1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infection Help - Anti Virus out of commission

Discussion in 'Virus & Other Malware Removal' started by notadolphin, Apr 17, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Hi there,

    I was wondering if someone here could give me some help. My computer has recently been running very slowly and I have been having problems with Firefox in that, whenever I download a file, the program crashes.

    This led me to try and carry out a virus scan. However, when I tried to do so in AVG Anti-Virus Free, I noticed that none of the anti virus components were displayed and I saw a message saying that none of the components were active. Because none were displayed, I couldn't select them to make them active. This is all despite the fact that the Security Centre was telling me that my anti virus was running and up to date.

    I tried a scan using AVG: nothing. I tried a scan using Panda Security's online Active Scan and it found a trojan at C:\apps\homepage\homepgui.exe but gave me no way of removing it. I then tried to point Windows Malicious Software Removal Tool at that folder but it wouldn't let me for some reason. Instead it began to scan as if I'd told it to scan the whole of the C drive but then completed itself after scanning only about 3000 objects.

    I'd be very grateful if anyone here could assist me with sorting out the various problems I've been having. Glad to give any other information which might be needed and my HJT Log is posted below.

    Thanks in advance.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:06:55, on 17/04/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Razer\razerhid.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Razer\razertra.exe
    C:\Program Files\Razer\razerofa.exe
    C:\Program Files\Last.fm\LastFM.exe
    D:\My Documents\Downloads\windows-kb890830-v3.6.exe
    d:\4bc62d4a5f9a49e096c4eef2\mrtstub.exe
    C:\WINDOWS\system32\MRT.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [AutoConnect] C:\DOCUME~1\notad\LOCALS~1\Temp\{C0206E16-9C35-4BA5-935F-0464770B2D06}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe BCMALL
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
    O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1212429484937
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212429304624
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 5081 bytes
     
  2. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Just bumping my post.
     
  3. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Bumping again
     
  4. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    And bumping again. Any help available?
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    you have 2 running active antiviruses

    AVG & Microsoft Security essentials

    Uninstall AVG & it will probably be all OK
     
  6. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Hi there. Thanks for replying. Unfortunately, I don't think I've ever installed Microsoft Security Essentials and, when I uninstalled AVG, the Security Center now tells me that no virus protection is found on the computer at all.

    I have reinstalled AVG for the time being. Could you possibly make any further suggestions?

    Thanks very much.
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  8. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Hello again. I've appended the ComboFix log below. I should tell you, however, that I am no longer able to log in to windows as normal without it crashing. All appears fine except that when I hover over the taskbar, I get the egg timer cursor and am unable to select anything on the taskbar. Additionally, if I try to do anything involving the desktop, I immediately get the egg timer cursor there too and am unable to do anything further.

    As such, I had to run ComboFix in safe mode and this meant that it was impossible to disable AVG Anti-Virus Free 9.0 before the scan as you can only do this outside of safe mode.

    Thanks again for the continued help! I look forward to hearing from you.




    ComboFix 10-04-21.01 - notadolphin 25/04/2010 16:29:35.1.1 - x86
    Running from: C:\Documents and Settings\notadolphin\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
    .

    2010-04-24 12:06:38 . 2010-04-24 12:06:41 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
    2010-04-24 12:06:33 . 2010-04-24 12:06:37 242896 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
    2010-04-24 12:06:32 . 2010-04-24 12:06:33 216200 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
    2010-04-24 12:06:28 . 2010-04-25 10:02:57 -------- d-----w- C:\WINDOWS\system32\drivers\Avg
    2010-04-24 12:06:28 . 2010-04-24 12:06:31 29512 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
    2010-04-24 12:00:50 . 2010-04-24 12:01:20 -------- d-----w- C:\Documents and Settings\All Users\Application Data\avg9
    2010-04-19 16:13:19 . 2010-04-18 16:07:05 15880 ----a-w- C:\WINDOWS\system32\lsdelete.exe
    2010-04-18 16:06:56 . 2010-04-18 16:06:59 6330848 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2010-04-18 16:06:55 . 2010-04-18 16:06:55 94712 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2010-04-18 16:06:55 . 2010-04-18 16:06:55 329560 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2010-04-18 16:06:52 . 2010-04-18 16:06:52 17480 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
    2010-04-18 16:06:47 . 2010-04-18 16:06:48 966104 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2010-04-18 16:06:46 . 2010-04-18 16:06:47 849744 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2010-04-18 16:06:45 . 2010-04-18 16:06:46 855864 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-04-18 16:06:44 . 2010-04-18 16:06:45 1597952 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2010-04-18 16:06:43 . 2010-04-18 16:06:43 818256 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2010-04-18 16:06:42 . 2010-04-18 16:06:43 1265264 ----a-w- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-04-18 15:59:05 . 2010-04-18 15:59:09 -------- dc-h--w- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-04-18 15:59:05 . 2010-02-04 15:53:47 2954656 -c--a-w- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-04-18 15:57:51 . 2010-04-18 15:59:17 -------- d-----w- C:\Program Files\Lavasoft
    2010-04-18 15:51:45 . 2010-04-20 07:10:39 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
    2010-04-18 15:51:45 . 2010-04-20 06:42:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-16 12:59:02 . 2009-06-30 08:37:16 28552 ----a-w- C:\WINDOWS\system32\drivers\pavboot.sys
    2010-04-16 12:58:17 . 2010-04-16 12:58:18 -------- d-----w- C:\Program Files\Panda Security
    2010-04-01 12:11:06 . 2010-04-01 12:11:06 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\Amazon
    2010-04-01 12:09:54 . 2010-04-01 12:09:54 -------- d-----w- C:\Program Files\Amazon
    2010-03-30 14:26:11 . 2010-03-30 20:49:22 -------- d-----w- C:\Program Files\Civilization 2

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-24 12:01:20 . 2008-06-03 01:31:23 -------- d-----w- C:\Program Files\AVG
    2010-04-22 21:42:17 . 2010-01-04 08:48:08 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\Spotify
    2010-04-22 21:37:28 . 2010-03-04 20:33:36 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\Skype
    2010-04-22 21:37:18 . 2010-03-20 18:09:34 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\FileZilla
    2010-04-22 21:21:03 . 2008-11-24 22:38:05 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\gtk-2.0
    2010-04-22 20:42:48 . 2010-03-04 20:35:51 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\skypePM
    2010-04-18 15:57:51 . 2008-05-29 21:52:48 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2010-04-17 14:25:47 . 2010-02-12 20:21:26 -------- d-----w- C:\Program Files\VoiceChatter
    2010-04-17 02:22:20 . 2009-07-19 20:19:49 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\vlc
    2010-04-14 00:39:54 . 2009-07-19 20:20:13 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\dvdcss
    2010-03-30 10:59:09 . 2010-02-09 23:17:09 50354 ----a-w- C:\Documents and Settings\notadolphin\Application Data\Facebook\uninstall.exe
    2010-03-30 10:58:52 . 2010-02-09 23:16:56 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\Facebook
    2010-03-30 10:18:35 . 2010-01-31 13:56:57 42624 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
    2010-03-21 23:18:21 . 2008-06-03 01:35:20 51392 ----a-w- C:\Documents and Settings\notadolphin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-20 18:09:13 . 2010-03-20 18:09:03 -------- d-----w- C:\Program Files\FileZilla FTP Client
    2010-03-20 18:01:04 . 2010-03-20 16:29:34 -------- d-----w- C:\Documents and Settings\notadolphin\Application Data\Trellian
    2010-03-20 16:29:22 . 2010-03-20 16:28:57 -------- d-----w- C:\Program Files\Trellian
    2010-03-07 16:33:18 . 2010-01-16 17:27:46 -------- d-----w- C:\Program Files\Steam
    2010-03-06 05:30:08 . 2010-03-06 05:30:08 5582848 ----a-w- C:\Documents and Settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_3.dll
    2010-03-04 20:35:54 . 2010-03-04 20:35:54 48 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat
    2010-03-04 20:32:37 . 2010-03-04 20:31:58 -------- d-----r- C:\Program Files\Skype
    2010-03-04 20:32:12 . 2010-03-04 20:32:07 -------- d-----w- C:\Program Files\Common Files\Skype
    2010-03-04 20:31:55 . 2010-03-04 20:31:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Skype
    2010-02-28 02:32:23 . 2010-02-27 15:09:26 -------- d-s---w- C:\Program Files\Common Files\Teknum Systems
    2010-02-27 15:09:39 . 2010-02-27 15:09:39 36 ----a-w- C:\WINDOWS\TSNPL.dat
    2010-02-27 15:09:37 . 2010-02-27 15:09:37 1572 ----a-w- C:\WINDOWS\system32\tsdigsgn.dat
    2010-02-27 15:09:36 . 2010-02-27 15:09:23 -------- d-----w- C:\Program Files\HandyBits
    2010-02-27 15:09:27 . 2010-02-27 15:09:27 26624 ----a-w- C:\WINDOWS\system32\ssmenu.dll
    2010-02-04 15:53:02 . 2010-04-18 16:07:28 64288 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
    2010-02-01 22:04:44 . 2010-02-01 22:04:44 847040 ----a-w- C:\Documents and Settings\notadolphin\Application Data\Facebook\axfbootloader.dll
    2010-02-01 22:04:14 . 2010-02-01 22:04:14 5578752 ----a-w- C:\Documents and Settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_1.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-13 15:33:30 4351216]
    "Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2010-02-27 15:09:26 19456]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 15:07:20 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2001-12-13 08:27:08 290816]
    "razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 17:21:12 147456]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48:33 479232]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-06-20 13:21:45 148888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56:48 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-24 12:06:41 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-09-10 23:43:54 67488 ----a-w- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    2001-08-22 22:52:52 331830 ----a-w- C:\Program Files\Microsoft Works\wkssb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 07:56:53 1667584 ------w- C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-05-27 09:50:30 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    2001-10-05 01:34:51 24576 ----a-w- C:\Program Files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "WmdmPmSN"=3 (0x3)
    "VSS"=3 (0x3)
    "TermService"=3 (0x3)
    "SysmonLog"=3 (0x3)
    "SwPrv"=3 (0x3)
    "Spooler"=2 (0x2)
    "SLService"=2 (0x2)
    "seclogon"=2 (0x2)
    "Schedule"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "NtLmSsp"=3 (0x3)
    "Netlogon"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "ERSvc"=2 (0x2)
    "Dnscache"=2 (0x2)
    "BITS"=3 (0x3)
    "avg8wd"=2 (0x2)
    "avg8emc"=2 (0x2)
    "AdobeActiveFileMonitor6.0"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
    "C:\\UnrealTournament\\System\\UnrealTournament.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Spotify\\spotify.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "C:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19745:TCP"= 19745:TCP:Mircotorrent
    "19745:UDP"= 19745:UDP:Microtorrent

