Many strange things

griggs79 · June 1, 2012

Merged 3 post

Many strange things are happening,

Software which I used to use all the time now crashes on start up due to lack of memory

If some would be kind enough to look at my log I would be truly grateful

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:18:33, on 01/06/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Hp\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Sam\AppData\Local\Citrix\ICA Client\wfcrun32.exe

C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thewheelsucker.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://sslvpn.ltmus...co.uk/XTSAC.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab

O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Forefront UAG endpoint components) - https://webmail.tfl..../WhlCompMgr.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Sam\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Sam\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 13967 bytes

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Sam at 17:13:16 on 2012-06-01

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1209 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Hp\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\wbem\WmiPrvSE.exe

C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Sam\AppData\Local\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\System32\mobsync.exe

C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\wbem\WmiPrvSE.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://thewheelsucker.com/

uSearch Page = www.google.co.uk

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [Google Update] "c:\users\sam\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [ConnectionCenter] "c:\users\sam\appdata\local\citrix\ica client\concentr.exe" /startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: ltmuseum.co.uk\sslvpn

Trusted Zone: tfl.gov.uk\t-snap

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://sslvpn.ltmuseum.co.uk/XTSAC.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://webmail.tfl.gov.uk/InternalSite/WhlCompMgr.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{EA172DBD-62AA-48DC-9807-85C142933D63} : DhcpNameServer = 194.168.4.100 194.168.8.100

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\sam\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\sam\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2011-5-19 3333808]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-1 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-22 337880]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-22 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-22 57688]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 44768]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-30 21504]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]

R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2010-2-22 149904]

S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]

S3 DMService;Whale Component Manager;c:\windows\downloaded program files\dm.0\DMService.exe [2010-2-22 468368]

S3 FSDFU;FSDFU;c:\windows\system32\drivers\fsdfu.sys [2009-10-31 10433]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-29 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-06-01 15:35:55 388096 ----a-r- c:\users\sam\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-05-29 12:04:10 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cedb56b8-ef69-44d8-8c32-4f5c1ea60812}\mpengine.dll

2012-05-28 17:13:50 -------- dc----w- C:\9927987dc713aad1c9ca

2012-05-28 17:13:37 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-05-28 17:11:20 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2012-05-28 17:11:09 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-05-28 17:11:08 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-05-17 09:55:31 -------- d-----w- c:\users\sam\appdata\roaming\NVIDIA

2012-05-12 13:11:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-12 13:11:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-12 13:11:37 2044928 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-05-09 10:04:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-09 10:04:39 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

.

============= FINISH: 17:14:13.21 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/07/2008 20:15:34

System Uptime: 01/06/2012 14:26:53 (3 hours ago)

.

Motherboard: Quanta | | 30DA

Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 65.182 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 2.036 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Sunbelt Software Firewall NDIS IM Filter Miniport

Device ID: ROOT\SB_SBFWIMCLMP\0004

Manufacturer: Sunbelt Software, Inc.

Name: Sunbelt Software Firewall NDIS IM Filter Miniport #5

PNP Device ID: ROOT\SB_SBFWIMCLMP\0004

Service: SBFWIMCL

.

==== System Restore Points ===================

.

RP676: 24/04/2012 17:20:36 - Windows Update

RP677: 27/04/2012 17:53:09 - Windows Update

RP678: 03/05/2012 20:16:23 - Windows Update

RP679: 04/05/2012 10:18:42 - Windows Update

RP680: 09/05/2012 09:48:49 - Windows Update

RP681: 12/05/2012 14:11:48 - Windows Update

RP682: 12/05/2012 17:35:58 - Windows Update

RP683: 15/05/2012 20:59:37 - Windows Update

RP684: 21/05/2012 13:21:09 - Windows Update

RP685: 22/05/2012 09:16:48 - Windows Update

RP686: 23/05/2012 23:37:50 - Removed Bing Bar

RP687: 27/05/2012 21:07:34 - Windows Update

RP689: 28/05/2012 18:09:54 - Installed DirectX

RP690: 28/05/2012 18:11:23 - Installed NVIDIA PhysX

RP691: 29/05/2012 13:02:14 - Windows Update

RP692: 01/06/2012 15:26:40 - Scheduled Checkpoint

RP693: 01/06/2012 16:34:35 - Installed HiJackThis

.

==== Installed Programs ======================

.

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.3.1

Adobe Shockwave Player

Adobe Shockwave Player 11.5

Amazon MP3 Downloader 1.0.9

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

avast! Free Antivirus

BBC iPlayer Desktop

Bonjour

CamStudio

CCleaner

Cities XL 2011

Citrix Access Gateway Endpoint Analysis

Citrix Endpoint Analysis Plugin

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Citrix XenApp Web Plugin

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CutePDF Writer 2.7

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Disco XT Demo

DVD Suite

EA Link

ESU for Microsoft Vista

Fender FUSE

Fender FUSE 2.4.1.27

FMRTE

FMRTE 5.2.3

Football Manager 2012

GameCenter 1.3.0.6

Google Chrome

Google Earth

Google Gmail Notifier

GTK+ Runtime 2.14.7 rev a (remove only)

HandBrake 0.9.3

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard ACLM.NET v1.1.0.0

HiJackThis

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Product Detection

HP Quick Launch Buttons 6.30 E1

HP QuickPlay 3.6

HP QuickTouch 1.00 C4

HP Support Assistant

HP Total Care Advisor

HP Update

HP User Guides 0088

HP Wireless Assistant

HPAsset component for HP Active Support Library

iCloud

iTunes

Java Auto Updater

Java™ 6 Update 31

Junk Mail filter update

LabelPrint

LightScribe System Software 1.10.19.1

Malwarebytes Anti-Malware version 1.61.0.1400

Maxtor Manager

Mesh Runtime

Messenger Companion

mflow

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Forefront UAG endpoint components v4.0.0

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

MobileMe Control Panel

MSCU for Microsoft Vista

MSVC80_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

NetWaiting

NVIDIA Control Panel 295.73

NVIDIA Drivers

NVIDIA Graphics Driver 295.73

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0209

OGA Notifier 2.0.0048.0

Picasa 3

Power2Go

PowerDirector

Pro Cycling Manager - Season 2010 version 1.0.4.2

PVSonyDll

QuickPlay SlingPlayer 0.4.4

QuickTime

Recuva (remove only)

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Segoe UI

Skype Click to Call

Skype™ 5.9

Speccy

Spotify

Steam

Synaptics Pointing Device Driver

System Requirements Lab

Tesco Download Manager

The Sims™ 3

The Sims™ Life Stories

Train Simulator 2012

TweetDeck

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Installer for WildTangent Games App

V Stuff Backup v1.0.0

Viewpoint Media Player

WildTangent Games App (HP Games)

Windows 7 Upgrade Advisor

Windows iLivid Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR archiver

WinZip

Xvid 1.2.2 final uninstall

Yahoo! Messenger

.

==== End Of File ===========================

LDTate · June 4, 2012

Sorry about the delay in responding

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

griggs79 · June 6, 2012

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.06.04

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Sam :: MONSTERLAPTOP [administrator]

06/06/2012 17:44:15

mbam-log-2012-06-06 (17-44-15).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 294497

Time elapsed: 2 hour(s), 29 minute(s), 49 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

LDTate · June 6, 2012

At this point we don't know if it's an infection or software issue.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

griggs79 · June 7, 2012

Many thanks for your help to date.

The machine is acting strangely in that programs I regualary iuse now crash claiming lack of memory, yet the machine has plenty to run them. Also Internet Explorer and Firefox (which I have now uninstalled) seem to be full of unwanted and intrusive items.

Here is the log

ComboFix 12-06-07.03 - Sam 07/06/2012 9:54.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1841 [GMT 1:00]

Running from: c:\users\Sam\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Downloaded Program Files\DM.0

c:\windows\Downloaded Program Files\DM.0\DMService.exe

c:\windows\Downloaded Program Files\DM.0\WhlMgr.dll

c:\windows\system32\KBL.LOG

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_DMService

.

((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))

.

2012-06-07 09:10 . 2012-06-07 09:10 -------- d-----w- c:\users\Harriet\AppData\Local\temp

2012-06-07 09:10 . 2012-06-07 09:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-06 17:06 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E81C4927-94AD-46E0-90D4-8399101FF7E4}\mpengine.dll

2012-06-04 20:19 . 2012-06-04 20:20 -------- d-----w- c:\users\Harriet\AppData\Local\Google

2012-06-04 19:58 . 2012-06-04 19:58 -------- d-----w- c:\users\Harriet\AppData\Roaming\HpUpdate

2012-06-01 15:35 . 2012-06-01 15:35 388096 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-28 17:13 . 2012-05-28 17:14 -------- dc----w- C:\9927987dc713aad1c9ca

2012-05-28 17:13 . 2012-05-28 17:13 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-05-28 17:11 . 2012-05-28 17:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-05-28 17:11 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-05-28 17:11 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-05-21 13:21 . 2012-05-21 13:21 -------- d-----w- c:\program files\Common Files\Skype

2012-05-17 09:55 . 2012-05-29 09:07 -------- d-----w- c:\users\Sam\AppData\Roaming\NVIDIA

2012-05-12 13:11 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-12 13:11 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-12 13:11 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 10:04 . 2012-04-02 09:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-09 10:04 . 2011-05-19 08:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-04 14:56 . 2010-10-14 16:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-12 16:42 . 2010-05-12 16:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-05-12 17:22 . 2010-05-12 17:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-05-12 16:43 . 2010-05-12 16:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-05-12 16:42 . 2010-05-12 16:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-05-12 16:42 . 2010-05-12 16:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-05-12 16:41 . 2010-05-12 16:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-05-12 16:42 . 2010-05-12 16:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-05-12 16:42 . 2010-05-12 16:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-04-14 13:55 . 2010-04-14 13:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-05-12 16:43 . 2010-05-12 16:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"ConnectionCenter"="c:\users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\datamngr.dll c:\progra~1\WI371A~1\Datamngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-10-18 15:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]

2008-07-21 17:16 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 257696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-10-18 15:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:04]

.

