #13 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
Hi again, im in the process of doing ALL of the above, however Malawarebytes just detected 3 infected files so thought it best i let you know. Log below:

Malwarebytes' Anti-Malware 1.41
Database version: 3149
Windows 6.0.6000

11/11/2009 21:24:55
mbam-log-2009-11-11 (21-24-42).txt

Scan type: Quick Scan
Objects scanned: 103758
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Josh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk (Rogue.WindowsSystemDefender) -> No action taken.
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 02:34 PM   #14 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
Okay ignore that last post,i panicked and did see the removal button, all done now though.
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 02:42 PM   #15 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 10
OS: vista


Re: Help
Thank you very much for all your time and help! i intend to use my computer in a much safer manner now! am i safe to log into my ebank account now?
hollando is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 02:58 PM   #16 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
To the best of my knowledge the computer is clean. But as you already know there are no guarantees that the computer is secure unless you format the hard drive and reinstall the operating system.
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-12-2009, 01:17 PM   #17 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 177
OS: XP & Vista


Re: Help
Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:48 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85