    R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [18/04/2010 17:07:28 64288]
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [16/04/2010 13:59:02 28552]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [24/04/2010 13:06:32 216200]
    R1 AvgTdiX;AVG Free Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [24/04/2010 13:06:33 242896]
    R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [24/04/2010 13:04:06 916760]
    R2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [24/04/2010 13:03:54 308064]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\drivers\ManyCam.sys [14/01/2008 11:06:32 21632]
    S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [16/06/2008 23:04:57 682232]
    S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\drivers\Razerlow.sys [29/05/2008 21:41:58 13225]
    S3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [01/01/1980 296179]
    S3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [01/01/1980 231855]
    S3 V90drv;v90drv;C:\WINDOWS\system32\drivers\v90drv.sys [01/01/1980 1432836]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-25 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52:58 . 2010-04-18 16:06:46]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
    IE: Copy to Semagic - C:\Program Files\Semagic\copy.htm
    IE: Semagic - C:\Program Files\Semagic\link.htm
    DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    FF - ProfilePath - C:\Documents and Settings\notadolphin\Application Data\Mozilla\Firefox\Profiles\jwt8odmc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig|about:blank
    FF - component: C:\Program Files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: C:\Documents and Settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: C:\Documents and Settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: C:\Program Files\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files\Veetle\plugins\npVeetle.dll

    ---- FIREFOX POLICIES ----
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
    HKLM-Run-Cmaudio - cmicnfg.cpl
    HKLM-Run-MSSE - C:\Program Files\Microsoft Security Essentials\msseces.exe
    MSConfigStartUp-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    reboot to normal mode &

    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    It will do a quick scan automatically, when that finishes if it says "rootkit activity detected" then Stop there & press copy & post back the log it makes.
    Do NOT allow it to perform a full scan at this time

    If there is No warning of rootkit activity then select the rootkit tab & press scan. When it finishes press copy & post back the log it makes
     
  10. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Hey. Like I say, I can't boot up Windows in normal mode without it crashing any more, so I had to run gmer in safe mode. It did not locate any rootkit activity and the subsequent scan log is copied below.

    Continuing thanks for your continuing help.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-25 22:16:35
    Windows 5.1.2600 Service Pack 2
    Running: frenchtoastytoast.exe; Driver: C:\DOCUME~1\notadolphin\LOCALS~1\Temp\pwtiipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF756787E]
    SSDT sptd.sys ZwEnumerateKey [0xF7384E2C]
    SSDT sptd.sys ZwEnumerateValueKey [0xF73851BA]
    SSDT sptd.sys ZwOpenKey [0xF737F0B0]
    SSDT sptd.sys ZwQueryKey [0xF7385292]
    SSDT sptd.sys ZwQueryValueKey [0xF7385112]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7567BFE]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 2 Bytes [7E, 78] {JLE 0x7a}
    .text ntoskrnl.exe!_abnormal_termination + F6 804E2DC7 1 Byte [F7]
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text USBPORT.SYS!DllUnload F703862C 5 Bytes JMP 86A9D780
    ? System32\Drivers\a8jcodmk.SYS The system cannot find the path specified. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7395886] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7395832] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73B7892] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7395886] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F737FAD4] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F737FC1A] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F737FB9C] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7380748] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F738061E] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7394ACA] sptd.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86B4B1E8
    Device \FileSystem\Fastfat \FatCdrom 865E47A0

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbohci \Device\USBPDO-0 86A1C7A0
    Device \Driver\usbohci \Device\USBPDO-1 86A1C7A0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E2E84747-AF32-455C-959F-92F1715D36F1} 8683B668

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{95002D4A-CD62-48AE-A780-CC52F803A0A3} 8683B668
    Device \Driver\Ftdisk \Device\HarddiskVolume1 86BD31E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 86BD31E8
    Device \Driver\Cdrom \Device\CdRom0 86A7C7A0
    Device \Driver\Cdrom \Device\CdRom1 86A7C7A0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 86BD21E8
    Device \Driver\atapi \Device\Ide\IdePort0 86BD21E8
    Device \Driver\atapi \Device\Ide\IdePort1 86BD21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86BD21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86BD21E8
    Device \Driver\PCI_NTPNP7632 \Device\00000075 sptd.sys
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8683B668
    Device \Driver\NetBT \Device\NetbiosSmb 8683B668

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbohci \Device\USBFDO-0 86A1C7A0
    Device \Driver\usbohci \Device\USBFDO-1 86A1C7A0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 868287A0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 868287A0
    Device \Driver\Ftdisk \Device\FtControl 86BD31E8
    Device \Driver\a8jcodmk \Device\Scsi\a8jcodmk1 8695D3E0
    Device \Driver\a8jcodmk \Device\Scsi\a8jcodmk1Port2Path0Target0Lun0 8695D3E0
    Device \FileSystem\Fastfat \Fat 865E47A0

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 868097A0

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xC6 0x64 0x9E 0x4F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x5A 0x1F 0x92 0x41 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4C 0xF0 0xF6 0x35 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xC6 0x64 0x9E 0x4F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x5A 0x1F 0x92 0x41 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4C 0xF0 0xF6 0x35 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

    ---- EOF - GMER 1.0.15 ----
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.

    then run combofix again please
     
  12. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Defogger downloaded and run. Combofix run again and log posted below. Also, just to let you know that my computer has allowed me to boot it up in normal mode again these past two times.

    ComboFix 10-04-26.02 - notadolphin 26/04/2010 22:56:17.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.526 [GMT 1:00]
    Running from: c:\documents and settings\notadolphin\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
    .

    2010-04-24 12:06 . 2010-04-24 12:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-24 12:06 . 2010-04-24 12:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-24 12:06 . 2010-04-24 12:06 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-24 12:06 . 2010-04-26 18:54 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-04-24 12:06 . 2010-04-24 12:06 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-24 12:00 . 2010-04-24 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-19 16:13 . 2010-04-18 16:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-04-18 16:06 . 2010-04-18 16:06 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2010-04-18 16:06 . 2010-04-18 16:06 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2010-04-18 16:06 . 2010-04-18 16:06 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2010-04-18 16:06 . 2010-04-18 16:06 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
    2010-04-18 16:06 . 2010-04-18 16:06 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2010-04-18 16:06 . 2010-04-18 16:06 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2010-04-18 16:06 . 2010-04-18 16:06 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-04-18 16:06 . 2010-04-18 16:06 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2010-04-18 16:06 . 2010-04-18 16:06 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2010-04-18 16:06 . 2010-04-18 16:06 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-04-18 15:59 . 2010-04-18 15:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-04-18 15:59 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-04-18 15:57 . 2010-04-18 15:59 -------- d-----w- c:\program files\Lavasoft
    2010-04-18 15:51 . 2010-04-20 07:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-18 15:51 . 2010-04-20 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-16 12:59 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-16 12:58 . 2010-04-16 12:58 -------- d-----w- c:\program files\Panda Security
    2010-04-01 12:11 . 2010-04-01 12:11 -------- d-----w- c:\documents and settings\notadolphin\Application Data\Amazon
    2010-04-01 12:09 . 2010-04-01 12:09 -------- d-----w- c:\program files\Amazon
    2010-03-30 14:26 . 2010-03-30 20:49 -------- d-----w- c:\program files\Civilization 2

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-26 20:55 . 2010-01-04 08:48 -------- d-----w- c:\documents and settings\notadolphin\Application Data\Spotify
    2010-04-24 12:01 . 2008-06-03 01:31 -------- d-----w- c:\program files\AVG
    2010-04-22 21:37 . 2010-03-04 20:33 -------- d-----w- c:\documents and settings\notadolphin\Application Data\Skype
    2010-04-22 21:37 . 2010-03-20 18:09 -------- d-----w- c:\documents and settings\notadolphin\Application Data\FileZilla
    2010-04-22 21:21 . 2008-11-24 22:38 -------- d-----w- c:\documents and settings\notadolphin\Application Data\gtk-2.0
    2010-04-22 20:42 . 2010-03-04 20:35 -------- d-----w- c:\documents and settings\notadolphin\Application Data\skypePM
    2010-04-18 15:57 . 2008-05-29 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-04-17 14:25 . 2010-02-12 20:21 -------- d-----w- c:\program files\VoiceChatter
    2010-04-17 02:22 . 2009-07-19 20:19 -------- d-----w- c:\documents and settings\notadolphin\Application Data\vlc
    2010-04-14 00:39 . 2009-07-19 20:20 -------- d-----w- c:\documents and settings\notadolphin\Application Data\dvdcss
    2010-03-30 10:59 . 2010-02-09 23:17 50354 ----a-w- c:\documents and settings\notadolphin\Application Data\Facebook\uninstall.exe
    2010-03-30 10:58 . 2010-02-09 23:16 -------- d-----w- c:\documents and settings\notadolphin\Application Data\Facebook
    2010-03-30 10:18 . 2010-01-31 13:56 42624 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-03-21 23:18 . 2008-06-03 01:35 51392 ----a-w- c:\documents and settings\notadolphin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-20 18:09 . 2010-03-20 18:09 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-03-20 18:01 . 2010-03-20 16:29 -------- d-----w- c:\documents and settings\notadolphin\Application Data\Trellian
    2010-03-20 16:29 . 2010-03-20 16:28 -------- d-----w- c:\program files\Trellian
    2010-03-07 16:33 . 2010-01-16 17:27 -------- d-----w- c:\program files\Steam
    2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_3.dll
    2010-03-04 20:35 . 2010-03-04 20:35 48 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-03-04 20:32 . 2010-03-04 20:31 -------- d-----r- c:\program files\Skype
    2010-03-04 20:32 . 2010-03-04 20:32 -------- d-----w- c:\program files\Common Files\Skype
    2010-03-04 20:31 . 2010-03-04 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-02-28 02:32 . 2010-02-27 15:09 -------- d-s---w- c:\program files\Common Files\Teknum Systems
    2010-02-27 15:09 . 2010-02-27 15:09 36 ----a-w- c:\windows\TSNPL.dat
    2010-02-27 15:09 . 2010-02-27 15:09 1572 ----a-w- c:\windows\system32\tsdigsgn.dat
    2010-02-27 15:09 . 2010-02-27 15:09 -------- d-----w- c:\program files\HandyBits
    2010-02-27 15:09 . 2010-02-27 15:09 26624 ----a-w- c:\windows\system32\ssmenu.dll
    2010-02-04 15:53 . 2010-04-18 16:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\notadolphin\Application Data\Facebook\axfbootloader.dll
    2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_1.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_15.42.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-04-26 21:42 . 2010-04-26 21:42 16384 c:\windows\Temp\Perflib_Perfdata_350.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-13 4351216]
    "Update Service"="c:\progra~1\COMMON~1\TEKNUM~1\update.exe" [2010-02-27 19456]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiS KHooker"="c:\windows\System32\khooker.exe" [2001-12-13 290816]
    "razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
    "Cmaudio"="cmicnfg.cpl" [BU]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-24 12:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-09-10 23:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    2001-08-22 22:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    c:\program files\Microsoft Works\WkDetect.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 07:56 1667584 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    2001-10-05 01:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "WmdmPmSN"=3 (0x3)
    "VSS"=3 (0x3)
    "TermService"=3 (0x3)
    "SysmonLog"=3 (0x3)
    "SwPrv"=3 (0x3)
    "Spooler"=2 (0x2)
    "SLService"=2 (0x2)
    "seclogon"=2 (0x2)
    "Schedule"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "NtLmSsp"=3 (0x3)
    "Netlogon"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "ERSvc"=2 (0x2)
    "Dnscache"=2 (0x2)
    "BITS"=3 (0x3)
    "avg8wd"=2 (0x2)
    "avg8emc"=2 (0x2)
    "AdobeActiveFileMonitor6.0"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
    "c:\\UnrealTournament\\System\\UnrealTournament.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19745:TCP"= 19745:TCP:Mircotorrent
    "19745:UDP"= 19745:UDP:Microtorrent