2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585643157-3435527544-3680769808-1000Core.job

- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 18:16]

.

2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585643157-3435527544-3680769808-1000UA.job

- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 18:16]

.

2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585643157-3435527544-3680769808-1001Core.job

- c:\users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 20:19]

.

2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585643157-3435527544-3680769808-1001UA.job

- c:\users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 20:19]

.

2012-05-29 c:\windows\Tasks\HPCeeScheduleForSam.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-10-24 18:58]

.

2011-02-01 c:\windows\Tasks\User_Feed_Synchronization-{68465BB3-DA67-4166-95B0-80B88536550E}.job

- c:\windows\system32\msfeedssync.exe [2011-05-05 18:38]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://thewheelsucker.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: ltmuseum.co.uk\sslvpn

Trusted Zone: tfl.gov.uk\t-snap

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

AddRemove-726853536.fuse.fender.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout]

"GameDir"=""

"ShortlistDir"=""

"ScreenshotsDir"=""

"SaveDir"=""

"HistoryDir"=""

"LangDB"=""

"LastSaveGame"=""

"Language"=""

"LoadLangDB"=dword:00000000

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000000

"LastUpdateCheck"=dword:00000000

"HighQualityGUI"=dword:00000000

"AutomaticallyUpdateCheck"=dword:00000000

"AdvancedGeneration"=dword:00000000

"ShowHistory"=dword:00000000

"WindowState"=dword:00000000

"WindowHeight"=dword:00000313

"WindowWidth"=dword:00000404

"WindowLeft"=dword:000000ce

"WindowTop"=dword:00000038

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Clubs]

"Position0"=dword:00000000

"Visible0"=dword:00000001

"Width0"=dword:0000007d

"Position1"=dword:00000001

"Visible1"=dword:00000001

"Width1"=dword:00000064

"Position2"=dword:00000002

"Visible2"=dword:00000001

"Width2"=dword:00000064

"Position3"=dword:00000003

"Visible3"=dword:00000001

"Width3"=dword:00000032

"Position4"=dword:00000004

"Visible4"=dword:00000001

"Width4"=dword:00000032

"Position5"=dword:00000005

"Visible5"=dword:00000001

"Width5"=dword:00000050

"Position6"=dword:00000006

"Visible6"=dword:00000001

"Width6"=dword:00000050

"Position7"=dword:00000007

"Visible7"=dword:00000001

"Width7"=dword:00000050

"Position8"=dword:00000008

"Visible8"=dword:00000000

"Width8"=dword:00000050

"Position9"=dword:00000009

"Visible9"=dword:00000000

"Width9"=dword:0000002d

"Position10"=dword:0000000a

"Visible10"=dword:00000000

"Width10"=dword:0000001e

"Position11"=dword:0000000b

"Visible11"=dword:00000000

"Width11"=dword:0000001e

"Position12"=dword:0000000c

"Visible12"=dword:00000000

"Width12"=dword:0000001e

"Position13"=dword:0000000d

"Visible13"=dword:00000001

"Width13"=dword:0000003c

"Position14"=dword:0000000e

"Visible14"=dword:00000000

"Width14"=dword:00000032

"Position15"=dword:0000000f

"Visible15"=dword:00000000

"Width15"=dword:00000032

"Position16"=dword:00000010

"Visible16"=dword:00000000

"Width16"=dword:00000032

"Position17"=dword:00000011

"Visible17"=dword:00000001

"Width17"=dword:00000050

"Position18"=dword:00000012

"Visible18"=dword:00000001

"Width18"=dword:00000050

"Position19"=dword:00000013

"Visible19"=dword:00000000

"Width19"=dword:00000050

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]