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2010 17:07 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16/04/2010 13:59 28552]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/04/2010 13:06 216200]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/04/2010 13:06 242896]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [24/04/2010 13:04 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24/04/2010 13:03 308064]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1265264]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]
    S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [29/05/2008 21:41 13225]
    S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [01/01/1980 296179]
    S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [01/01/1980 231855]
    S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [01/01/1980 1432836]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:06]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Copy to Semagic - c:\program files\Semagic\copy.htm
    IE: Semagic - c:\program files\Semagic\link.htm
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\notadolphin\Application Data\Mozilla\Firefox\Profiles\jwt8odmc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig|about:blank
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\notadolphin\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-26 23:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3382837541-4112072125-1276491546-1005\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
    "GameDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2008\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2008"
    "SaveDir"="d:\\My Documents\\Sports Interactive\\Football Manager 2008\\"
    "HistoryDir"="c:\\Documents and Settings\\notadolphin\\Desktop\\Scout\\FM Genie Scout 2008\\History Points"
    "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2008\\data\\db\\800\\lang_db.dat"
    "LastSaveGame"="d:\\My Documents\\Sports Interactive\\Football Manager 2008\\games\\Aberdeen 1.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000000
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinID"=dword:00000001
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "WindowState"=dword:00000002
    "Currency"=dword:00000056
    "WindowHeight"=dword:00000360
    "WindowWidth"=dword:00000471
    "WindowLeft"=dword:00000048
    "WindowTop"=dword:00000030
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_USERS\S-1-5-21-3382837541-4112072125-1276491546-1005\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000032
    "Position4"=dword:00000004
    "Visible4"=dword:00000001
    "Width4"=dword:00000032
    "Position5"=dword:00000005
    "Visible5"=dword:00000001
    "Width5"=dword:00000050
    "Position6"=dword:00000006
    "Visible6"=dword:00000001
    "Width6"=dword:00000050
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000002d
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000001e
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000001e
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000001e
    "Position13"=dword:0000000d
    "Visible13"=dword:00000001
    "Width13"=dword:0000003c
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000032
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:00000032
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000032
    "Position17"=dword:00000011
    "Visible17"=dword:00000001
    "Width17"=dword:00000050
    "Position18"=dword:00000012
    "Visible18"=dword:00000001
    "Width18"=dword:00000050
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050

    [HKEY_USERS\S-1-5-21-3382837541-4112072125-1276491546-1005\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000038
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000076
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000043
    "Position4"=dword:00000008
    "Visible4"=dword:00000001
    "Width4"=dword:00000021
    "Position5"=dword:00000009
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:0000000a
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:0000000c
    "Visible7"=dword:00000001
    "Width7"=dword:0000004b
    "Position8"=dword:0000000d
    "Visible8"=dword:00000001
    "Width8"=dword:0000004b
    "Position9"=dword:0000000e
    "Visible9"=dword:00000001
    "Width9"=dword:0000004f
    "Position10"=dword:00000010
    "Visible10"=dword:00000000
    "Width10"=dword:00000050
    "Position11"=dword:00000011
    "Visible11"=dword:00000000
    "Width11"=dword:0000004b
    "Position12"=dword:00000012
    "Visible12"=dword:00000000
    "Width12"=dword:0000002d
    "Position13"=dword:00000013
    "Visible13"=dword:00000000
    "Width13"=dword:0000003c
    "Position14"=dword:00000014
    "Visible14"=dword:00000000
    "Width14"=dword:0000004b
    "Position15"=dword:00000015
    "Visible15"=dword:00000000
    "Width15"=dword:00000064
    "Position16"=dword:00000016
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000017
    "Visible17"=dword:00000000
    "Width17"=dword:0000004b
    "Position18"=dword:00000018
    "Visible18"=dword:00000000
    "Width18"=dword:00000064
    "Position19"=dword:00000019
    "Visible19"=dword:00000001
    "Width19"=dword:00000033
    "Position20"=dword:0000001a
    "Visible20"=dword:00000000
    "Width20"=dword:0000004b
    "Position21"=dword:0000001b
    "Visible21"=dword:00000000
    "Width21"=dword:00000050
    "Position22"=dword:0000001c
    "Visible22"=dword:00000000
    "Width22"=dword:00000073
    "Position23"=dword:0000001d
    "Visible23"=dword:00000000
    "Width23"=dword:00000050
    "Position24"=dword:0000001e
    "Visible24"=dword:00000000
    "Width24"=dword:0000005a
    "Position25"=dword:0000001f
    "Visible25"=dword:00000000
    "Width25"=dword:0000006e
    "Position26"=dword:00000020
    "Visible26"=dword:00000000
    "Width26"=dword:00000064
    "Position27"=dword:00000021
    "Visible27"=dword:00000000
    "Width27"=dword:00000087
    "Position28"=dword:00000022
    "Visible28"=dword:00000000
    "Width28"=dword:00000064
    "Position29"=dword:00000023
    "Visible29"=dword:00000000
    "Width29"=dword:00000064
    "Position30"=dword:00000024
    "Visible30"=dword:00000000
    "Width30"=dword:00000046
    "Position31"=dword:00000025
    "Visible31"=dword:00000000
    "Width31"=dword:0000004b
    "Position32"=dword:00000026
    "Visible32"=dword:00000000
    "Width32"=dword:00000046
    "Position33"=dword:00000027
    "Visible33"=dword:00000000
    "Width33"=dword:0000004b
    "Position34"=dword:00000028
    "Visible34"=dword:00000000
    "Width34"=dword:0000003c
    "Position35"=dword:0000002a
    "Visible35"=dword:00000000
    "Width35"=dword:00000064
    "Position36"=dword:0000002e
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000030
    "Visible37"=dword:00000000
    "Width37"=dword:0000005f
    "Position38"=dword:00000033
    "Visible38"=dword:00000000
    "Width38"=dword:00000091
    "Position39"=dword:00000035
    "Visible39"=dword:00000000
    "Width39"=dword:0000003c
    "Position40"=dword:0000002c
    "Visible40"=dword:00000000
    "Width40"=dword:00000024
    "Position41"=dword:00000036
    "Visible41"=dword:00000000
    "Width41"=dword:00000041
    "Position42"=dword:00000029
    "Visible42"=dword:00000000
    "Width42"=dword:00000050
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000055
    "Position44"=dword:0000002d
    "Visible44"=dword:00000000
    "Width44"=dword:00000022
    "Position45"=dword:00000037
    "Visible45"=dword:00000000
    "Width45"=dword:00000050
    "Position46"=dword:00000038
    "Visible46"=dword:00000000
    "Width46"=dword:0000004b
    "Position47"=dword:00000039
    "Visible47"=dword:00000000
    "Width47"=dword:0000004b
    "Position48"=dword:0000003a
    "Visible48"=dword:00000000
    "Width48"=dword:00000046
    "Position49"=dword:0000003b
    "Visible49"=dword:00000000
    "Width49"=dword:00000032
    "Position50"=dword:0000003c
    "Visible50"=dword:00000000
    "Width50"=dword:0000003c
    "Position51"=dword:0000003d
    "Visible51"=dword:00000000
    "Width51"=dword:0000004b
    "Position52"=dword:0000003e
    "Visible52"=dword:00000000
    "Width52"=dword:0000003c
    "Position53"=dword:0000003f
    "Visible53"=dword:00000000
    "Width53"=dword:00000037
    "Position54"=dword:00000040
    "Visible54"=dword:00000000
    "Width54"=dword:00000069
    "Position55"=dword:00000041
    "Visible55"=dword:00000000
    "Width55"=dword:0000005a
    "Position56"=dword:00000044
    "Visible56"=dword:00000000
    "Width56"=dword:0000004b
    "Position57"=dword:00000045
    "Visible57"=dword:00000000
    "Width57"=dword:0000004b
    "Position58"=dword:00000046
    "Visible58"=dword:00000000
    "Width58"=dword:00000037
    "Position59"=dword:00000047
    "Visible59"=dword:00000000
    "Width59"=dword:0000003c
    "Position60"=dword:00000048
    "Visible60"=dword:00000000
    "Width60"=dword:0000003c
    "Position61"=dword:00000049
    "Visible61"=dword:00000000
    "Width61"=dword:00000041
    "Position62"=dword:0000004a
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000004b
    "Visible63"=dword:00000000
    "Width63"=dword:0000003c
    "Position64"=dword:0000004c
    "Visible64"=dword:00000000
    "Width64"=dword:0000003c
    "Position65"=dword:0000004d
    "Visible65"=dword:00000000
    "Width65"=dword:0000004b
    "Position66"=dword:0000004e
    "Visible66"=dword:00000000
    "Width66"=dword:0000003c
    "Position67"=dword:0000004f
    "Visible67"=dword:00000000
    "Width67"=dword:00000046
    "Position68"=dword:00000050
    "Visible68"=dword:00000000
    "Width68"=dword:00000028
    "Position69"=dword:00000051
    "Visible69"=dword:00000000
    "Width69"=dword:00000041
    "Position70"=dword:00000052
    "Visible70"=dword:00000000
    "Width70"=dword:0000003c
    "Position71"=dword:00000053
    "Visible71"=dword:00000000
    "Width71"=dword:00000069
    "Position72"=dword:00000054
    "Visible72"=dword:00000000
    "Width72"=dword:00000041
    "Position73"=dword:00000055
    "Visible73"=dword:00000000
    "Width73"=dword:0000005f
    "Position74"=dword:00000056
    "Visible74"=dword:00000000
    "Width74"=dword:0000003c
    "Position75"=dword:00000057
    "Visible75"=dword:00000000
    "Width75"=dword:00000037
    "Position76"=dword:00000058
    "Visible76"=dword:00000000
    "Width76"=dword:0000004b
    "Position77"=dword:00000059
    "Visible77"=dword:00000000
    "Width77"=dword:00000050
    "Position78"=dword:0000005a
    "Visible78"=dword:00000000
    "Width78"=dword:00000037
    "Position79"=dword:0000005b
    "Visible79"=dword:00000000
    "Width79"=dword:00000037
    "Position80"=dword:0000005c
    "Visible80"=dword:00000000
    "Width80"=dword:0000005a
    "Position81"=dword:0000005d
    "Visible81"=dword:00000000
    "Width81"=dword:0000004b
    "Position82"=dword:0000005e
    "Visible82"=dword:00000000
    "Width82"=dword:00000055
    "Position83"=dword:0000005f
    "Visible83"=dword:00000000
    "Width83"=dword:0000002d
    "Position84"=dword:00000060
    "Visible84"=dword:00000000
    "Width84"=dword:00000037
    "Position85"=dword:00000061
    "Visible85"=dword:00000000
    "Width85"=dword:0000003c
    "Position86"=dword:00000062
    "Visible86"=dword:00000000
    "Width86"=dword:00000046
    "Position87"=dword:00000063
    "Visible87"=dword:00000000
    "Width87"=dword:0000003c
    "Position88"=dword:00000064
    "Visible88"=dword:00000000
    "Width88"=dword:0000005a
    "Position89"=dword:00000065
    "Visible89"=dword:00000000
    "Width89"=dword:0000003c
    "Position90"=dword:00000066
    "Visible90"=dword:00000000
    "Width90"=dword:00000050
    "Position91"=dword:00000067
    "Visible91"=dword:00000000
    "Width91"=dword:00000046
    "Position92"=dword:00000068
    "Visible92"=dword:00000000
    "Width92"=dword:0000005a
    "Position93"=dword:00000069
    "Visible93"=dword:00000000
    "Width93"=dword:00000037
    "Position94"=dword:0000006a
    "Visible94"=dword:00000000
    "Width94"=dword:0000003c
    "Position95"=dword:0000006b
    "Visible95"=dword:00000000
    "Width95"=dword:0000003c
    "Position96"=dword:0000006c
    "Visible96"=dword:00000000
    "Width96"=dword:00000046
    "Position97"=dword:0000006d
    "Visible97"=dword:00000000
    "Width97"=dword:00000046
    "Position98"=dword:0000006e
    "Visible98"=dword:00000000
    "Width98"=dword:00000055
    "Position99"=dword:0000006f
    "Visible99"=dword:00000000
    "Width99"=dword:00000073
    "Position100"=dword:00000042
    "Visible100"=dword:00000000
    "Width100"=dword:00000041
    "Position101"=dword:00000070
    "Visible101"=dword:00000000
    "Width101"=dword:0000003c
    "Position102"=dword:00000071
    "Visible102"=dword:00000000
    "Width102"=dword:0000003c
    "Position103"=dword:00000072
    "Visible103"=dword:00000000
    "Width103"=dword:00000046
    "Position104"=dword:00000073
    "Visible104"=dword:00000000
    "Width104"=dword:0000003c
    "Position105"=dword:00000074
    "Visible105"=dword:00000000
    "Width105"=dword:00000041
    "Position106"=dword:0000000f
    "Visible106"=dword:00000001
    "Width106"=dword:00000050
    "Position107"=dword:0000000b
    "Visible107"=dword:00000001
    "Width107"=dword:00000028
    "Position108"=dword:00000043
    "Visible108"=dword:00000000
    "Width108"=dword:00000050
    "Position109"=dword:0000002f
    "Visible109"=dword:00000000
    "Width109"=dword:00000050
    "Position110"=dword:00000031
    "Visible110"=dword:00000000
    "Width110"=dword:00000055
    "Position111"=dword:00000032
    "Visible111"=dword:00000000
    "Width111"=dword:00000082
    "Position112"=dword:00000034
    "Visible112"=dword:00000000
    "Width112"=dword:00000087
    "Position113"=dword:00000075
    "Visible113"=dword:00000000
    "Width113"=dword:00000050
    "Position114"=dword:00000076
    "Visible114"=dword:00000001
    "Width114"=dword:00000032
    "Position115"=dword:00000077
    "Visible115"=dword:00000001
    "Width115"=dword:00000035
    "Position116"=dword:00000078
    "Visible116"=dword:00000001
    "Width116"=dword:00000031
    "Position117"=dword:00000079
    "Visible117"=dword:00000001
    "Width117"=dword:00000035
    "Position118"=dword:0000007a
    "Visible118"=dword:00000001
    "Width118"=dword:00000034
    "Position119"=dword:0000007b
    "Visible119"=dword:00000001
    "Width119"=dword:00000036
    "Position120"=dword:0000007c
    "Visible120"=dword:00000001
    "Width120"=dword:00000032
    "Position121"=dword:0000007d
    "Visible121"=dword:00000001
    "Width121"=dword:00000036
    "Position122"=dword:0000007e
    "Visible122"=dword:00000001
    "Width122"=dword:00000035
    "Position123"=dword:0000007f
    "Visible123"=dword:00000001
    "Width123"=dword:00000035
    "Position124"=dword:00000080
    "Visible124"=dword:00000001
    "Width124"=dword:00000034
    "Position125"=dword:00000081
    "Visible125"=dword:00000001
    "Width125"=dword:00000034
    "Position126"=dword:00000082
    "Visible126"=dword:00000001
    "Width126"=dword:00000031
    "Position127"=dword:00000083
    "Visible127"=dword:00000001
    "Width127"=dword:00000033
    "Position128"=dword:00000084
    "Visible128"=dword:00000001
    "Width128"=dword:00000034
    "Position129"=dword:00000085
    "Visible129"=dword:00000000
    "Width129"=dword:00000050
    "Position130"=dword:00000086
    "Visible130"=dword:00000000
    "Width130"=dword:00000050
    "Position131"=dword:00000087
    "Visible131"=dword:00000000
    "Width131"=dword:00000050
    "Position132"=dword:00000088
    "Visible132"=dword:00000000
    "Width132"=dword:00000050
    "Position133"=dword:00000089
    "Visible133"=dword:00000000
    "Width133"=dword:00000050
    "Position134"=dword:0000008a
    "Visible134"=dword:00000000
    "Width134"=dword:00000050
    "Position135"=dword:0000008b
    "Visible135"=dword:00000000
    "Width135"=dword:00000050
    "Position136"=dword:0000008c
    "Visible136"=dword:00000000
    "Width136"=dword:00000050
    "Position137"=dword:0000008d
    "Visible137"=dword:00000000
    "Width137"=dword:00000050
    "Position138"=dword:0000008e
    "Visible138"=dword:00000000
    "Width138"=dword:00000050
    "Position139"=dword:0000008f
    "Visible139"=dword:00000000
    "Width139"=dword:00000050
    "Position140"=dword:00000090
    "Visible140"=dword:00000000
    "Width140"=dword:00000050
    "Position141"=dword:00000091
    "Visible141"=dword:00000000
    "Width141"=dword:00000050
    "Position142"=dword:00000092
    "Visible142"=dword:00000000
    "Width142"=dword:00000050
    "Position143"=dword:00000093
    "Visible143"=dword:00000000
    "Width143"=dword:00000050
    "Position144"=dword:00000094
    "Visible144"=dword:00000000
    "Width144"=dword:00000050
    "Position145"=dword:00000095
    "Visible145"=dword:00000000
    "Width145"=dword:00000050
    "Position146"=dword:00000004
    "Visible146"=dword:00000000
    "Width146"=dword:00000037
    "Position147"=dword:00000005
    "Visible147"=dword:00000000
    "Width147"=dword:00000028
    "Position148"=dword:00000006
    "Visible148"=dword:00000000
    "Width148"=dword:00000037
    "Position149"=dword:00000007
    "Visible149"=dword:00000001
    "Width149"=dword:00000028

    [HKEY_USERS\S-1-5-21-3382837541-4112072125-1276491546-1005\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000069
    "Position4"=dword:00000005
    "Visible4"=dword:00000001
    "Width4"=dword:00000028
    "Position5"=dword:00000006
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:00000004
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000004b
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000002d
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000003c
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000004b
    "Position13"=dword:0000000d
    "Visible13"=dword:00000000
    "Width13"=dword:00000064
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000064
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:0000004b
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000011
    "Visible17"=dword:00000000
    "Width17"=dword:0000003c
    "Position18"=dword:00000012
    "Visible18"=dword:00000000
    "Width18"=dword:0000004b
    "Position19"=dword:00000013
    "Visible19"=dword:00000001
    "Width19"=dword:00000050
    "Position20"=dword:00000014
    "Visible20"=dword:00000000
    "Width20"=dword:00000046
    "Position21"=dword:00000015
    "Visible21"=dword:00000000
    "Width21"=dword:0000004b
    "Position22"=dword:00000016
    "Visible22"=dword:00000000
    "Width22"=dword:00000046
    "Position23"=dword:00000017
    "Visible23"=dword:00000000
    "Width23"=dword:00000046
    "Position24"=dword:00000018
    "Visible24"=dword:00000000
    "Width24"=dword:0000003c
    "Position25"=dword:00000019
    "Visible25"=dword:00000000
    "Width25"=dword:00000041
    "Position26"=dword:0000001a
    "Visible26"=dword:00000000
    "Width26"=dword:0000003c
    "Position27"=dword:0000001b
    "Visible27"=dword:00000000
    "Width27"=dword:00000055
    "Position28"=dword:0000001c
    "Visible28"=dword:00000000
    "Width28"=dword:00000069
    "Position29"=dword:0000001d
    "Visible29"=dword:00000000
    "Width29"=dword:0000006e
    "Position30"=dword:0000001e
    "Visible30"=dword:00000000
    "Width30"=dword:00000064
    "Position31"=dword:0000001f
    "Visible31"=dword:00000000
    "Width31"=dword:00000078
    "Position32"=dword:00000020
    "Visible32"=dword:00000000
    "Width32"=dword:00000064
    "Position33"=dword:00000021
    "Visible33"=dword:00000000
    "Width33"=dword:00000087
    "Position34"=dword:00000022
    "Visible34"=dword:00000000
    "Width34"=dword:00000069
    "Position35"=dword:00000023
    "Visible35"=dword:00000000
    "Width35"=dword:0000006e
    "Position36"=dword:00000024
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000025
    "Visible37"=dword:00000000
    "Width37"=dword:0000004b
    "Position38"=dword:00000026
    "Visible38"=dword:00000000
    "Width38"=dword:0000002d
    "Position39"=dword:00000027
    "Visible39"=dword:00000000
    "Width39"=dword:00000055
    "Position40"=dword:00000028
    "Visible40"=dword:00000000
    "Width40"=dword:00000046
    "Position41"=dword:00000029
    "Visible41"=dword:00000000
    "Width41"=dword:0000004b
    "Position42"=dword:0000002a
    "Visible42"=dword:00000000
    "Width42"=dword:0000003c
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000046
    "Position44"=dword:0000002c
    "Visible44"=dword:00000000
    "Width44"=dword:00000073
    "Position45"=dword:0000002d
    "Visible45"=dword:00000000
    "Width45"=dword:0000004b
    "Position46"=dword:0000002e
    "Visible46"=dword:00000001
    "Width46"=dword:00000073
    "Position47"=dword:0000002f
    "Visible47"=dword:00000000
    "Width47"=dword:0000007d
    "Position48"=dword:00000030
    "Visible48"=dword:00000000
    "Width48"=dword:0000006e
    "Position49"=dword:00000031
    "Visible49"=dword:00000000
    "Width49"=dword:00000037
    "Position50"=dword:00000032
    "Visible50"=dword:00000000
    "Width50"=dword:00000064
    "Position51"=dword:00000033
    "Visible51"=dword:00000000
    "Width51"=dword:00000037
    "Position52"=dword:00000034
    "Visible52"=dword:00000000
    "Width52"=dword:0000004b
    "Position53"=dword:00000035
    "Visible53"=dword:00000000
    "Width53"=dword:00000046
    "Position54"=dword:00000036
    "Visible54"=dword:00000000
    "Width54"=dword:00000037
    "Position55"=dword:00000037
    "Visible55"=dword:00000000
    "Width55"=dword:0000003c
    "Position56"=dword:00000038
    "Visible56"=dword:00000000
    "Width56"=dword:00000055
    "Position57"=dword:00000039
    "Visible57"=dword:00000000
    "Width57"=dword:0000003c
    "Position58"=dword:0000003a
    "Visible58"=dword:00000000
    "Width58"=dword:0000003c
    "Position59"=dword:0000003b
    "Visible59"=dword:00000000
    "Width59"=dword:00000055
    "Position60"=dword:0000003c
    "Visible60"=dword:00000000
    "Width60"=dword:00000046
    "Position61"=dword:0000003d
    "Visible61"=dword:00000000
    "Width61"=dword:0000004b
    "Position62"=dword:0000003e
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000003f
    "Visible63"=dword:00000000
    "Width63"=dword:0000005a
    "Position64"=dword:00000040
    "Visible64"=dword:00000000
    "Width64"=dword:0000006e
    "Position65"=dword:00000041
    "Visible65"=dword:00000000
    "Width65"=dword:00000050
    "Position66"=dword:00000042
    "Visible66"=dword:00000000
    "Width66"=dword:00000032
    "Position67"=dword:00000043
    "Visible67"=dword:00000000
    "Width67"=dword:00000064
    "Position68"=dword:00000044
    "Visible68"=dword:00000000
    "Width68"=dword:0000004b
    "Position69"=dword:00000045
    "Visible69"=dword:00000000
    "Width69"=dword:0000002d
    "Position70"=dword:00000046
    "Visible70"=dword:00000000
    "Width70"=dword:0000004b
    "Position71"=dword:00000047
    "Visible71"=dword:00000000
    "Width71"=dword:0000005a
    "Position72"=dword:00000048
    "Visible72"=dword:00000001
    "Width72"=dword:0000005a
    "Position73"=dword:00000049
    "Visible73"=dword:00000001
    "Width73"=dword:00000050
    "Position74"=dword:0000004a
    "Visible74"=dword:00000001
    "Width74"=dword:0000004b
    "Position75"=dword:0000004b
    "Visible75"=dword:00000000
    "Width75"=dword:00000050
    "Position76"=dword:0000004c
    "Visible76"=dword:00000000
    "Width76"=dword:0000005a
    "Position77"=dword:0000004d
    "Visible77"=dword:00000000
    "Width77"=dword:00000041
    "Position78"=dword:0000004e
    "Visible78"=dword:00000000
    "Width78"=dword:00000041
    "Position79"=dword:0000004f
    "Visible79"=dword:00000000
    "Width79"=dword:00000041
    "Position80"=dword:00000050
    "Visible80"=dword:00000000
    "Width80"=dword:00000041
    "Position81"=dword:00000051
    "Visible81"=dword:00000000
    "Width81"=dword:00000041
    "Position82"=dword:00000052
    "Visible82"=dword:00000000
    "Width82"=dword:00000041
    "Position83"=dword:00000053
    "Visible83"=dword:00000000
    "Width83"=dword:00000041
    "Position84"=dword:00000054
    "Visible84"=dword:00000000
    "Width84"=dword:00000041
    "Position85"=dword:00000055
    "Visible85"=dword:00000000
    "Width85"=dword:00000041
    "Position86"=dword:00000056
    "Visible86"=dword:00000000
    "Width86"=dword:00000050