"Position0"=dword:00000000

"Visible0"=dword:00000001

"Width0"=dword:0000007d

"Position1"=dword:00000001

"Visible1"=dword:00000001

"Width1"=dword:00000064

"Position2"=dword:00000002

"Visible2"=dword:00000001

"Width2"=dword:00000064

"Position3"=dword:00000003

"Visible3"=dword:00000001

"Width3"=dword:00000037

"Position4"=dword:00000008

"Visible4"=dword:00000001

"Width4"=dword:00000023

"Position5"=dword:00000009

"Visible5"=dword:00000001

"Width5"=dword:00000028

"Position6"=dword:0000000a

"Visible6"=dword:00000001

"Width6"=dword:00000028

"Position7"=dword:0000000c

"Visible7"=dword:00000001

"Width7"=dword:0000004b

"Position8"=dword:0000000d

"Visible8"=dword:00000001

"Width8"=dword:0000004b

"Position9"=dword:0000000e

"Visible9"=dword:00000001

"Width9"=dword:00000050

"Position10"=dword:00000010

"Visible10"=dword:00000000

"Width10"=dword:00000050

"Position11"=dword:00000011

"Visible11"=dword:00000000

"Width11"=dword:0000004b

"Position12"=dword:00000012

"Visible12"=dword:00000000

"Width12"=dword:0000002d

"Position13"=dword:00000013

"Visible13"=dword:00000000

"Width13"=dword:0000003c

"Position14"=dword:00000014

"Visible14"=dword:00000000

"Width14"=dword:0000004b

"Position15"=dword:00000015

"Visible15"=dword:00000000

"Width15"=dword:00000064

"Position16"=dword:00000016

"Visible16"=dword:00000000

"Width16"=dword:00000064

"Position17"=dword:00000017

"Visible17"=dword:00000000

"Width17"=dword:0000004b

"Position18"=dword:00000018

"Visible18"=dword:00000000

"Width18"=dword:00000064

"Position19"=dword:00000019

"Visible19"=dword:00000000

"Width19"=dword:0000003c

"Position20"=dword:0000001a

"Visible20"=dword:00000000

"Width20"=dword:0000004b

"Position21"=dword:0000001b

"Visible21"=dword:00000000

"Width21"=dword:00000050

"Position22"=dword:0000001c

"Visible22"=dword:00000000

"Width22"=dword:00000073

"Position23"=dword:0000001d

"Visible23"=dword:00000000

"Width23"=dword:00000050

"Position24"=dword:0000001e

"Visible24"=dword:00000000

"Width24"=dword:0000005a

"Position25"=dword:0000001f

"Visible25"=dword:00000000

"Width25"=dword:0000006e

"Position26"=dword:00000020

"Visible26"=dword:00000000

"Width26"=dword:00000064

"Position27"=dword:00000021

"Visible27"=dword:00000000

"Width27"=dword:00000087

"Position28"=dword:00000022

"Visible28"=dword:00000000

"Width28"=dword:00000064

"Position29"=dword:00000023

"Visible29"=dword:00000000

"Width29"=dword:00000064

"Position30"=dword:00000024

"Visible30"=dword:00000000

"Width30"=dword:00000046

"Position31"=dword:00000025

"Visible31"=dword:00000000

"Width31"=dword:0000004b

"Position32"=dword:00000026

"Visible32"=dword:00000000

"Width32"=dword:00000046

"Position33"=dword:00000027

"Visible33"=dword:00000000

"Width33"=dword:0000004b

"Position34"=dword:00000028

"Visible34"=dword:00000000

"Width34"=dword:0000003c

"Position35"=dword:0000002a

"Visible35"=dword:00000000

"Width35"=dword:00000064

"Position36"=dword:0000002e

"Visible36"=dword:00000000

"Width36"=dword:00000073

"Position37"=dword:00000030

"Visible37"=dword:00000000

"Width37"=dword:0000005f

"Position38"=dword:00000033

"Visible38"=dword:00000000

"Width38"=dword:00000091

"Position39"=dword:00000035

"Visible39"=dword:00000000

"Width39"=dword:0000003c

"Position40"=dword:0000002c

"Visible40"=dword:00000000

"Width40"=dword:0000005a

"Position41"=dword:00000036

"Visible41"=dword:00000000

"Width41"=dword:00000041

"Position42"=dword:00000029

"Visible42"=dword:00000000

"Width42"=dword:00000050

"Position43"=dword:0000002b

"Visible43"=dword:00000000

"Width43"=dword:00000055

"Position44"=dword:0000002d

"Visible44"=dword:00000000

"Width44"=dword:0000005f

"Position45"=dword:00000037

"Visible45"=dword:00000000

"Width45"=dword:00000050

"Position46"=dword:00000038

"Visible46"=dword:00000000

"Width46"=dword:0000004b

"Position47"=dword:00000039

"Visible47"=dword:00000000

"Width47"=dword:0000004b

"Position48"=dword:0000003a

"Visible48"=dword:00000000

"Width48"=dword:00000046

"Position49"=dword:0000003b

"Visible49"=dword:00000000

"Width49"=dword:00000032

"Position50"=dword:0000003c

"Visible50"=dword:00000000

"Width50"=dword:0000003c

"Position51"=dword:0000003d

"Visible51"=dword:00000000

"Width51"=dword:0000004b

"Position52"=dword:0000003e

"Visible52"=dword:00000000

"Width52"=dword:0000003c

"Position53"=dword:0000003f

"Visible53"=dword:00000000

"Width53"=dword:00000037

"Position54"=dword:00000040

"Visible54"=dword:00000000

"Width54"=dword:00000069

"Position55"=dword:00000041

"Visible55"=dword:00000000

"Width55"=dword:0000005a

"Position56"=dword:00000044

"Visible56"=dword:00000000

"Width56"=dword:0000004b

"Position57"=dword:00000045

"Visible57"=dword:00000000

"Width57"=dword:0000004b

"Position58"=dword:00000046

"Visible58"=dword:00000000

"Width58"=dword:00000037

"Position59"=dword:00000047

"Visible59"=dword:00000000

"Width59"=dword:0000003c

"Position60"=dword:00000048

"Visible60"=dword:00000000

"Width60"=dword:0000003c

"Position61"=dword:00000049

"Visible61"=dword:00000000

"Width61"=dword:00000041

"Position62"=dword:0000004a

"Visible62"=dword:00000000

"Width62"=dword:00000055

"Position63"=dword:0000004b

"Visible63"=dword:00000000

"Width63"=dword:0000003c

"Position64"=dword:0000004c

"Visible64"=dword:00000000

"Width64"=dword:0000003c

"Position65"=dword:0000004d

"Visible65"=dword:00000000

"Width65"=dword:0000004b

"Position66"=dword:0000004e

"Visible66"=dword:00000000

"Width66"=dword:0000003c

"Position67"=dword:0000004f

"Visible67"=dword:00000000

"Width67"=dword:00000046

"Position68"=dword:00000050

"Visible68"=dword:00000000

"Width68"=dword:00000028

"Position69"=dword:00000051

"Visible69"=dword:00000000

"Width69"=dword:00000041

"Position70"=dword:00000052

"Visible70"=dword:00000000

"Width70"=dword:0000003c

"Position71"=dword:00000053

"Visible71"=dword:00000000

"Width71"=dword:00000069

"Position72"=dword:00000054

"Visible72"=dword:00000000

"Width72"=dword:00000041

"Position73"=dword:00000055

"Visible73"=dword:00000000

"Width73"=dword:0000005f

"Position74"=dword:00000056

"Visible74"=dword:00000000

"Width74"=dword:0000003c

"Position75"=dword:00000057

"Visible75"=dword:00000000

"Width75"=dword:00000037

"Position76"=dword:00000058

"Visible76"=dword:00000000

"Width76"=dword:0000004b

"Position77"=dword:00000059

"Visible77"=dword:00000000

"Width77"=dword:00000050

"Position78"=dword:0000005a

"Visible78"=dword:00000000

"Width78"=dword:00000037

"Position79"=dword:0000005b

"Visible79"=dword:00000000

"Width79"=dword:00000037

"Position80"=dword:0000005c

"Visible80"=dword:00000000

"Width80"=dword:0000005a

"Position81"=dword:0000005d

"Visible81"=dword:00000000

"Width81"=dword:0000004b

"Position82"=dword:0000005e

"Visible82"=dword:00000000

"Width82"=dword:00000055

"Position83"=dword:0000005f

"Visible83"=dword:00000000

"Width83"=dword:0000002d

"Position84"=dword:00000060

"Visible84"=dword:00000000

"Width84"=dword:00000037

"Position85"=dword:00000061

"Visible85"=dword:00000000

"Width85"=dword:0000003c

"Position86"=dword:00000062

"Visible86"=dword:00000000

"Width86"=dword:00000046

"Position87"=dword:00000063

"Visible87"=dword:00000000

"Width87"=dword:0000003c

"Position88"=dword:00000064

"Visible88"=dword:00000000

"Width88"=dword:0000005a

"Position89"=dword:00000065

"Visible89"=dword:00000000

"Width89"=dword:0000003c

"Position90"=dword:00000066

"Visible90"=dword:00000000

"Width90"=dword:00000050

"Position91"=dword:00000067

"Visible91"=dword:00000000

"Width91"=dword:00000046

"Position92"=dword:00000068

"Visible92"=dword:00000000

"Width92"=dword:0000005a

"Position93"=dword:00000069

"Visible93"=dword:00000000

"Width93"=dword:00000037

"Position94"=dword:0000006a

"Visible94"=dword:00000000

"Width94"=dword:0000003c

"Position95"=dword:0000006b

"Visible95"=dword:00000000

"Width95"=dword:0000003c

"Position96"=dword:0000006c

"Visible96"=dword:00000000

"Width96"=dword:00000046

"Position97"=dword:0000006d

"Visible97"=dword:00000000

"Width97"=dword:00000046

"Position98"=dword:0000006e

"Visible98"=dword:00000000

"Width98"=dword:00000055

"Position99"=dword:0000006f

"Visible99"=dword:00000000

"Width99"=dword:00000073

"Position100"=dword:00000042

"Visible100"=dword:00000000

"Width100"=dword:00000041

"Position101"=dword:00000070

"Visible101"=dword:00000000

"Width101"=dword:0000003c

"Position102"=dword:00000071

"Visible102"=dword:00000000

"Width102"=dword:0000003c

"Position103"=dword:00000072

"Visible103"=dword:00000000

"Width103"=dword:00000046

"Position104"=dword:00000073

"Visible104"=dword:00000000

"Width104"=dword:0000003c

"Position105"=dword:00000074

"Visible105"=dword:00000000

"Width105"=dword:00000041

"Position106"=dword:0000000f

"Visible106"=dword:00000001

"Width106"=dword:00000050

"Position107"=dword:0000000b

"Visible107"=dword:00000001

"Width107"=dword:00000028

"Position108"=dword:00000043

"Visible108"=dword:00000000

"Width108"=dword:00000050

"Position109"=dword:0000002f

"Visible109"=dword:00000000

"Width109"=dword:00000050

"Position110"=dword:00000031

"Visible110"=dword:00000000

"Width110"=dword:00000055

"Position111"=dword:00000032

"Visible111"=dword:00000000

"Width111"=dword:00000082

"Position112"=dword:00000034

"Visible112"=dword:00000000

"Width112"=dword:00000087

"Position113"=dword:00000075

"Visible113"=dword:00000000

"Width113"=dword:00000050

"Position114"=dword:00000076

"Visible114"=dword:00000000

"Width114"=dword:00000050

"Position115"=dword:00000077

"Visible115"=dword:00000000

"Width115"=dword:00000050

"Position116"=dword:00000078

"Visible116"=dword:00000000

"Width116"=dword:00000050

"Position117"=dword:00000079

"Visible117"=dword:00000000

"Width117"=dword:00000050

"Position118"=dword:0000007a

"Visible118"=dword:00000000

"Width118"=dword:00000050

"Position119"=dword:0000007b

"Visible119"=dword:00000000

"Width119"=dword:00000050

"Position120"=dword:0000007c

"Visible120"=dword:00000000

"Width120"=dword:00000050

"Position121"=dword:0000007d

"Visible121"=dword:00000000

"Width121"=dword:00000050

"Position122"=dword:0000007e

"Visible122"=dword:00000000

"Width122"=dword:00000050

"Position123"=dword:0000007f

"Visible123"=dword:00000000

"Width123"=dword:00000050

"Position124"=dword:00000080

"Visible124"=dword:00000000

"Width124"=dword:00000050

"Position125"=dword:00000081

"Visible125"=dword:00000000

"Width125"=dword:00000050

"Position126"=dword:00000082

"Visible126"=dword:00000000

"Width126"=dword:00000050

"Position127"=dword:00000083

"Visible127"=dword:00000000

"Width127"=dword:00000050

"Position128"=dword:00000084

"Visible128"=dword:00000000

"Width128"=dword:00000050

"Position129"=dword:00000085

"Visible129"=dword:00000000

"Width129"=dword:00000050

"Position130"=dword:00000086

"Visible130"=dword:00000000

"Width130"=dword:00000050

"Position131"=dword:00000087

"Visible131"=dword:00000000

"Width131"=dword:00000050

"Position132"=dword:00000088

"Visible132"=dword:00000000

"Width132"=dword:00000050

"Position133"=dword:00000089

"Visible133"=dword:00000000

"Width133"=dword:00000050

"Position134"=dword:0000008a

"Visible134"=dword:00000000

"Width134"=dword:00000050

"Position135"=dword:0000008b

"Visible135"=dword:00000000

"Width135"=dword:00000050

"Position136"=dword:0000008c

"Visible136"=dword:00000000

"Width136"=dword:00000050

"Position137"=dword:0000008d

"Visible137"=dword:00000000

"Width137"=dword:00000050

"Position138"=dword:0000008e

"Visible138"=dword:00000000

"Width138"=dword:00000050

"Position139"=dword:0000008f

"Visible139"=dword:00000000

"Width139"=dword:00000050

"Position140"=dword:00000090

"Visible140"=dword:00000000

"Width140"=dword:00000050

"Position141"=dword:00000091

"Visible141"=dword:00000000

"Width141"=dword:00000050

"Position142"=dword:00000092

"Visible142"=dword:00000000

"Width142"=dword:00000050

"Position143"=dword:00000093

"Visible143"=dword:00000000

"Width143"=dword:00000050

"Position144"=dword:00000094

"Visible144"=dword:00000000

"Width144"=dword:00000050

"Position145"=dword:00000095

"Visible145"=dword:00000000

"Width145"=dword:00000050

"Position146"=dword:00000004

"Visible146"=dword:00000000

"Width146"=dword:00000037

"Position147"=dword:00000005

"Visible147"=dword:00000000

"Width147"=dword:00000028

"Position148"=dword:00000006

"Visible148"=dword:00000000

"Width148"=dword:00000037

"Position149"=dword:00000007

"Visible149"=dword:00000001

"Width149"=dword:00000028

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]