    [HKEY_USERS\S-1-5-21-3382837541-4112072125-1276491546-1005\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
    "GKWeightCoef"=dword:00000064
    "GKCurrentAbilityCoef"=dword:00000000
    "GKCornersCoef"=dword:00000000
    "GKCrossingCoef"=dword:00000000
    "GKDribblingCoef"=dword:00000000
    "GKFinishingCoef"=dword:00000000
    "GKFirstTouchCoef"=dword:00000000
    "GKFreeKicksCoef"=dword:00000000
    "GKHeadingCoef"=dword:00000000
    "GKLongShotsCoef"=dword:00000000
    "GKLongThrowsCoef"=dword:00000000
    "GKMarkingCoef"=dword:00000000
    "GKPassingCoef"=dword:00000000
    "GKPenaltiesCoef"=dword:00000000
    "GKTacklingCoef"=dword:00000005
    "GKTechniqueCoef"=dword:00000000
    "GKLeftFootCoef"=dword:00000000
    "GKRightFootCoef"=dword:00000000
    "GKAggressionCoef"=dword:0000000a
    "GKAnticipationCoef"=dword:00000005
    "GKBraveryCoef"=dword:00000014
    "GKComposureCoef"=dword:00000014
    "GKConcentrationCoef"=dword:0000000a
    "GKConsistencyCoef"=dword:0000000a
    "GKCreativityCoef"=dword:00000000
    "GKDecisionsCoef"=dword:00000014
    "GKDeterminationCoef"=dword:0000000a
    "GKDirtinessCoef"=dword:fffffffb
    "GKFlairCoef"=dword:00000000
    "GKImportantMatchesCoef"=dword:0000000a
    "GKInfluenceCoef"=dword:0000000a
    "GKOffTheBallCoef"=dword:00000000
    "GKPositioningCoef"=dword:00000050
    "GKTeamworkCoef"=dword:00000005
    "GKWorkRateCoef"=dword:00000000
    "GKAccelerationCoef"=dword:00000005
    "GKAgilityCoef"=dword:0000000a
    "GKBalanceCoef"=dword:0000000a
    "GKInjuryPronenessCoef"=dword:fffffffb
    "GKJumpingCoef"=dword:00000050
    "GKNaturalFitnessCoef"=dword:00000005
    "GKPaceCoef"=dword:00000000
    "GKStaminaCoef"=dword:00000000
    "GKStrengthCoef"=dword:0000000a
    "GKVersatilityCoef"=dword:00000000
    "GKAerialAbilityCoef"=dword:00000032
    "GKCommandOfAreaCoef"=dword:00000014
    "GKCommunicationCoef"=dword:00000032
    "GKEccentricityCoef"=dword:ffffffec
    "GKHandlingCoef"=dword:00000064
    "GKKickingCoef"=dword:0000000a
    "GKOneOnOnesCoef"=dword:00000032
    "GKReflexesCoef"=dword:00000064
    "GKRushingOutCoef"=dword:00000014
    "GKTendencyToPunchCoef"=dword:fffffff6
    "GKThrowingCoef"=dword:0000000a
    "GKAdaptabilityCoef"=dword:00000005
    "GKAmbitionCoef"=dword:0000000a
    "GKControversyCoef"=dword:fffffffb
    "GKLoyalityCoef"=dword:00000005
    "GKPressureCoef"=dword:00000005
    "GKProfessionalismCoef"=dword:00000005
    "GKSportsmanshipCoef"=dword:00000005
    "GKTemperamentCoef"=dword:00000005
    "SWWeightCoef"=dword:00000066
    "SWCurrentAbilityCoef"=dword:00000000
    "SWCornersCoef"=dword:00000000
    "SWCrossingCoef"=dword:00000000
    "SWDribblingCoef"=dword:00000000
    "SWFinishingCoef"=dword:00000000
    "SWFirstTouchCoef"=dword:00000014
    "SWFreeKicksCoef"=dword:0000000a
    "SWHeadingCoef"=dword:00000064
    "SWLongShotsCoef"=dword:0000000a
    "SWLongThrowsCoef"=dword:00000000
    "SWMarkingCoef"=dword:00000064
    "SWPassingCoef"=dword:0000000a
    "SWPenaltiesCoef"=dword:00000005
    "SWTacklingCoef"=dword:00000064
    "SWTechniqueCoef"=dword:0000000a
    "SWLeftFootCoef"=dword:00000005
    "SWRightFootCoef"=dword:00000005
    "SWAggressionCoef"=dword:00000014
    "SWAnticipationCoef"=dword:00000014
    "SWBraveryCoef"=dword:00000028
    "SWComposureCoef"=dword:00000028
    "SWConcentrationCoef"=dword:0000003c
    "SWConsistencyCoef"=dword:0000000a
    "SWCreativityCoef"=dword:0000000a
    "SWDecisionsCoef"=dword:00000014
    "SWDeterminationCoef"=dword:0000000a
    "SWDirtinessCoef"=dword:ffffffe7
    "SWFlairCoef"=dword:00000000
    "SWImportantMatchesCoef"=dword:0000000a
    "SWInfluenceCoef"=dword:0000000a
    "SWOffTheBallCoef"=dword:0000000a
    "SWPositioningCoef"=dword:00000064
    "SWTeamworkCoef"=dword:00000028
    "SWWorkRateCoef"=dword:00000014
    "SWAccelerationCoef"=dword:0000001e
    "SWAgilityCoef"=dword:0000000a
    "SWBalanceCoef"=dword:00000014
    "SWInjuryPronenessCoef"=dword:fffffffb
    "SWJumpingCoef"=dword:00000064
    "SWNaturalFitnessCoef"=dword:00000005
    "SWPaceCoef"=dword:00000014
    "SWStaminaCoef"=dword:0000000a
    "SWStrengthCoef"=dword:00000050
    "SWVersatilityCoef"=dword:00000005
    "SWAerialAbilityCoef"=dword:00000000
    "SWCommandOfAreaCoef"=dword:00000000
    "SWCommunicationCoef"=dword:00000000
    "SWEccentricityCoef"=dword:00000000
    "SWHandlingCoef"=dword:00000000
    "SWKickingCoef"=dword:00000000
    "SWOneOnOnesCoef"=dword:00000005
    "SWReflexesCoef"=dword:00000005
    "SWRushingOutCoef"=dword:00000000
    "SWTendencyToPunchCoef"=dword:00000000
    "SWThrowingCoef"=dword:00000000
    "SWAdaptabilityCoef"=dword:00000005
    "SWAmbitionCoef"=dword:0000000a
    "SWControversyCoef"=dword:fffffffb
    "SWLoyalityCoef"=dword:00000005
    "SWPressureCoef"=dword:00000005
    "SWProfessionalismCoef"=dword:00000005
    "SWSportsmanshipCoef"=dword:00000005
    "SWTemperamentCoef"=dword:00000005
    "CBWeightCoef"=dword:00000064
    "CBCurrentAbilityCoef"=dword:00000000
    "CBCornersCoef"=dword:00000000
    "CBCrossingCoef"=dword:00000000
    "CBDribblingCoef"=dword:00000000
    "CBFinishingCoef"=dword:00000000
    "CBFirstTouchCoef"=dword:00000014
    "CBFreeKicksCoef"=dword:0000000a
    "CBHeadingCoef"=dword:00000064
    "CBLongShotsCoef"=dword:0000000a
    "CBLongThrowsCoef"=dword:00000000
    "CBMarkingCoef"=dword:00000050
    "CBPassingCoef"=dword:00000014
    "CBPenaltiesCoef"=dword:00000005
    "CBTacklingCoef"=dword:00000064
    "CBTechniqueCoef"=dword:0000000a
    "CBLeftFootCoef"=dword:00000005
    "CBRightFootCoef"=dword:00000005
    "CBAggressionCoef"=dword:00000014
    "CBAnticipationCoef"=dword:00000014
    "CBBraveryCoef"=dword:00000028
    "CBComposureCoef"=dword:00000014
    "CBConcentrationCoef"=dword:00000028
    "CBConsistencyCoef"=dword:0000000a
    "CBCreativityCoef"=dword:0000000a
    "CBDecisionsCoef"=dword:00000014
    "CBDeterminationCoef"=dword:0000000a
    "CBDirtinessCoef"=dword:ffffffec
    "CBFlairCoef"=dword:00000000
    "CBImportantMatchesCoef"=dword:0000000a
    "CBInfluenceCoef"=dword:0000000a
    "CBOffTheBallCoef"=dword:0000000a
    "CBPositioningCoef"=dword:00000050
    "CBTeamworkCoef"=dword:00000028
    "CBWorkRateCoef"=dword:00000014
    "CBAccelerationCoef"=dword:00000028
    "CBAgilityCoef"=dword:0000000a
    "CBBalanceCoef"=dword:00000014
    "CBInjuryPronenessCoef"=dword:fffffffb
    "CBJumpingCoef"=dword:00000064
    "CBNaturalFitnessCoef"=dword:00000005
    "CBPaceCoef"=dword:0000001e
    "CBStaminaCoef"=dword:0000000a
    "CBStrengthCoef"=dword:0000003c
    "CBVersatilityCoef"=dword:00000005
    "CBAerialAbilityCoef"=dword:00000000
    "CBCommandOfAreaCoef"=dword:00000000
    "CBCommunicationCoef"=dword:00000000
    "CBEccentricityCoef"=dword:00000000
    "CBHandlingCoef"=dword:00000000
    "CBKickingCoef"=dword:00000000
    "CBOneOnOnesCoef"=dword:00000005
    "CBReflexesCoef"=dword:00000005
    "CBRushingOutCoef"=dword:00000000
    "CBTendencyToPunchCoef"=dword:00000000
    "CBThrowingCoef"=dword:00000000
    "CBAdaptabilityCoef"=dword:00000005
    "CBAmbitionCoef"=dword:0000000a
    "CBControversyCoef"=dword:fffffffb
    "CBLoyalityCoef"=dword:00000005
    "CBPressureCoef"=dword:00000005
    "CBProfessionalismCoef"=dword:00000005
    "CBSportsmanshipCoef"=dword:00000005
    "CBTemperamentCoef"=dword:00000005
    "FBWeightCoef"=dword:00000069
    "FBCurrentAbilityCoef"=dword:00000000
    "FBCornersCoef"=dword:0000000a
    "FBCrossingCoef"=dword:0000001e
    "FBDribblingCoef"=dword:00000014
    "FBFinishingCoef"=dword:00000000
    "FBFirstTouchCoef"=dword:00000014
    "FBFreeKicksCoef"=dword:0000000a
    "FBHeadingCoef"=dword:0000003c
    "FBLongShotsCoef"=dword:0000000a
    "FBLongThrowsCoef"=dword:0000000a
    "FBMarkingCoef"=dword:0000003c
    "FBPassingCoef"=dword:0000001e
    "FBPenaltiesCoef"=dword:00000005
    "FBTacklingCoef"=dword:00000064
    "FBTechniqueCoef"=dword:00000014
    "FBLeftFootCoef"=dword:00000005
    "FBRightFootCoef"=dword:00000005
    "FBAggressionCoef"=dword:0000000f
    "FBAnticipationCoef"=dword:00000050
    "FBBraveryCoef"=dword:00000014
    "FBComposureCoef"=dword:0000000a
    "FBConcentrationCoef"=dword:0000001e
    "FBConsistencyCoef"=dword:0000000a
    "FBCreativityCoef"=dword:0000000a
    "FBDecisionsCoef"=dword:00000014
    "FBDeterminationCoef"=dword:0000000a
    "FBDirtinessCoef"=dword:fffffff6
    "FBFlairCoef"=dword:00000005
    "FBImportantMatchesCoef"=dword:0000000a
    "FBInfluenceCoef"=dword:0000000a
    "FBOffTheBallCoef"=dword:00000014
    "FBPositioningCoef"=dword:00000064
    "FBTeamworkCoef"=dword:00000014
    "FBWorkRateCoef"=dword:00000014
    "FBAccelerationCoef"=dword:0000003c
    "FBAgilityCoef"=dword:0000000a
    "FBBalanceCoef"=dword:00000014
    "FBInjuryPronenessCoef"=dword:fffffffb
    "FBJumpingCoef"=dword:0000003c
    "FBNaturalFitnessCoef"=dword:00000005
    "FBPaceCoef"=dword:00000050
    "FBStaminaCoef"=dword:0000003c
    "FBStrengthCoef"=dword:00000028
    "FBVersatilityCoef"=dword:00000005
    "FBAerialAbilityCoef"=dword:00000000
    "FBCommandOfAreaCoef"=dword:00000000
    "FBCommunicationCoef"=dword:00000000
    "FBEccentricityCoef"=dword:00000000
    "FBHandlingCoef"=dword:00000000
    "FBKickingCoef"=dword:00000000
    "FBOneOnOnesCoef"=dword:00000005
    "FBReflexesCoef"=dword:00000005
    "FBRushingOutCoef"=dword:00000000
    "FBTendencyToPunchCoef"=dword:00000000
    "FBThrowingCoef"=dword:00000000
    "FBAdaptabilityCoef"=dword:00000005
    "FBAmbitionCoef"=dword:0000000a
    "FBControversyCoef"=dword:fffffffb
    "FBLoyalityCoef"=dword:00000005
    "FBPressureCoef"=dword:00000005
    "FBProfessionalismCoef"=dword:00000005
    "FBSportsmanshipCoef"=dword:00000005
    "FBTemperamentCoef"=dword:00000005
    "WBWeightCoef"=dword:0000006c
    "WBCurrentAbilityCoef"=dword:00000000
    "WBCornersCoef"=dword:0000000a
    "WBCrossingCoef"=dword:0000003c
    "WBDribblingCoef"=dword:00000028
    "WBFinishingCoef"=dword:0000000a
    "WBFirstTouchCoef"=dword:00000014
    "WBFreeKicksCoef"=dword:0000000a
    "WBHeadingCoef"=dword:00000028
    "WBLongShotsCoef"=dword:00000014
    "WBLongThrowsCoef"=dword:0000000a
    "WBMarkingCoef"=dword:0000003c
    "WBPassingCoef"=dword:00000028
    "WBPenaltiesCoef"=dword:00000005
    "WBTacklingCoef"=dword:00000064
    "WBTechniqueCoef"=dword:00000028
    "WBLeftFootCoef"=dword:00000005
    "WBRightFootCoef"=dword:00000005
    "WBAggressionCoef"=dword:0000000a
    "WBAnticipationCoef"=dword:00000050
    "WBBraveryCoef"=dword:0000000a
    "WBComposureCoef"=dword:0000000a
    "WBConcentrationCoef"=dword:00000014
    "WBConsistencyCoef"=dword:0000000a
    "WBCreativityCoef"=dword:00000014
    "WBDecisionsCoef"=dword:00000014
    "WBDeterminationCoef"=dword:0000000a
    "WBDirtinessCoef"=dword:fffffff6
    "WBFlairCoef"=dword:0000000a
    "WBImportantMatchesCoef"=dword:0000000a
    "WBInfluenceCoef"=dword:0000000a
    "WBOffTheBallCoef"=dword:00000014
    "WBPositioningCoef"=dword:00000064
    "WBTeamworkCoef"=dword:00000014
    "WBWorkRateCoef"=dword:00000028
    "WBAccelerationCoef"=dword:00000050
    "WBAgilityCoef"=dword:0000000a
    "WBBalanceCoef"=dword:00000014
    "WBInjuryPronenessCoef"=dword:fffffffb
    "WBJumpingCoef"=dword:00000014
    "WBNaturalFitnessCoef"=dword:00000005
    "WBPaceCoef"=dword:00000064
    "WBStaminaCoef"=dword:00000050
    "WBStrengthCoef"=dword:00000028
    "WBVersatilityCoef"=dword:00000005
    "WBAerialAbilityCoef"=dword:00000000
    "WBCommandOfAreaCoef"=dword:00000000
    "WBCommunicationCoef"=dword:00000000
    "WBEccentricityCoef"=dword:00000000
    "WBHandlingCoef"=dword:00000000
    "WBKickingCoef"=dword:00000000
    "WBOneOnOnesCoef"=dword:00000005
    "WBReflexesCoef"=dword:00000005
    "WBRushingOutCoef"=dword:00000000
    "WBTendencyToPunchCoef"=dword:00000000
    "WBThrowingCoef"=dword:00000000
    "WBAdaptabilityCoef"=dword:00000005
    "WBAmbitionCoef"=dword:0000000a
    "WBControversyCoef"=dword:fffffffb
    "WBLoyalityCoef"=dword:00000005
    "WBPressureCoef"=dword:00000005
    "WBProfessionalismCoef"=dword:00000005
    "WBSportsmanshipCoef"=dword:00000005
    "WBTemperamentCoef"=dword:00000005
    "DMWeightCoef"=dword:00000067
    "DMCurrentAbilityCoef"=dword:00000000
    "DMCornersCoef"=dword:0000000a
    "DMCrossingCoef"=dword:0000001e
    "DMDribblingCoef"=dword:00000014
    "DMFinishingCoef"=dword:0000000a
    "DMFirstTouchCoef"=dword:0000001e
    "DMFreeKicksCoef"=dword:0000000a
    "DMHeadingCoef"=dword:00000028
    "DMLongShotsCoef"=dword:00000014
    "DMLongThrowsCoef"=dword:00000005
    "DMMarkingCoef"=dword:0000003c
    "DMPassingCoef"=dword:00000028
    "DMPenaltiesCoef"=dword:00000005
    "DMTacklingCoef"=dword:00000064
    "DMTechniqueCoef"=dword:0000001e
    "DMLeftFootCoef"=dword:00000005
    "DMRightFootCoef"=dword:00000005
    "DMAggressionCoef"=dword:00000028
    "DMAnticipationCoef"=dword:00000028
    "DMBraveryCoef"=dword:00000014
    "DMComposureCoef"=dword:0000000a
    "DMConcentrationCoef"=dword:00000014
    "DMConsistencyCoef"=dword:0000000a
    "DMCreativityCoef"=dword:00000014
    "DMDecisionsCoef"=dword:00000014
    "DMDeterminationCoef"=dword:0000000a
    "DMDirtinessCoef"=dword:fffffff6
    "DMFlairCoef"=dword:0000000a
    "DMImportantMatchesCoef"=dword:0000000a
    "DMInfluenceCoef"=dword:0000000a
    "DMOffTheBallCoef"=dword:0000001e
    "DMPositioningCoef"=dword:00000050
    "DMTeamworkCoef"=dword:00000028
    "DMWorkRateCoef"=dword:00000050
    "DMAccelerationCoef"=dword:00000028
    "DMAgilityCoef"=dword:0000000a
    "DMBalanceCoef"=dword:0000000a
    "DMInjuryPronenessCoef"=dword:fffffffb
    "DMJumpingCoef"=dword:00000028
    "DMNaturalFitnessCoef"=dword:00000005
    "DMPaceCoef"=dword:00000028
    "DMStaminaCoef"=dword:0000003c
    "DMStrengthCoef"=dword:00000028
    "DMVersatilityCoef"=dword:00000005
    "DMAerialAbilityCoef"=dword:00000000
    "DMCommandOfAreaCoef"=dword:00000000
    "DMCommunicationCoef"=dword:00000000
    "DMEccentricityCoef"=dword:00000000
    "DMHandlingCoef"=dword:00000000
    "DMKickingCoef"=dword:00000000
    "DMOneOnOnesCoef"=dword:00000005
    "DMReflexesCoef"=dword:00000005
    "DMRushingOutCoef"=dword:00000000
    "DMTendencyToPunchCoef"=dword:00000000
    "DMThrowingCoef"=dword:00000000
    "DMAdaptabilityCoef"=dword:00000005
    "DMAmbitionCoef"=dword:0000000a
    "DMControversyCoef"=dword:fffffffb
    "DMLoyalityCoef"=dword:00000005
    "DMPressureCoef"=dword:00000005
    "DMProfessionalismCoef"=dword:00000005
    "DMSportsmanshipCoef"=dword:00000005
    "DMTemperamentCoef"=dword:00000005
    "MWeightCoef"=dword:00000068
    "MCurrentAbilityCoef"=dword:00000000
    "MCornersCoef"=dword:0000000a
    "MCrossingCoef"=dword:00000028
    "MDribblingCoef"=dword:00000032
    "MFinishingCoef"=dword:00000014
    "MFirstTouchCoef"=dword:0000001e
    "MFreeKicksCoef"=dword:0000000a
    "MHeadingCoef"=dword:0000001e
    "MLongShotsCoef"=dword:00000014
    "MLongThrowsCoef"=dword:00000005
    "MMarkingCoef"=dword:00000028
    "MPassingCoef"=dword:00000046
    "MPenaltiesCoef"=dword:00000005
    "MTacklingCoef"=dword:0000003c
    "MTechniqueCoef"=dword:00000032
    "MLeftFootCoef"=dword:00000005
    "MRightFootCoef"=dword:00000005
    "MAggressionCoef"=dword:0000001e
    "MAnticipationCoef"=dword:00000028
    "MBraveryCoef"=dword:0000000a
    "MComposureCoef"=dword:0000000a
    "MConcentrationCoef"=dword:0000000a
    "MConsistencyCoef"=dword:0000000a
    "MCreativityCoef"=dword:0000003c
    "MDecisionsCoef"=dword:0000001e
    "MDeterminationCoef"=dword:0000000a
    "MDirtinessCoef"=dword:fffffffb
    "MFlairCoef"=dword:0000000a
    "MImportantMatchesCoef"=dword:0000000a
    "MInfluenceCoef"=dword:0000000a
    "MOffTheBallCoef"=dword:00000028
    "MPositioningCoef"=dword:00000028
    "MTeamworkCoef"=dword:00000032
    "MWorkRateCoef"=dword:00000032
    "MAccelerationCoef"=dword:00000032
    "MAgilityCoef"=dword:0000000a
    "MBalanceCoef"=dword:0000000a
    "MInjuryPronenessCoef"=dword:fffffffb
    "MJumpingCoef"=dword:00000028
    "MNaturalFitnessCoef"=dword:00000005
    "MPaceCoef"=dword:00000028
    "MStaminaCoef"=dword:0000003c
    "MStrengthCoef"=dword:0000001e
    "MVersatilityCoef"=dword:00000005
    "MAerialAbilityCoef"=dword:00000000
    "MCommandOfAreaCoef"=dword:00000000
    "MCommunicationCoef"=dword:00000000
    "MEccentricityCoef"=dword:00000000
    "MHandlingCoef"=dword:00000000
    "MKickingCoef"=dword:00000000
    "MOneOnOnesCoef"=dword:00000005
    "MReflexesCoef"=dword:00000005
    "MRushingOutCoef"=dword:00000000
    "MTendencyToPunchCoef"=dword:00000000
    "MThrowingCoef"=dword:00000000
    "MAdaptabilityCoef"=dword:00000005
    "MAmbitionCoef"=dword:0000000a
    "MControversyCoef"=dword:fffffffb
    "MLoyalityCoef"=dword:00000005
    "MPressureCoef"=dword:00000005
    "MProfessionalismCoef"=dword:00000005
    "MSportsmanshipCoef"=dword:00000005
    "MTemperamentCoef"=dword:00000005
    "AMWeightCoef"=dword:00000068
    "AMCurrentAbilityCoef"=dword:00000000
    "AMCornersCoef"=dword:0000000a
    "AMCrossingCoef"=dword:0000003c
    "AMDribblingCoef"=dword:00000050
    "AMFinishingCoef"=dword:00000028
    "AMFirstTouchCoef"=dword:0000001e
    "AMFreeKicksCoef"=dword:0000000a
    "AMHeadingCoef"=dword:00000014
    "AMLongShotsCoef"=dword:00000014
    "AMLongThrowsCoef"=dword:00000005
    "AMMarkingCoef"=dword:0000000a
    "AMPassingCoef"=dword:00000064
    "AMPenaltiesCoef"=dword:00000005
    "AMTacklingCoef"=dword:0000000a
    "AMTechniqueCoef"=dword:00000050
    "AMLeftFootCoef"=dword:00000005
    "AMRightFootCoef"=dword:00000005
    "AMAggressionCoef"=dword:0000000a
    "AMAnticipationCoef"=dword:0000001e
    "AMBraveryCoef"=dword:0000000a
    "AMComposureCoef"=dword:0000000a
    "AMConcentrationCoef"=dword:0000000a
    "AMConsistencyCoef"=dword:0000000a
    "AMCreativityCoef"=dword:00000064
    "AMDecisionsCoef"=dword:00000028
    "AMDeterminationCoef"=dword:0000000a