"Position0"=dword:00000000

"Visible0"=dword:00000001

"Width0"=dword:0000007d

"Position1"=dword:00000001

"Visible1"=dword:00000001

"Width1"=dword:00000064

"Position2"=dword:00000002

"Visible2"=dword:00000001

"Width2"=dword:00000064

"Position3"=dword:00000003

"Visible3"=dword:00000001

"Width3"=dword:00000069

"Position4"=dword:00000005

"Visible4"=dword:00000001

"Width4"=dword:00000028

"Position5"=dword:00000006

"Visible5"=dword:00000001

"Width5"=dword:00000028

"Position6"=dword:00000004

"Visible6"=dword:00000001

"Width6"=dword:00000028

"Position7"=dword:00000007

"Visible7"=dword:00000001

"Width7"=dword:00000050

"Position8"=dword:00000008

"Visible8"=dword:00000000

"Width8"=dword:00000050

"Position9"=dword:00000009

"Visible9"=dword:00000000

"Width9"=dword:0000004b

"Position10"=dword:0000000a

"Visible10"=dword:00000000

"Width10"=dword:0000002d

"Position11"=dword:0000000b

"Visible11"=dword:00000000

"Width11"=dword:0000003c

"Position12"=dword:0000000c

"Visible12"=dword:00000000

"Width12"=dword:0000004b

"Position13"=dword:0000000d

"Visible13"=dword:00000000

"Width13"=dword:00000064

"Position14"=dword:0000000e

"Visible14"=dword:00000000

"Width14"=dword:00000064

"Position15"=dword:0000000f

"Visible15"=dword:00000000

"Width15"=dword:0000004b

"Position16"=dword:00000010

"Visible16"=dword:00000000

"Width16"=dword:00000064

"Position17"=dword:00000011

"Visible17"=dword:00000000

"Width17"=dword:0000003c

"Position18"=dword:00000012

"Visible18"=dword:00000000

"Width18"=dword:0000004b

"Position19"=dword:00000013

"Visible19"=dword:00000000

"Width19"=dword:00000050

"Position20"=dword:00000014

"Visible20"=dword:00000000

"Width20"=dword:00000046

"Position21"=dword:00000015

"Visible21"=dword:00000000

"Width21"=dword:0000004b

"Position22"=dword:00000016

"Visible22"=dword:00000000

"Width22"=dword:00000046

"Position23"=dword:00000017

"Visible23"=dword:00000000

"Width23"=dword:00000046

"Position24"=dword:00000018

"Visible24"=dword:00000000

"Width24"=dword:0000003c

"Position25"=dword:00000019

"Visible25"=dword:00000000

"Width25"=dword:00000041

"Position26"=dword:0000001a

"Visible26"=dword:00000000

"Width26"=dword:0000003c

"Position27"=dword:0000001b

"Visible27"=dword:00000000

"Width27"=dword:00000055

"Position28"=dword:0000001c

"Visible28"=dword:00000000

"Width28"=dword:00000069

"Position29"=dword:0000001d

"Visible29"=dword:00000000

"Width29"=dword:0000006e

"Position30"=dword:0000001e

"Visible30"=dword:00000000

"Width30"=dword:00000064

"Position31"=dword:0000001f

"Visible31"=dword:00000000

"Width31"=dword:00000078

"Position32"=dword:00000020

"Visible32"=dword:00000000

"Width32"=dword:00000064

"Position33"=dword:00000021

"Visible33"=dword:00000000

"Width33"=dword:00000087

"Position34"=dword:00000022

"Visible34"=dword:00000000

"Width34"=dword:00000069

"Position35"=dword:00000023

"Visible35"=dword:00000000

"Width35"=dword:0000006e

"Position36"=dword:00000024

"Visible36"=dword:00000000

"Width36"=dword:00000073

"Position37"=dword:00000025

"Visible37"=dword:00000000

"Width37"=dword:0000004b

"Position38"=dword:00000026

"Visible38"=dword:00000000

"Width38"=dword:0000002d

"Position39"=dword:00000027

"Visible39"=dword:00000000

"Width39"=dword:00000055

"Position40"=dword:00000028

"Visible40"=dword:00000000

"Width40"=dword:00000046

"Position41"=dword:00000029

"Visible41"=dword:00000000

"Width41"=dword:0000004b

"Position42"=dword:0000002a

"Visible42"=dword:00000000

"Width42"=dword:0000003c

"Position43"=dword:0000002b

"Visible43"=dword:00000000

"Width43"=dword:00000046

"Position44"=dword:0000002c

"Visible44"=dword:00000000

"Width44"=dword:00000073

"Position45"=dword:0000002d

"Visible45"=dword:00000000

"Width45"=dword:0000004b

"Position46"=dword:0000002e

"Visible46"=dword:00000000

"Width46"=dword:00000073

"Position47"=dword:0000002f

"Visible47"=dword:00000000

"Width47"=dword:0000007d

"Position48"=dword:00000030

"Visible48"=dword:00000000

"Width48"=dword:0000006e

"Position49"=dword:00000031

"Visible49"=dword:00000000

"Width49"=dword:00000037

"Position50"=dword:00000032

"Visible50"=dword:00000000

"Width50"=dword:00000064

"Position51"=dword:00000033

"Visible51"=dword:00000000

"Width51"=dword:00000037

"Position52"=dword:00000034

"Visible52"=dword:00000000

"Width52"=dword:0000004b

"Position53"=dword:00000035

"Visible53"=dword:00000000

"Width53"=dword:00000046

"Position54"=dword:00000036

"Visible54"=dword:00000000

"Width54"=dword:00000037

"Position55"=dword:00000037

"Visible55"=dword:00000000

"Width55"=dword:0000003c

"Position56"=dword:00000038

"Visible56"=dword:00000000

"Width56"=dword:00000055

"Position57"=dword:00000039

"Visible57"=dword:00000000

"Width57"=dword:0000003c

"Position58"=dword:0000003a

"Visible58"=dword:00000000

"Width58"=dword:0000003c

"Position59"=dword:0000003b

"Visible59"=dword:00000000

"Width59"=dword:00000055

"Position60"=dword:0000003c

"Visible60"=dword:00000000

"Width60"=dword:00000046

"Position61"=dword:0000003d

"Visible61"=dword:00000000

"Width61"=dword:0000004b

"Position62"=dword:0000003e

"Visible62"=dword:00000000

"Width62"=dword:00000055

"Position63"=dword:0000003f

"Visible63"=dword:00000000

"Width63"=dword:0000005a

"Position64"=dword:00000040

"Visible64"=dword:00000000

"Width64"=dword:0000006e

"Position65"=dword:00000041

"Visible65"=dword:00000000

"Width65"=dword:00000050

"Position66"=dword:00000042

"Visible66"=dword:00000000

"Width66"=dword:00000032

"Position67"=dword:00000043

"Visible67"=dword:00000000

"Width67"=dword:00000064

"Position68"=dword:00000044

"Visible68"=dword:00000000

"Width68"=dword:0000004b

"Position69"=dword:00000045

"Visible69"=dword:00000000

"Width69"=dword:0000002d

"Position70"=dword:00000046

"Visible70"=dword:00000000

"Width70"=dword:0000004b

"Position71"=dword:00000047

"Visible71"=dword:00000000

"Width71"=dword:0000005a

"Position72"=dword:00000048

"Visible72"=dword:00000000

"Width72"=dword:0000005a

"Position73"=dword:00000049

"Visible73"=dword:00000000

"Width73"=dword:00000050

"Position74"=dword:0000004a

"Visible74"=dword:00000000

"Width74"=dword:0000004b

"Position75"=dword:0000004b

"Visible75"=dword:00000000

"Width75"=dword:00000050

"Position76"=dword:0000004c

"Visible76"=dword:00000000

"Width76"=dword:0000005a

"Position77"=dword:0000004d

"Visible77"=dword:00000000

"Width77"=dword:00000041

"Position78"=dword:0000004e

"Visible78"=dword:00000000

"Width78"=dword:00000041

"Position79"=dword:0000004f

"Visible79"=dword:00000000

"Width79"=dword:00000041

"Position80"=dword:00000050

"Visible80"=dword:00000000

"Width80"=dword:00000041

"Position81"=dword:00000051

"Visible81"=dword:00000000

"Width81"=dword:00000041

"Position82"=dword:00000052

"Visible82"=dword:00000000

"Width82"=dword:00000041

"Position83"=dword:00000053

"Visible83"=dword:00000000

"Width83"=dword:00000041

"Position84"=dword:00000054

"Visible84"=dword:00000000

"Width84"=dword:00000041

"Position85"=dword:00000055

"Visible85"=dword:00000000

"Width85"=dword:00000041

"Position86"=dword:00000056

"Visible86"=dword:00000000

"Width86"=dword:00000050

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Questionnaire]

"FormCountry"=dword:00000000

"FormAge"=dword:00000000

"FormFMStart"=dword:00000000

"FormScoutStart"=dword:00000000

"FormFMPeriodicity"=dword:00000000

"FormScoutPeriodicity"=dword:00000000

"FormScoutFrequency"=dword:00000000

"FormScoutRate"=dword:00000000

"FormInternetFrequency"=dword:00000000

"FormScoutPrice"=dword:00000000

"QuestionnaireComplete"=dword:00000000

"QuestionnaireReminds"=dword:00000000

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout\Rating]

"GKPositionCoef"=dword:00000000

"GKCurrentAbilityCoef"=dword:00000000

"GKCornersCoef"=dword:00000000

"GKCrossingCoef"=dword:00000000

"GKDribblingCoef"=dword:00000000

"GKFinishingCoef"=dword:00000000

"GKFirstTouchCoef"=dword:00000005

"GKFreeKicksCoef"=dword:00000000

"GKHeadingCoef"=dword:00000005

"GKLongShotsCoef"=dword:00000000

"GKLongThrowsCoef"=dword:00000000

"GKMarkingCoef"=dword:00000000

"GKPassingCoef"=dword:0000000a

"GKPenaltiesCoef"=dword:00000005

"GKTacklingCoef"=dword:0000000a

"GKTechniqueCoef"=dword:00000000

"GKLeftFootCoef"=dword:00000005

"GKRightFootCoef"=dword:00000005

"GKAggressionCoef"=dword:0000001e

"GKAnticipationCoef"=dword:0000000a

"GKBraveryCoef"=dword:0000001e

"GKComposureCoef"=dword:0000001e

"GKConcentrationCoef"=dword:00000014

"GKConsistencyCoef"=dword:00000014

"GKCreativityCoef"=dword:00000000

"GKDecisionsCoef"=dword:0000001e

"GKDeterminationCoef"=dword:00000014

"GKDirtinessCoef"=dword:fffffff6

"GKFlairCoef"=dword:00000005

"GKImportantMatchesCoef"=dword:00000014

"GKInfluenceCoef"=dword:0000000f

"GKOffTheBallCoef"=dword:00000000

"GKPositioningCoef"=dword:0000003c

"GKTeamworkCoef"=dword:0000000a

"GKWorkRateCoef"=dword:00000005

"GKAccelerationCoef"=dword:0000000a

"GKAgilityCoef"=dword:00000014

"GKBalanceCoef"=dword:00000014

"GKInjuryPronenessCoef"=dword:fffffff6

"GKJumpingCoef"=dword:00000050

"GKNaturalFitnessCoef"=dword:0000000a

"GKPaceCoef"=dword:00000000

"GKStaminaCoef"=dword:00000005

"GKStrengthCoef"=dword:0000001e

"GKVersatilityCoef"=dword:00000005

"GKAerialAbilityCoef"=dword:00000050

"GKCommandOfAreaCoef"=dword:00000032

"GKCommunicationCoef"=dword:0000003c

"GKEccentricityCoef"=dword:ffffffe7

"GKHandlingCoef"=dword:00000064

"GKKickingCoef"=dword:00000019

"GKOneOnOnesCoef"=dword:00000032

"GKReflexesCoef"=dword:00000064

"GKRushingOutCoef"=dword:0000001e

"GKTendencyToPunchCoef"=dword:ffffffe7

"GKThrowingCoef"=dword:00000019

"GKAdaptabilityCoef"=dword:0000000a

"GKAmbitionCoef"=dword:00000014

"GKControversyCoef"=dword:fffffffb

"GKLoyalityCoef"=dword:0000000a

"GKPressureCoef"=dword:00000014

"GKProfessionalismCoef"=dword:0000000f

"GKSportsmanshipCoef"=dword:0000000a

"GKTemperamentCoef"=dword:00000005

"SWPositionCoef"=dword:00000000

"SWCurrentAbilityCoef"=dword:00000000

"SWCornersCoef"=dword:0000000a

"SWCrossingCoef"=dword:00000005

"SWDribblingCoef"=dword:00000005

"SWFinishingCoef"=dword:00000005

"SWFirstTouchCoef"=dword:00000014

"SWFreeKicksCoef"=dword:0000000a

"SWHeadingCoef"=dword:00000064

"SWLongShotsCoef"=dword:00000005

"SWLongThrowsCoef"=dword:00000005

"SWMarkingCoef"=dword:00000064

"SWPassingCoef"=dword:00000014

"SWPenaltiesCoef"=dword:00000005

"SWTacklingCoef"=dword:00000064

"SWTechniqueCoef"=dword:0000000f

"SWLeftFootCoef"=dword:0000000a

"SWRightFootCoef"=dword:0000000a

"SWAggressionCoef"=dword:0000000f

"SWAnticipationCoef"=dword:00000014

"SWBraveryCoef"=dword:00000028

"SWComposureCoef"=dword:00000028

"SWConcentrationCoef"=dword:00000028

"SWConsistencyCoef"=dword:00000014

"SWCreativityCoef"=dword:00000005

"SWDecisionsCoef"=dword:0000001e

"SWDeterminationCoef"=dword:00000014

"SWDirtinessCoef"=dword:ffffffe7

"SWFlairCoef"=dword:00000005

"SWImportantMatchesCoef"=dword:00000014

"SWInfluenceCoef"=dword:0000000f

"SWOffTheBallCoef"=dword:00000005

"SWPositioningCoef"=dword:00000064

"SWTeamworkCoef"=dword:00000028

"SWWorkRateCoef"=dword:0000000a

"SWAccelerationCoef"=dword:00000019

"SWAgilityCoef"=dword:00000005

"SWBalanceCoef"=dword:00000014

"SWInjuryPronenessCoef"=dword:fffffff6

"SWJumpingCoef"=dword:00000050

"SWNaturalFitnessCoef"=dword:0000000a

"SWPaceCoef"=dword:00000019

"SWStaminaCoef"=dword:0000000f

"SWStrengthCoef"=dword:0000003c

"SWVersatilityCoef"=dword:00000005

"SWAerialAbilityCoef"=dword:00000000

"SWCommandOfAreaCoef"=dword:00000000

"SWCommunicationCoef"=dword:00000000

"SWEccentricityCoef"=dword:00000000

"SWHandlingCoef"=dword:00000000

"SWKickingCoef"=dword:00000000

"SWOneOnOnesCoef"=dword:00000005

"SWReflexesCoef"=dword:00000005

"SWRushingOutCoef"=dword:00000000

"SWTendencyToPunchCoef"=dword:00000000

"SWThrowingCoef"=dword:00000000

"SWAdaptabilityCoef"=dword:0000000a

"SWAmbitionCoef"=dword:00000014

"SWControversyCoef"=dword:fffffffb

"SWLoyalityCoef"=dword:0000000a

"SWPressureCoef"=dword:00000014

"SWProfessionalismCoef"=dword:0000000f

"SWSportsmanshipCoef"=dword:0000000a

"SWTemperamentCoef"=dword:00000005

"CBPositionCoef"=dword:00000000

"CBCurrentAbilityCoef"=dword:00000000

"CBCornersCoef"=dword:00000014

"CBCrossingCoef"=dword:0000000a

"CBDribblingCoef"=dword:00000005

"CBFinishingCoef"=dword:00000005

"CBFirstTouchCoef"=dword:00000014

"CBFreeKicksCoef"=dword:00000014

"CBHeadingCoef"=dword:00000064

"CBLongShotsCoef"=dword:00000005

"CBLongThrowsCoef"=dword:00000005

"CBMarkingCoef"=dword:00000050

"CBPassingCoef"=dword:0000001e

"CBPenaltiesCoef"=dword:00000005

"CBTacklingCoef"=dword:00000064

"CBTechniqueCoef"=dword:0000000f

"CBLeftFootCoef"=dword:0000000a

"CBRightFootCoef"=dword:0000000a

"CBAggressionCoef"=dword:0000000f

"CBAnticipationCoef"=dword:00000014

"CBBraveryCoef"=dword:00000028

"CBComposureCoef"=dword:0000001e

"CBConcentrationCoef"=dword:0000001e

"CBConsistencyCoef"=dword:00000014

"CBCreativityCoef"=dword:00000005

"CBDecisionsCoef"=dword:0000001e

"CBDeterminationCoef"=dword:00000014

"CBDirtinessCoef"=dword:ffffffec

"CBFlairCoef"=dword:00000005

"CBImportantMatchesCoef"=dword:00000014

"CBInfluenceCoef"=dword:0000000f

"CBOffTheBallCoef"=dword:0000000a

"CBPositioningCoef"=dword:00000050

"CBTeamworkCoef"=dword:00000028

"CBWorkRateCoef"=dword:0000000a

"CBAccelerationCoef"=dword:00000023

"CBAgilityCoef"=dword:00000005

"CBBalanceCoef"=dword:00000014

"CBInjuryPronenessCoef"=dword:fffffff6

"CBJumpingCoef"=dword:00000050

"CBNaturalFitnessCoef"=dword:0000000a

"CBPaceCoef"=dword:00000023

"CBStaminaCoef"=dword:00000014

"CBStrengthCoef"=dword:00000032

"CBVersatilityCoef"=dword:00000005

"CBAerialAbilityCoef"=dword:00000000

"CBCommandOfAreaCoef"=dword:00000000

"CBCommunicationCoef"=dword:00000000

"CBEccentricityCoef"=dword:00000000

"CBHandlingCoef"=dword:00000000

"CBKickingCoef"=dword:00000000

"CBOneOnOnesCoef"=dword:00000005

"CBReflexesCoef"=dword:00000005

"CBRushingOutCoef"=dword:00000000

"CBTendencyToPunchCoef"=dword:00000000

"CBThrowingCoef"=dword:00000000

"CBAdaptabilityCoef"=dword:0000000a