    "AMDirtinessCoef"=dword:fffffffb
    "AMFlairCoef"=dword:00000014
    "AMImportantMatchesCoef"=dword:0000000a
    "AMInfluenceCoef"=dword:0000000a
    "AMOffTheBallCoef"=dword:0000003c
    "AMPositioningCoef"=dword:00000014
    "AMTeamworkCoef"=dword:0000003c
    "AMWorkRateCoef"=dword:00000014
    "AMAccelerationCoef"=dword:0000003c
    "AMAgilityCoef"=dword:0000000a
    "AMBalanceCoef"=dword:0000000a
    "AMInjuryPronenessCoef"=dword:fffffffb
    "AMJumpingCoef"=dword:00000014
    "AMNaturalFitnessCoef"=dword:00000005
    "AMPaceCoef"=dword:0000003c
    "AMStaminaCoef"=dword:0000003c
    "AMStrengthCoef"=dword:00000014
    "AMVersatilityCoef"=dword:00000005
    "AMAerialAbilityCoef"=dword:00000000
    "AMCommandOfAreaCoef"=dword:00000000
    "AMCommunicationCoef"=dword:00000000
    "AMEccentricityCoef"=dword:00000000
    "AMHandlingCoef"=dword:00000000
    "AMKickingCoef"=dword:00000000
    "AMOneOnOnesCoef"=dword:00000005
    "AMReflexesCoef"=dword:00000005
    "AMRushingOutCoef"=dword:00000000
    "AMTendencyToPunchCoef"=dword:00000000
    "AMThrowingCoef"=dword:00000000
    "AMAdaptabilityCoef"=dword:00000005
    "AMAmbitionCoef"=dword:0000000a
    "AMControversyCoef"=dword:fffffffb
    "AMLoyalityCoef"=dword:00000005
    "AMPressureCoef"=dword:00000005
    "AMProfessionalismCoef"=dword:00000005
    "AMSportsmanshipCoef"=dword:00000005
    "AMTemperamentCoef"=dword:00000005
    "WWeightCoef"=dword:00000069
    "WCurrentAbilityCoef"=dword:00000000
    "WCornersCoef"=dword:0000000a
    "WCrossingCoef"=dword:00000064
    "WDribblingCoef"=dword:00000064
    "WFinishingCoef"=dword:0000003c
    "WFirstTouchCoef"=dword:0000001e
    "WFreeKicksCoef"=dword:0000000a
    "WHeadingCoef"=dword:00000014
    "WLongShotsCoef"=dword:00000014
    "WLongThrowsCoef"=dword:00000005
    "WMarkingCoef"=dword:0000000a
    "WPassingCoef"=dword:0000003c
    "WPenaltiesCoef"=dword:00000005
    "WTacklingCoef"=dword:0000000a
    "WTechniqueCoef"=dword:00000050
    "WLeftFootCoef"=dword:00000005
    "WRightFootCoef"=dword:00000005
    "WAggressionCoef"=dword:0000000a
    "WAnticipationCoef"=dword:00000014
    "WBraveryCoef"=dword:0000000a
    "WComposureCoef"=dword:0000000a
    "WConcentrationCoef"=dword:0000000a
    "WConsistencyCoef"=dword:0000000a
    "WCreativityCoef"=dword:0000003c
    "WDecisionsCoef"=dword:00000014
    "WDeterminationCoef"=dword:0000000a
    "WDirtinessCoef"=dword:fffffffb
    "WFlairCoef"=dword:0000000a
    "WImportantMatchesCoef"=dword:00000014
    "WInfluenceCoef"=dword:0000000a
    "WOffTheBallCoef"=dword:0000003c
    "WPositioningCoef"=dword:00000014
    "WTeamworkCoef"=dword:0000001e
    "WWorkRateCoef"=dword:0000001e
    "WAccelerationCoef"=dword:00000050
    "WAgilityCoef"=dword:00000014
    "WBalanceCoef"=dword:0000000a
    "WInjuryPronenessCoef"=dword:fffffffb
    "WJumpingCoef"=dword:00000014
    "WNaturalFitnessCoef"=dword:00000005
    "WPaceCoef"=dword:00000064
    "WStaminaCoef"=dword:0000003c
    "WStrengthCoef"=dword:00000014
    "WVersatilityCoef"=dword:00000005
    "WAerialAbilityCoef"=dword:00000000
    "WCommandOfAreaCoef"=dword:00000000
    "WCommunicationCoef"=dword:00000000
    "WEccentricityCoef"=dword:00000000
    "WHandlingCoef"=dword:00000000
    "WKickingCoef"=dword:00000000
    "WOneOnOnesCoef"=dword:00000005
    "WReflexesCoef"=dword:00000005
    "WRushingOutCoef"=dword:00000000
    "WTendencyToPunchCoef"=dword:00000000
    "WThrowingCoef"=dword:00000000
    "WAdaptabilityCoef"=dword:00000005
    "WAmbitionCoef"=dword:0000000a
    "WControversyCoef"=dword:fffffffb
    "WLoyalityCoef"=dword:00000005
    "WPressureCoef"=dword:00000005
    "WProfessionalismCoef"=dword:00000005
    "WSportsmanshipCoef"=dword:00000005
    "WTemperamentCoef"=dword:00000005
    "FSTWeightCoef"=dword:00000067
    "FSTCurrentAbilityCoef"=dword:00000000
    "FSTCornersCoef"=dword:0000000a
    "FSTCrossingCoef"=dword:0000000a
    "FSTDribblingCoef"=dword:00000050
    "FSTFinishingCoef"=dword:00000064
    "FSTFirstTouchCoef"=dword:00000028
    "FSTFreeKicksCoef"=dword:0000000a
    "FSTHeadingCoef"=dword:00000028
    "FSTLongShotsCoef"=dword:00000014
    "FSTLongThrowsCoef"=dword:00000000
    "FSTMarkingCoef"=dword:00000000
    "FSTPassingCoef"=dword:00000028
    "FSTPenaltiesCoef"=dword:00000005
    "FSTTacklingCoef"=dword:00000000
    "FSTTechniqueCoef"=dword:00000050
    "FSTLeftFootCoef"=dword:00000005
    "FSTRightFootCoef"=dword:00000005
    "FSTAggressionCoef"=dword:0000000a
    "FSTAnticipationCoef"=dword:0000000a
    "FSTBraveryCoef"=dword:0000000a
    "FSTComposureCoef"=dword:0000000a
    "FSTConcentrationCoef"=dword:0000000a
    "FSTConsistencyCoef"=dword:0000000a
    "FSTCreativityCoef"=dword:00000028
    "FSTDecisionsCoef"=dword:0000000a
    "FSTDeterminationCoef"=dword:0000000a
    "FSTDirtinessCoef"=dword:fffffffb
    "FSTFlairCoef"=dword:0000000a
    "FSTImportantMatchesCoef"=dword:0000000a
    "FSTInfluenceCoef"=dword:0000000a
    "FSTOffTheBallCoef"=dword:00000050
    "FSTPositioningCoef"=dword:0000000a
    "FSTTeamworkCoef"=dword:0000000a
    "FSTWorkRateCoef"=dword:0000000a
    "FSTAccelerationCoef"=dword:00000064
    "FSTAgilityCoef"=dword:00000028
    "FSTBalanceCoef"=dword:0000000a
    "FSTInjuryPronenessCoef"=dword:fffffffb
    "FSTJumpingCoef"=dword:00000014
    "FSTNaturalFitnessCoef"=dword:00000005
    "FSTPaceCoef"=dword:00000064
    "FSTStaminaCoef"=dword:00000028
    "FSTStrengthCoef"=dword:00000014
    "FSTVersatilityCoef"=dword:00000005
    "FSTAerialAbilityCoef"=dword:00000000
    "FSTCommandOfAreaCoef"=dword:00000000
    "FSTCommunicationCoef"=dword:00000000
    "FSTEccentricityCoef"=dword:00000000
    "FSTHandlingCoef"=dword:00000000
    "FSTKickingCoef"=dword:00000000
    "FSTOneOnOnesCoef"=dword:00000005
    "FSTReflexesCoef"=dword:00000005
    "FSTRushingOutCoef"=dword:00000000
    "FSTTendencyToPunchCoef"=dword:00000000
    "FSTThrowingCoef"=dword:00000000
    "FSTAdaptabilityCoef"=dword:00000005
    "FSTAmbitionCoef"=dword:0000000a
    "FSTControversyCoef"=dword:fffffffb
    "FSTLoyalityCoef"=dword:00000005
    "FSTPressureCoef"=dword:00000005
    "FSTProfessionalismCoef"=dword:00000005
    "FSTSportsmanshipCoef"=dword:00000005
    "FSTTemperamentCoef"=dword:00000005
    "TSTWeightCoef"=dword:00000067
    "TSTCurrentAbilityCoef"=dword:00000000
    "TSTCornersCoef"=dword:00000000
    "TSTCrossingCoef"=dword:0000000a
    "TSTDribblingCoef"=dword:0000003c
    "TSTFinishingCoef"=dword:00000050
    "TSTFirstTouchCoef"=dword:0000001e
    "TSTFreeKicksCoef"=dword:0000000a
    "TSTHeadingCoef"=dword:00000064
    "TSTLongShotsCoef"=dword:00000014
    "TSTLongThrowsCoef"=dword:00000000
    "TSTMarkingCoef"=dword:00000000
    "TSTPassingCoef"=dword:00000028
    "TSTPenaltiesCoef"=dword:00000005
    "TSTTacklingCoef"=dword:00000000
    "TSTTechniqueCoef"=dword:00000028
    "TSTLeftFootCoef"=dword:00000005
    "TSTRightFootCoef"=dword:00000005
    "TSTAggressionCoef"=dword:00000014
    "TSTAnticipationCoef"=dword:0000000a
    "TSTBraveryCoef"=dword:00000014
    "TSTComposureCoef"=dword:0000000a
    "TSTConcentrationCoef"=dword:0000000a
    "TSTConsistencyCoef"=dword:0000000a
    "TSTCreativityCoef"=dword:00000014
    "TSTDecisionsCoef"=dword:0000000a
    "TSTDeterminationCoef"=dword:0000000a
    "TSTDirtinessCoef"=dword:fffffffb
    "TSTFlairCoef"=dword:0000000a
    "TSTImportantMatchesCoef"=dword:0000000a
    "TSTInfluenceCoef"=dword:0000000a
    "TSTOffTheBallCoef"=dword:00000050
    "TSTPositioningCoef"=dword:00000014
    "TSTTeamworkCoef"=dword:0000000a
    "TSTWorkRateCoef"=dword:0000000a
    "TSTAccelerationCoef"=dword:00000028
    "TSTAgilityCoef"=dword:00000014
    "TSTBalanceCoef"=dword:00000014
    "TSTInjuryPronenessCoef"=dword:fffffffb
    "TSTJumpingCoef"=dword:00000064
    "TSTNaturalFitnessCoef"=dword:00000005
    "TSTPaceCoef"=dword:00000028
    "TSTStaminaCoef"=dword:00000014
    "TSTStrengthCoef"=dword:00000050
    "TSTVersatilityCoef"=dword:00000005
    "TSTAerialAbilityCoef"=dword:00000000
    "TSTCommandOfAreaCoef"=dword:00000000
    "TSTCommunicationCoef"=dword:00000000
    "TSTEccentricityCoef"=dword:00000000
    "TSTHandlingCoef"=dword:00000000
    "TSTKickingCoef"=dword:00000000
    "TSTOneOnOnesCoef"=dword:00000005
    "TSTReflexesCoef"=dword:00000005
    "TSTRushingOutCoef"=dword:00000000
    "TSTTendencyToPunchCoef"=dword:00000000
    "TSTThrowingCoef"=dword:00000000
    "TSTAdaptabilityCoef"=dword:00000005
    "TSTAmbitionCoef"=dword:0000000a
    "TSTControversyCoef"=dword:fffffffb
    "TSTLoyalityCoef"=dword:00000005
    "TSTPressureCoef"=dword:00000005
    "TSTProfessionalismCoef"=dword:00000005
    "TSTSportsmanshipCoef"=dword:00000005
    "TSTTemperamentCoef"=dword:00000005
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(692)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2984)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-04-26 23:10:43
    ComboFix-quarantined-files.txt 2010-04-26 22:10