"CBAmbitionCoef"=dword:00000014

"CBControversyCoef"=dword:fffffffb

"CBLoyalityCoef"=dword:0000000a

"CBPressureCoef"=dword:00000014

"CBProfessionalismCoef"=dword:0000000f

"CBSportsmanshipCoef"=dword:0000000a

"CBTemperamentCoef"=dword:00000005

"FBPositionCoef"=dword:00000000

"FBCurrentAbilityCoef"=dword:00000000

"FBCornersCoef"=dword:00000014

"FBCrossingCoef"=dword:00000023

"FBDribblingCoef"=dword:0000001e

"FBFinishingCoef"=dword:0000000a

"FBFirstTouchCoef"=dword:00000014

"FBFreeKicksCoef"=dword:00000014

"FBHeadingCoef"=dword:0000003c

"FBLongShotsCoef"=dword:0000000a

"FBLongThrowsCoef"=dword:0000000a

"FBMarkingCoef"=dword:00000050

"FBPassingCoef"=dword:00000023

"FBPenaltiesCoef"=dword:00000005

"FBTacklingCoef"=dword:00000064

"FBTechniqueCoef"=dword:0000001e

"FBLeftFootCoef"=dword:0000000a

"FBRightFootCoef"=dword:0000000a

"FBAggressionCoef"=dword:0000000f

"FBAnticipationCoef"=dword:0000003c

"FBBraveryCoef"=dword:00000019

"FBComposureCoef"=dword:00000019

"FBConcentrationCoef"=dword:0000001e

"FBConsistencyCoef"=dword:00000014

"FBCreativityCoef"=dword:0000000a

"FBDecisionsCoef"=dword:00000019

"FBDeterminationCoef"=dword:00000014

"FBDirtinessCoef"=dword:fffffff1

"FBFlairCoef"=dword:00000005

"FBImportantMatchesCoef"=dword:00000014

"FBInfluenceCoef"=dword:0000000f

"FBOffTheBallCoef"=dword:0000000f

"FBPositioningCoef"=dword:00000050

"FBTeamworkCoef"=dword:00000014

"FBWorkRateCoef"=dword:00000014

"FBAccelerationCoef"=dword:00000032

"FBAgilityCoef"=dword:00000005

"FBBalanceCoef"=dword:00000014

"FBInjuryPronenessCoef"=dword:fffffff6

"FBJumpingCoef"=dword:0000003c

"FBNaturalFitnessCoef"=dword:0000000a

"FBPaceCoef"=dword:00000032

"FBStaminaCoef"=dword:00000032

"FBStrengthCoef"=dword:00000028

"FBVersatilityCoef"=dword:00000005

"FBAerialAbilityCoef"=dword:00000000

"FBCommandOfAreaCoef"=dword:00000000

"FBCommunicationCoef"=dword:00000000

"FBEccentricityCoef"=dword:00000000

"FBHandlingCoef"=dword:00000000

"FBKickingCoef"=dword:00000000

"FBOneOnOnesCoef"=dword:00000005

"FBReflexesCoef"=dword:00000005

"FBRushingOutCoef"=dword:00000000

"FBTendencyToPunchCoef"=dword:00000000

"FBThrowingCoef"=dword:00000000

"FBAdaptabilityCoef"=dword:0000000a

"FBAmbitionCoef"=dword:00000014

"FBControversyCoef"=dword:fffffffb

"FBLoyalityCoef"=dword:0000000a

"FBPressureCoef"=dword:00000014

"FBProfessionalismCoef"=dword:0000000f

"FBSportsmanshipCoef"=dword:0000000a

"FBTemperamentCoef"=dword:00000005

"WBPositionCoef"=dword:00000000

"WBCurrentAbilityCoef"=dword:00000000

"WBCornersCoef"=dword:00000014

"WBCrossingCoef"=dword:0000004b

"WBDribblingCoef"=dword:0000003c

"WBFinishingCoef"=dword:0000001e

"WBFirstTouchCoef"=dword:00000019

"WBFreeKicksCoef"=dword:00000014

"WBHeadingCoef"=dword:00000019

"WBLongShotsCoef"=dword:0000000f

"WBLongThrowsCoef"=dword:0000000f

"WBMarkingCoef"=dword:0000003c

"WBPassingCoef"=dword:00000028

"WBPenaltiesCoef"=dword:00000005

"WBTacklingCoef"=dword:00000050

"WBTechniqueCoef"=dword:00000032

"WBLeftFootCoef"=dword:0000000a

"WBRightFootCoef"=dword:0000000a

"WBAggressionCoef"=dword:0000000a

"WBAnticipationCoef"=dword:00000032

"WBBraveryCoef"=dword:0000000f

"WBComposureCoef"=dword:00000014

"WBConcentrationCoef"=dword:00000019

"WBConsistencyCoef"=dword:00000014

"WBCreativityCoef"=dword:00000014

"WBDecisionsCoef"=dword:00000014

"WBDeterminationCoef"=dword:00000014

"WBDirtinessCoef"=dword:fffffff6

"WBFlairCoef"=dword:0000000a

"WBImportantMatchesCoef"=dword:00000014

"WBInfluenceCoef"=dword:0000000a

"WBOffTheBallCoef"=dword:00000014

"WBPositioningCoef"=dword:0000003c

"WBTeamworkCoef"=dword:00000014

"WBWorkRateCoef"=dword:0000001e

"WBAccelerationCoef"=dword:00000050

"WBAgilityCoef"=dword:00000005

"WBBalanceCoef"=dword:0000000f

"WBInjuryPronenessCoef"=dword:fffffff6

"WBJumpingCoef"=dword:00000019

"WBNaturalFitnessCoef"=dword:0000000a

"WBPaceCoef"=dword:0000005a

"WBStaminaCoef"=dword:0000004b

"WBStrengthCoef"=dword:00000028

"WBVersatilityCoef"=dword:00000005

"WBAerialAbilityCoef"=dword:00000000

"WBCommandOfAreaCoef"=dword:00000000

"WBCommunicationCoef"=dword:00000000

"WBEccentricityCoef"=dword:00000000

"WBHandlingCoef"=dword:00000000

"WBKickingCoef"=dword:00000000

"WBOneOnOnesCoef"=dword:00000005

"WBReflexesCoef"=dword:00000005

"WBRushingOutCoef"=dword:00000000

"WBTendencyToPunchCoef"=dword:00000000

"WBThrowingCoef"=dword:00000000

"WBAdaptabilityCoef"=dword:0000000a

"WBAmbitionCoef"=dword:00000014

"WBControversyCoef"=dword:fffffffb

"WBLoyalityCoef"=dword:0000000a

"WBPressureCoef"=dword:00000014

"WBProfessionalismCoef"=dword:0000000f

"WBSportsmanshipCoef"=dword:0000000a

"WBTemperamentCoef"=dword:00000005

"DMPositionCoef"=dword:00000000

"DMCurrentAbilityCoef"=dword:00000000

"DMCornersCoef"=dword:00000014

"DMCrossingCoef"=dword:00000028

"DMDribblingCoef"=dword:00000019

"DMFinishingCoef"=dword:0000001e

"DMFirstTouchCoef"=dword:00000019

"DMFreeKicksCoef"=dword:00000014

"DMHeadingCoef"=dword:00000032

"DMLongShotsCoef"=dword:00000014

"DMLongThrowsCoef"=dword:0000000a

"DMMarkingCoef"=dword:0000004b

"DMPassingCoef"=dword:00000032

"DMPenaltiesCoef"=dword:00000005

"DMTacklingCoef"=dword:00000050

"DMTechniqueCoef"=dword:0000001e

"DMLeftFootCoef"=dword:0000000a

"DMRightFootCoef"=dword:0000000a

"DMAggressionCoef"=dword:00000028

"DMAnticipationCoef"=dword:00000028

"DMBraveryCoef"=dword:0000000f

"DMComposureCoef"=dword:00000014

"DMConcentrationCoef"=dword:00000019

"DMConsistencyCoef"=dword:00000014

"DMCreativityCoef"=dword:00000019

"DMDecisionsCoef"=dword:00000014

"DMDeterminationCoef"=dword:00000014

"DMDirtinessCoef"=dword:fffffff6

"DMFlairCoef"=dword:0000000f

"DMImportantMatchesCoef"=dword:00000014

"DMInfluenceCoef"=dword:0000000f

"DMOffTheBallCoef"=dword:00000019

"DMPositioningCoef"=dword:0000003c

"DMTeamworkCoef"=dword:0000001e

"DMWorkRateCoef"=dword:0000003c

"DMAccelerationCoef"=dword:00000028

"DMAgilityCoef"=dword:00000005

"DMBalanceCoef"=dword:0000000f

"DMInjuryPronenessCoef"=dword:fffffff6

"DMJumpingCoef"=dword:00000028

"DMNaturalFitnessCoef"=dword:0000000a

"DMPaceCoef"=dword:00000023

"DMStaminaCoef"=dword:00000041

"DMStrengthCoef"=dword:00000032

"DMVersatilityCoef"=dword:00000005

"DMAerialAbilityCoef"=dword:00000000

"DMCommandOfAreaCoef"=dword:00000000

"DMCommunicationCoef"=dword:00000000

"DMEccentricityCoef"=dword:00000000

"DMHandlingCoef"=dword:00000000

"DMKickingCoef"=dword:00000000

"DMOneOnOnesCoef"=dword:00000005

"DMReflexesCoef"=dword:00000005

"DMRushingOutCoef"=dword:00000000

"DMTendencyToPunchCoef"=dword:00000000

"DMThrowingCoef"=dword:00000000

"DMAdaptabilityCoef"=dword:0000000a

"DMAmbitionCoef"=dword:00000014

"DMControversyCoef"=dword:fffffffb

"DMLoyalityCoef"=dword:0000000a

"DMPressureCoef"=dword:00000014

"DMProfessionalismCoef"=dword:0000000f

"DMSportsmanshipCoef"=dword:0000000a

"DMTemperamentCoef"=dword:00000005

"MPositionCoef"=dword:00000000

"MCurrentAbilityCoef"=dword:00000000

"MCornersCoef"=dword:00000019

"MCrossingCoef"=dword:00000032

"MDribblingCoef"=dword:00000032

"MFinishingCoef"=dword:00000028

"MFirstTouchCoef"=dword:0000001e

"MFreeKicksCoef"=dword:00000014

"MHeadingCoef"=dword:00000028

"MLongShotsCoef"=dword:00000019

"MLongThrowsCoef"=dword:0000000a

"MMarkingCoef"=dword:00000028

"MPassingCoef"=dword:0000004b

"MPenaltiesCoef"=dword:00000005

"MTacklingCoef"=dword:00000028

"MTechniqueCoef"=dword:00000032

"MLeftFootCoef"=dword:0000000a

"MRightFootCoef"=dword:0000000a

"MAggressionCoef"=dword:0000001e

"MAnticipationCoef"=dword:00000028

"MBraveryCoef"=dword:0000000a

"MComposureCoef"=dword:00000014

"MConcentrationCoef"=dword:00000014

"MConsistencyCoef"=dword:00000014

"MCreativityCoef"=dword:0000003c

"MDecisionsCoef"=dword:00000014

"MDeterminationCoef"=dword:00000014

"MDirtinessCoef"=dword:fffffffb

"MFlairCoef"=dword:00000014

"MImportantMatchesCoef"=dword:00000014

"MInfluenceCoef"=dword:0000000a

"MOffTheBallCoef"=dword:0000001e

"MPositioningCoef"=dword:00000028

"MTeamworkCoef"=dword:00000023

"MWorkRateCoef"=dword:00000032

"MAccelerationCoef"=dword:0000002d

"MAgilityCoef"=dword:00000005

"MBalanceCoef"=dword:0000000a

"MInjuryPronenessCoef"=dword:fffffff6

"MJumpingCoef"=dword:00000028

"MNaturalFitnessCoef"=dword:0000000a

"MPaceCoef"=dword:00000028

"MStaminaCoef"=dword:0000003c

"MStrengthCoef"=dword:00000023

"MVersatilityCoef"=dword:00000005

"MAerialAbilityCoef"=dword:00000000

"MCommandOfAreaCoef"=dword:00000000

"MCommunicationCoef"=dword:00000000

"MEccentricityCoef"=dword:00000000

"MHandlingCoef"=dword:00000000

"MKickingCoef"=dword:00000000

"MOneOnOnesCoef"=dword:00000005

"MReflexesCoef"=dword:00000005

"MRushingOutCoef"=dword:00000000

"MTendencyToPunchCoef"=dword:00000000

"MThrowingCoef"=dword:00000000

"MAdaptabilityCoef"=dword:0000000a

"MAmbitionCoef"=dword:00000014

"MControversyCoef"=dword:fffffffb

"MLoyalityCoef"=dword:0000000a

"MPressureCoef"=dword:00000014

"MProfessionalismCoef"=dword:0000000f

"MSportsmanshipCoef"=dword:0000000a

"MTemperamentCoef"=dword:00000005

"AMPositionCoef"=dword:00000000

"AMCurrentAbilityCoef"=dword:00000000

"AMCornersCoef"=dword:00000019

"AMCrossingCoef"=dword:00000046

"AMDribblingCoef"=dword:00000046

"AMFinishingCoef"=dword:00000032

"AMFirstTouchCoef"=dword:00000028

"AMFreeKicksCoef"=dword:00000014

"AMHeadingCoef"=dword:0000001e

"AMLongShotsCoef"=dword:0000001e

"AMLongThrowsCoef"=dword:00000005

"AMMarkingCoef"=dword:0000000f

"AMPassingCoef"=dword:00000064

"AMPenaltiesCoef"=dword:00000005

"AMTacklingCoef"=dword:0000000a

"AMTechniqueCoef"=dword:00000050

"AMLeftFootCoef"=dword:0000000a

"AMRightFootCoef"=dword:0000000a

"AMAggressionCoef"=dword:0000000a

"AMAnticipationCoef"=dword:00000023

"AMBraveryCoef"=dword:0000000a

"AMComposureCoef"=dword:00000014

"AMConcentrationCoef"=dword:00000014

"AMConsistencyCoef"=dword:00000014

"AMCreativityCoef"=dword:00000064

"AMDecisionsCoef"=dword:00000014

"AMDeterminationCoef"=dword:00000014

"AMDirtinessCoef"=dword:fffffffb

"AMFlairCoef"=dword:0000001e

"AMImportantMatchesCoef"=dword:00000014

"AMInfluenceCoef"=dword:0000000a

"AMOffTheBallCoef"=dword:00000028

"AMPositioningCoef"=dword:00000014

"AMTeamworkCoef"=dword:00000028

"AMWorkRateCoef"=dword:00000019

"AMAccelerationCoef"=dword:00000032

"AMAgilityCoef"=dword:0000000a

"AMBalanceCoef"=dword:0000000a

"AMInjuryPronenessCoef"=dword:fffffff6

"AMJumpingCoef"=dword:00000014

"AMNaturalFitnessCoef"=dword:0000000a

"AMPaceCoef"=dword:00000032

"AMStaminaCoef"=dword:00000028

"AMStrengthCoef"=dword:00000014

"AMVersatilityCoef"=dword:00000005

"AMAerialAbilityCoef"=dword:00000000

"AMCommandOfAreaCoef"=dword:00000000

"AMCommunicationCoef"=dword:00000000

"AMEccentricityCoef"=dword:00000000

"AMHandlingCoef"=dword:00000000

"AMKickingCoef"=dword:00000000

"AMOneOnOnesCoef"=dword:00000005

"AMReflexesCoef"=dword:00000005

"AMRushingOutCoef"=dword:00000000

"AMTendencyToPunchCoef"=dword:00000000

"AMThrowingCoef"=dword:00000000

"AMAdaptabilityCoef"=dword:0000000a

"AMAmbitionCoef"=dword:00000014

"AMControversyCoef"=dword:fffffffb

"AMLoyalityCoef"=dword:0000000a

"AMPressureCoef"=dword:00000014

"AMProfessionalismCoef"=dword:0000000f

"AMSportsmanshipCoef"=dword:0000000a

"AMTemperamentCoef"=dword:00000005

"WPositionCoef"=dword:00000000

"WCurrentAbilityCoef"=dword:00000000

"WCornersCoef"=dword:00000019

"WCrossingCoef"=dword:00000064

"WDribblingCoef"=dword:00000064

"WFinishingCoef"=dword:0000003c

"WFirstTouchCoef"=dword:0000001e

"WFreeKicksCoef"=dword:00000014

"WHeadingCoef"=dword:00000014

"WLongShotsCoef"=dword:00000019

"WLongThrowsCoef"=dword:0000000a

"WMarkingCoef"=dword:00000019

"WPassingCoef"=dword:0000003c

"WPenaltiesCoef"=dword:00000005

"WTacklingCoef"=dword:00000014

"WTechniqueCoef"=dword:00000050

"WLeftFootCoef"=dword:0000000a

"WRightFootCoef"=dword:0000000a

"WAggressionCoef"=dword:0000000a

"WAnticipationCoef"=dword:00000023

"WBraveryCoef"=dword:0000000a

"WComposureCoef"=dword:00000014

"WConcentrationCoef"=dword:00000014

"WConsistencyCoef"=dword:00000014

"WCreativityCoef"=dword:00000032

"WDecisionsCoef"=dword:0000000f

"WDeterminationCoef"=dword:00000014

"WDirtinessCoef"=dword:fffffffb

"WFlairCoef"=dword:0000001e

"WImportantMatchesCoef"=dword:00000014

"WInfluenceCoef"=dword:00000005

"WOffTheBallCoef"=dword:00000032

"WPositioningCoef"=dword:00000019

"WTeamworkCoef"=dword:0000001e

"WWorkRateCoef"=dword:0000001e

"WAccelerationCoef"=dword:00000050

"WAgilityCoef"=dword:00000014

"WBalanceCoef"=dword:0000000a

"WInjuryPronenessCoef"=dword:fffffff6

"WJumpingCoef"=dword:00000014

"WNaturalFitnessCoef"=dword:0000000a

"WPaceCoef"=dword:00000064

"WStaminaCoef"=dword:00000032

"WStrengthCoef"=dword:00000014

"WVersatilityCoef"=dword:00000005

"WAerialAbilityCoef"=dword:00000000

"WCommandOfAreaCoef"=dword:00000000

"WCommunicationCoef"=dword:00000000

"WEccentricityCoef"=dword:00000000

"WHandlingCoef"=dword:00000000

"WKickingCoef"=dword:00000000

"WOneOnOnesCoef"=dword:00000005

"WReflexesCoef"=dword:00000005

"WRushingOutCoef"=dword:00000000

"WTendencyToPunchCoef"=dword:00000000

"WThrowingCoef"=dword:00000000

"WAdaptabilityCoef"=dword:0000000a

"WAmbitionCoef"=dword:00000014

"WControversyCoef"=dword:fffffffb

"WLoyalityCoef"=dword:0000000a

"WPressureCoef"=dword:00000014

"WProfessionalismCoef"=dword:0000000f

"WSportsmanshipCoef"=dword:0000000a

"WTemperamentCoef"=dword:00000005

"FSTPositionCoef"=dword:00000000

"FSTCurrentAbilityCoef"=dword:00000000

"FSTCornersCoef"=dword:00000014

"FSTCrossingCoef"=dword:0000001e

"FSTDribblingCoef"=dword:00000050

"FSTFinishingCoef"=dword:00000064

"FSTFirstTouchCoef"=dword:00000028

"FSTFreeKicksCoef"=dword:00000014

"FSTHeadingCoef"=dword:0000003c

"FSTLongShotsCoef"=dword:0000001e

"FSTLongThrowsCoef"=dword:00000005

"FSTMarkingCoef"=dword:0000000a

"FSTPassingCoef"=dword:00000028

"FSTPenaltiesCoef"=dword:00000005

"FSTTacklingCoef"=dword:0000000a

"FSTTechniqueCoef"=dword:0000004b

"FSTLeftFootCoef"=dword:0000000a

"FSTRightFootCoef"=dword:0000000a

"FSTAggressionCoef"=dword:00000014

"FSTAnticipationCoef"=dword:00000014

"FSTBraveryCoef"=dword:0000000f

"FSTComposureCoef"=dword:00000014

"FSTConcentrationCoef"=dword:00000014

"FSTConsistencyCoef"=dword:00000014

"FSTCreativityCoef"=dword:00000032

"FSTDecisionsCoef"=dword:0000000a

"FSTDeterminationCoef"=dword:00000014

"FSTDirtinessCoef"=dword:fffffffb

"FSTFlairCoef"=dword:00000019

"FSTImportantMatchesCoef"=dword:00000014

"FSTInfluenceCoef"=dword:00000005

"FSTOffTheBallCoef"=dword:0000003c

"FSTPositioningCoef"=dword:0000000a

"FSTTeamworkCoef"=dword:0000000a

"FSTWorkRateCoef"=dword:0000000a

"FSTAccelerationCoef"=dword:00000064

"FSTAgilityCoef"=dword:0000001e

"FSTBalanceCoef"=dword:00000014

"FSTInjuryPronenessCoef"=dword:fffffff6

"FSTJumpingCoef"=dword:00000014

"FSTNaturalFitnessCoef"=dword:0000000a

"FSTPaceCoef"=dword:0000005a

"FSTStaminaCoef"=dword:00000014

"FSTStrengthCoef"=dword:00000014

"FSTVersatilityCoef"=dword:00000005

"FSTAerialAbilityCoef"=dword:00000000

"FSTCommandOfAreaCoef"=dword:00000000

"FSTCommunicationCoef"=dword:00000000

"FSTEccentricityCoef"=dword:00000000

"FSTHandlingCoef"=dword:00000000

"FSTKickingCoef"=dword:00000000

"FSTOneOnOnesCoef"=dword:00000005

"FSTReflexesCoef"=dword:00000005

"FSTRushingOutCoef"=dword:00000000

"FSTTendencyToPunchCoef"=dword:00000000

"FSTThrowingCoef"=dword:00000000

"FSTAdaptabilityCoef"=dword:0000000a

"FSTAmbitionCoef"=dword:00000014

"FSTControversyCoef"=dword:fffffffb

"FSTLoyalityCoef"=dword:0000000a

"FSTPressureCoef"=dword:00000014

"FSTProfessionalismCoef"=dword:0000000f

"FSTSportsmanshipCoef"=dword:0000000a

"FSTTemperamentCoef"=dword:00000005

"TSTPositionCoef"=dword:00000000

"TSTCurrentAbilityCoef"=dword:00000000

"TSTCornersCoef"=dword:00000014

"TSTCrossingCoef"=dword:0000001e

"TSTDribblingCoef"=dword:0000003c

"TSTFinishingCoef"=dword:0000003c

"TSTFirstTouchCoef"=dword:00000028

"TSTFreeKicksCoef"=dword:00000014

"TSTHeadingCoef"=dword:00000064

"TSTLongShotsCoef"=dword:0000001e

"TSTLongThrowsCoef"=dword:00000005

"TSTMarkingCoef"=dword:0000000a

"TSTPassingCoef"=dword:0000001e

"TSTPenaltiesCoef"=dword:00000005

"TSTTacklingCoef"=dword:0000000a

"TSTTechniqueCoef"=dword:00000028

"TSTLeftFootCoef"=dword:0000000a

"TSTRightFootCoef"=dword:0000000a

"TSTAggressionCoef"=dword:00000014

"TSTAnticipationCoef"=dword:00000014

"TSTBraveryCoef"=dword:00000014

"TSTComposureCoef"=dword:00000014

"TSTConcentrationCoef"=dword:00000014

"TSTConsistencyCoef"=dword:00000014

"TSTCreativityCoef"=dword:00000028

"TSTDecisionsCoef"=dword:0000000a

"TSTDeterminationCoef"=dword:00000014

"TSTDirtinessCoef"=dword:fffffffb

"TSTFlairCoef"=dword:00000019

"TSTImportantMatchesCoef"=dword:00000014

"TSTInfluenceCoef"=dword:00000005

"TSTOffTheBallCoef"=dword:00000050

"TSTPositioningCoef"=dword:0000000a

"TSTTeamworkCoef"=dword:0000000a

"TSTWorkRateCoef"=dword:0000000a

"TSTAccelerationCoef"=dword:00000028

"TSTAgilityCoef"=dword:00000014

"TSTBalanceCoef"=dword:00000014

"TSTInjuryPronenessCoef"=dword:fffffff6

"TSTJumpingCoef"=dword:00000064

"TSTNaturalFitnessCoef"=dword:0000000a

"TSTPaceCoef"=dword:00000023

"TSTStaminaCoef"=dword:0000000f

"TSTStrengthCoef"=dword:00000050

"TSTVersatilityCoef"=dword:00000005

"TSTAerialAbilityCoef"=dword:00000000

"TSTCommandOfAreaCoef"=dword:00000000

"TSTCommunicationCoef"=dword:00000000

"TSTEccentricityCoef"=dword:00000000

"TSTHandlingCoef"=dword:00000000

"TSTKickingCoef"=dword:00000000

"TSTOneOnOnesCoef"=dword:00000005

"TSTReflexesCoef"=dword:00000005

"TSTRushingOutCoef"=dword:00000000

"TSTTendencyToPunchCoef"=dword:00000000

"TSTThrowingCoef"=dword:00000000

"TSTAdaptabilityCoef"=dword:0000000a

"TSTAmbitionCoef"=dword:00000014

"TSTControversyCoef"=dword:fffffffb

"TSTLoyalityCoef"=dword:0000000a

"TSTPressureCoef"=dword:00000014

"TSTProfessionalismCoef"=dword:0000000f

"TSTSportsmanshipCoef"=dword:0000000a

"TSTTemperamentCoef"=dword:00000005

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]

"GameDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2010\\games"

"ShortlistDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"

"ScreenshotsDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2010"

"SaveDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2010\\"

"HistoryDir"="c:\\Users\\Sam\\Desktop\\misc\\FM Genie Scout 10\\History Points"

"LangDB"=""

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000000

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Steklo Black"

"LastUpdateCheck"=dword:00000000

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:0000006e

"UniqueID"="EA-F295-29C3"

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"Currency"=dword:00000056

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]

"GameDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\games"

"ShortlistDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"

"ScreenshotsDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009"

"SaveDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\"

"HistoryDir"="c:\\Users\\Sam\\Desktop\\FM Genie Scout 2009 XE\\History Points"

"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"

"LastSaveGame"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\games\\mcfc.fm"

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"SkinName"="Steklo Black"

"LastUpdateCheck"=dword:00000000

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000067

"UniqueID"="EA-F295-29C3"

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"Currency"=dword:00000056

"GraphStep"=dword:00000000

.

[HKEY_USERS\S-1-5-21-3585643157-3435527544-3680769808-1000\Software\SecuROM\License information*]

"datasecu"=hex:53,9d,f8,79,5f,e2,12,eb,41,7d,ac,2e,69,62,1a,e9,3a,d2,26,6a,33,

a2,f4,ff,5c,76,f3,90,8e,89,33,73,a2,94,09,1f,2f,6e,64,05,d2,97,bc,0b,8a,75,\

"rkeysecu"=hex:3a,0f,52,b8,a6,6a,a6,c9,90,9c,85,10,4a,fd,f3,56

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Maxtor\Sync\SyncServices.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-06-07 10:22:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-07 09:21

.

Pre-Run: 71,793,430,528 bytes free

Post-Run: 74,199,474,176 bytes free

.

- - End Of File - - 07E772BB7EFFE54BBDF09FC4EF2FFE1D

LDTate · June 7, 2012

Are you still having the same issues after the combofix scan?

LDTate · June 12, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Many strange things

Recommended Posts

griggs79

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

griggs79

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

griggs79

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information