    Pre-Run: 16,053,506,048 bytes free
    Post-Run: 16,019,210,240 bytes free

    - - End Of File - - C9D008891D4A08DEB3FF77D6A236E02E
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    is firefox still crashimng

    please run gmer again & post its new log
     
  14. notadolphin

    notadolphin Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    10
    Hi. Yes, still have all the same problems. Sorry for the delay in getting back to you. Had to replace my CMOS battery and I couldn't get around to it immediately. I've re-run GMER and the log is as follows:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-02 02:46:20
    Windows 5.1.2600 Service Pack 2
    Running: frenchtoastytoast.exe; Driver: C:\DOCUME~1\notadolphin\LOCALS~1\Temp\pwtiipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF756787E]
    SSDT sptd.sys ZwEnumerateKey [0xF7384E2C]
    SSDT sptd.sys ZwEnumerateValueKey [0xF73851BA]
    SSDT sptd.sys ZwOpenKey [0xF737F0B0]
    SSDT sptd.sys ZwQueryKey [0xF7385292]
    SSDT sptd.sys ZwQueryValueKey [0xF7385112]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7567BFE]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 2 Bytes [7E, 78] {JLE 0x7a}
    .text ntoskrnl.exe!_abnormal_termination + F6 804E2DC7 1 Byte [F7]
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xF6BDC000, 0x18FFBC, 0xE8000020]
    .text USBPORT.SYS!DllUnload F6B6162C 5 Bytes JMP 8694E1C8
    ? System32\Drivers\avkfod70.SYS The system cannot find the path specified. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7395886] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7395832] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73B7892] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7395886] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F737FAD4] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F737FC1A] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F737FB9C] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7380748] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F738061E] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7394ACA] sptd.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86B4B1E8

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbohci \Device\USBPDO-0 869FB1E8
    Device \Driver\usbohci \Device\USBPDO-1 869FB1E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E2E84747-AF32-455C-959F-92F1715D36F1} 8690A778

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{95002D4A-CD62-48AE-A780-CC52F803A0A3} 8690A778
    Device \Driver\Ftdisk \Device\HarddiskVolume1 86B671E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 86B671E8
    Device \Driver\Cdrom \Device\CdRom0 869947A0
    Device \Driver\Cdrom \Device\CdRom1 869947A0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 86B661E8
    Device \Driver\atapi \Device\Ide\IdePort0 86B661E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86B661E8
    Device \Driver\atapi \Device\Ide\IdePort1 86B661E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86B661E8
    Device \Driver\PCI_NTPNP8912 \Device\00000075 sptd.sys
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8690A778
    Device \Driver\NetBT \Device\NetbiosSmb 8690A778

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

    Device \Driver\usbohci \Device\USBFDO-0 869FB1E8
    Device \Driver\usbohci \Device\USBFDO-1 869FB1E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8691E7A0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8691E7A0
    Device \Driver\Ftdisk \Device\FtControl 86B671E8
    Device \Driver\avkfod70 \Device\Scsi\avkfod701Port2Path0Target0Lun0 868C47A0
    Device \Driver\avkfod70 \Device\Scsi\avkfod701 868C47A0
    Device \FileSystem\Cdfs \Cdfs 869DE7A0

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xC6 0x64 0x9E 0x4F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x5A 0x1F 0x92 0x41 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4C 0xF0 0xF6 0x35 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xC6 0x64 0x9E 0x4F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x5A 0x1F 0x92 0x41 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4C 0xF0 0xF6 0x35 ...

    ---- EOF - GMER 1.0.15 ----
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    I can't see any obvious malware there

    uninstall all your fitrefox plugins/addons as I suspect i6t is one of them casuing the problem, probably the facebook ones
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917456

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice