Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't visit anti malware websites, can't run in safe mode etc


  • This topic is locked This topic is locked

#31
pat208

pat208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
hi here is the aswMBR log file:


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-04 20:35:27
-----------------------------
20:35:27.968 OS Version: Windows 5.1.2600 Service Pack 3
20:35:27.968 Number of processors: 1 586 0x801
20:35:27.968 ComputerName: PATRICKS UserName: Julie
20:35:30.609 Initialize success
20:36:24.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:36:24.468 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
20:36:26.500 Disk 0 MBR read successfully
20:36:26.500 Disk 0 MBR scan
20:36:26.500 Disk 0 unknown MBR code
20:36:28.515 Disk 0 scanning sectors +156280320
20:36:28.562 Disk 0 scanning C:\WINDOWS\system32\drivers
20:36:37.218 Service scanning
20:36:38.671 Disk 0 trace - called modules:
20:36:38.687 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
20:36:38.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89376ab8]
20:36:38.687 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000091[0x89382e80]
20:36:38.687 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8938a940]
20:36:38.703 Scan finished successfully
20:37:04.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie\Desktop\MBR.dat"
20:37:04.687 The log file has been saved successfully to "C:\Documents and Settings\Julie\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-07 19:40:14
-----------------------------
19:40:14.453 OS Version: Windows 5.1.2600 Service Pack 3
19:40:14.453 Number of processors: 1 586 0x801
19:40:14.453 ComputerName: PATRICKS UserName: Julie
19:40:18.156 Initialize success
19:40:24.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:40:24.250 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
19:40:26.281 Disk 0 MBR read successfully
19:40:26.281 Disk 0 MBR scan
19:40:26.281 Disk 0 unknown MBR code
19:40:28.328 Disk 0 scanning sectors +156280320
19:40:28.343 Disk 0 scanning C:\WINDOWS\system32\drivers
19:40:39.031 Service scanning
19:40:40.453 Disk 0 trace - called modules:
19:40:40.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
19:40:40.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8937fab8]
19:40:40.484 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000092[0x8935c1d8]
19:40:40.484 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89348d98]
19:40:40.484 Scan finished successfully
19:41:30.281 Disk 0 Windows 501 MBR fixed successfully
19:42:02.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie\Desktop\MBR.dat"
19:42:02.406 The log file has been saved successfully to "C:\Documents and Settings\Julie\Desktop\aswMBR.txt"





With regards to temporarily disabeling anti-virus before dragging cfscript onto combofix, i have kaspersky internet security on my computer but i can't open it to disable it and i don't know if it's running? should i un-install it or carry on? thanks for all your help.
  • 0

Advertisements


#32
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts

With regards to temporarily disabeling anti-virus before dragging cfscript onto combofix, i have kaspersky internet security on my computer but i can't open it to disable it and i don't know if it's running? should i un-install it or carry on? thanks for all your help.

Go ahead and run the custom script as I have incorporated a running process kill command to cover this eventuality and you're most welcome! :)
  • 0

#33
pat208

pat208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi, here is the combofix log:


ComboFix 11-06-04.02 - Julie 07/06/2011 20:53:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1215.692 [GMT 1:00]
Running from: c:\documents and settings\Julie\Desktop\patFix.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
FILE ::
"c:\windows\system32\drivers\hitmanpro35.sys"
"c:\windows\system32\verclsidmgr.exe"
"c:\windows\system32\verclsidmgrmgr.exe"
"c:\windows\system32\verclsidmgrmgrmgr.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Julie\LOCALS~1\Temp\oncvgalu.exe
c:\documents and settings\All Users\Application Data\Hitman Pro
c:\documents and settings\All Users\Application Data\Hitman Pro\Banner.bin
c:\documents and settings\All Users\Application Data\Hitman Pro\HitmanPro.key
c:\documents and settings\All Users\Application Data\Hitman Pro\HitmanPro.lic
c:\documents and settings\Julie\Local Settings\Temp\oncvgalu.exe
c:\program files\Hitman Pro 3.5
c:\program files\Hitman Pro 3.5\HitmanPro35[1].exe
c:\program files\ocmlqudx
c:\windows\system32\drivers\hitmanpro35.sys
c:\windows\system32\verclsidmgr.exe
c:\windows\system32\verclsidmgrmgr.exe
c:\windows\system32\verclsidmgrmgrmgr.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hitmanpro35
-------\Service_hitmanpro35
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 20:12 . 2011-06-07 20:12 -------- d-----w- c:\program files\ocmlqudx
2011-06-03 20:18 . 2011-06-03 20:18 -------- d-----w- C:\_OTM
2011-06-03 09:03 . 2011-06-03 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-02 16:00 . 2010-10-05 19:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\abhelperxpcom.dll
2011-06-01 07:31 . 2011-06-01 07:31 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2011-06-01 07:31 . 2011-06-01 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-01 07:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 07:31 . 2011-06-01 07:31 -------- d-----w- c:\program files\Malwarebytes' Antipat-Malware
2011-06-01 07:31 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-01 00:01 . 2011-06-01 12:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-31 23:13 . 2010-10-05 19:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
2011-05-31 23:13 . 2011-05-31 23:13 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-31 23:13 . 2011-05-31 23:13 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-29 14:21 . 2011-05-29 14:21 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\NP3
2011-05-29 14:11 . 2011-05-29 15:24 -------- d-----w- c:\documents and settings\Julie\Application Data\NeuroProgrammer3
2011-05-29 14:11 . 2011-05-29 15:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-05-29 14:11 . 2011-05-29 14:11 -------- d-----w- c:\program files\Xenocode
2011-05-29 14:11 . 2011-05-29 14:11 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Xenocode
2011-05-29 14:09 . 2011-06-01 20:54 -------- d-----w- c:\program files\Neuro-Programmer 3
2011-05-27 18:11 . 2011-05-27 18:11 -------- d-----w- c:\program files\EASEUS
2011-05-24 20:03 . 2011-05-24 20:03 -------- d-----w- c:\documents and settings\Julie\Application Data\Traffic Mystic IM Solutions
2011-05-20 07:33 . 2011-05-20 07:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 07:10 . 2011-06-01 13:01 -------- d-----w- c:\program files\DVD Decrypter
2011-05-11 16:53 . 2011-05-11 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"VTTimer"="VTTimer.exe" [2004-03-26 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-04 180269]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-22 387096]
"F5D8055v2"="c:\program files\Belkin\F5D8055\v2\Belkinwcui.exe" [2009-04-08 1929696]
"ACU"="c:\program files\Cable & Wireless\ACU.exe" [2005-07-08 577949]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\ocmlqudx\wiexexmo.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Julie\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 16:43 11352]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [10/11/2009 15:08 8192]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [03/02/2009 15:49 14976]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 19:27 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 12:29 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 12:29 135664]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\Julie\LOCALS~1\Temp\jnv4_mib.sys --> c:\docume~1\Julie\LOCALS~1\Temp\jnv4_mib.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [22/08/2008 19:56 7680]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\windows\TEMP\etfieufb.sys --> c:\windows\TEMP\etfieufb.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:29]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:29]
.
2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{5FD2FFC1-CA84-4C02-B134-8D0F0FEEA183}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 68.168.215.133:51791
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Toevoegen aan Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\qq76kyfl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp
FF - Ext: Hide My IP: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Niche Watch Tool: {5c1a272d-6af9-4229-b821-11703c6b5ccf} - %profile%\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: SEO For Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LinkDiagnosis 2.0: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Shareaholic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Elite Proxy Switcher: [email protected] - c:\program files\My-Proxy\Elite Proxy Switcher\firefox
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 21:13
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Julie\Start Menu\Programs\Startup\wiexexmo.exe 260763 bytes executable
C:\wiexexmo.exe 260763 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout]
"GameDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data\\games"
"ShortlistDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data\\shortlists"
"ScreenshotsDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data"
"SaveDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data"
"HistoryDir"="c:\\DOCUME~1\\Julie\\LOCALS~1\\Temp\\Rar$EX00.156\\FM Genie Scout 2007\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\data\\db\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2007\\games\\havant.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"LastUpdateCheck"=dword:000098ff
"HighQualityGUI"=dword:00000000
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"ShowHistory"=dword:00000000
"WindowState"=dword:00000002
"WindowHeight"=dword:0000030c
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:00000002
"WindowTop"=dword:00000000
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Questionnaire]
"FormCountry"=dword:0000003d
"FormAge"=dword:00000019
"FormFMStart"=dword:00000002
"FormScoutStart"=dword:00000001
"FormFMPeriodicity"=dword:00000002
"FormScoutPeriodicity"=dword:00000002
"FormScoutFrequency"=dword:00000000
"FormScoutRate"=dword:00000003
"FormInternetFrequency"=dword:00000001
"FormScoutPrice"=dword:00000000
"QuestionnaireComplete"=dword:00000001
"QuestionnaireReminds"=dword:00000001
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Rating]
"GKPositionCoef"=dword:00000000
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000005
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000005
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:0000000a
"GKPenaltiesCoef"=dword:00000005
"GKTacklingCoef"=dword:0000000a
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000005
"GKRightFootCoef"=dword:00000005
"GKAggressionCoef"=dword:0000001e
"GKAnticipationCoef"=dword:0000000a
"GKBraveryCoef"=dword:0000001e
"GKComposureCoef"=dword:0000001e
"GKConcentrationCoef"=dword:00000014
"GKConsistencyCoef"=dword:00000014
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:0000001e
"GKDeterminationCoef"=dword:00000014
"GKDirtinessCoef"=dword:fffffff6
"GKFlairCoef"=dword:00000005
"GKImportantMatchesCoef"=dword:00000014
"GKInfluenceCoef"=dword:0000000f
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:0000003c
"GKTeamworkCoef"=dword:0000000a
"GKWorkRateCoef"=dword:00000005
"GKAccelerationCoef"=dword:0000000a
"GKAgilityCoef"=dword:00000014
"GKBalanceCoef"=dword:00000014
"GKInjuryPronenessCoef"=dword:fffffff6
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:0000000a
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000005
"GKStrengthCoef"=dword:0000001e
"GKVersatilityCoef"=dword:00000005
"GKAerialAbilityCoef"=dword:00000050
"GKCommandOfAreaCoef"=dword:00000032
"GKCommunicationCoef"=dword:0000003c
"GKEccentricityCoef"=dword:ffffffe7
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:00000019
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:0000001e
"GKTendencyToPunchCoef"=dword:ffffffe7
"GKThrowingCoef"=dword:00000019
"GKAdaptabilityCoef"=dword:0000000a
"GKAmbitionCoef"=dword:00000014
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:0000000a
"GKPressureCoef"=dword:00000014
"GKProfessionalismCoef"=dword:0000000f
"GKSportsmanshipCoef"=dword:0000000a
"GKTemperamentCoef"=dword:00000005
"SWPositionCoef"=dword:00000000
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:0000000a
"SWCrossingCoef"=dword:00000005
"SWDribblingCoef"=dword:00000005
"SWFinishingCoef"=dword:00000005
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:00000005
"SWLongThrowsCoef"=dword:00000005
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:00000014
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000f
"SWLeftFootCoef"=dword:0000000a
"SWRightFootCoef"=dword:0000000a
"SWAggressionCoef"=dword:0000000f
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:00000028
"SWConsistencyCoef"=dword:00000014
"SWCreativityCoef"=dword:00000005
"SWDecisionsCoef"=dword:0000001e
"SWDeterminationCoef"=dword:00000014
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000005
"SWImportantMatchesCoef"=dword:00000014
"SWInfluenceCoef"=dword:0000000f
"SWOffTheBallCoef"=dword:00000005
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:0000000a
"SWAccelerationCoef"=dword:00000019
"SWAgilityCoef"=dword:00000005
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffff6
"SWJumpingCoef"=dword:00000050
"SWNaturalFitnessCoef"=dword:0000000a
"SWPaceCoef"=dword:00000019
"SWStaminaCoef"=dword:0000000f
"SWStrengthCoef"=dword:0000003c
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:0000000a
"SWAmbitionCoef"=dword:00000014
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:0000000a
"SWPressureCoef"=dword:00000014
"SWProfessionalismCoef"=dword:0000000f
"SWSportsmanshipCoef"=dword:0000000a
"SWTemperamentCoef"=dword:00000005
"CBPositionCoef"=dword:00000000
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000014
"CBCrossingCoef"=dword:0000000a
"CBDribblingCoef"=dword:00000005
"CBFinishingCoef"=dword:00000005
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:00000014
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:00000005
"CBLongThrowsCoef"=dword:00000005
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:0000001e
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000f
"CBLeftFootCoef"=dword:0000000a
"CBRightFootCoef"=dword:0000000a
"CBAggressionCoef"=dword:0000000f
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:0000001e
"CBConcentrationCoef"=dword:0000001e
"CBConsistencyCoef"=dword:00000014
"CBCreativityCoef"=dword:00000005
"CBDecisionsCoef"=dword:0000001e
"CBDeterminationCoef"=dword:00000014
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000005
"CBImportantMatchesCoef"=dword:00000014
"CBInfluenceCoef"=dword:0000000f
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:0000000a
"CBAccelerationCoef"=dword:00000023
"CBAgilityCoef"=dword:00000005
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffff6
"CBJumpingCoef"=dword:00000050
"CBNaturalFitnessCoef"=dword:0000000a
"CBPaceCoef"=dword:00000023
"CBStaminaCoef"=dword:00000014
"CBStrengthCoef"=dword:00000032
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:0000000a
"CBAmbitionCoef"=dword:00000014
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:0000000a
"CBPressureCoef"=dword:00000014
"CBProfessionalismCoef"=dword:0000000f
"CBSportsmanshipCoef"=dword:0000000a
"CBTemperamentCoef"=dword:00000005
"FBPositionCoef"=dword:00000000
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:00000014
"FBCrossingCoef"=dword:00000023
"FBDribblingCoef"=dword:0000001e
"FBFinishingCoef"=dword:0000000a
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:00000014
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:00000050
"FBPassingCoef"=dword:00000023
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:0000001e
"FBLeftFootCoef"=dword:0000000a
"FBRightFootCoef"=dword:0000000a
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:0000003c
"FBBraveryCoef"=dword:00000019
"FBComposureCoef"=dword:00000019
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:00000014
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000019
"FBDeterminationCoef"=dword:00000014
"FBDirtinessCoef"=dword:fffffff1
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:00000014
"FBInfluenceCoef"=dword:0000000f
"FBOffTheBallCoef"=dword:0000000f
"FBPositioningCoef"=dword:00000050
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:00000032
"FBAgilityCoef"=dword:00000005
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffff6
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:0000000a
"FBPaceCoef"=dword:00000032
"FBStaminaCoef"=dword:00000032
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:0000000a
"FBAmbitionCoef"=dword:00000014
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:0000000a
"FBPressureCoef"=dword:00000014
"FBProfessionalismCoef"=dword:0000000f
"FBSportsmanshipCoef"=dword:0000000a
"FBTemperamentCoef"=dword:00000005
"WBPositionCoef"=dword:00000000
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:00000014
"WBCrossingCoef"=dword:0000004b
"WBDribblingCoef"=dword:0000003c
"WBFinishingCoef"=dword:0000001e
"WBFirstTouchCoef"=dword:00000019
"WBFreeKicksCoef"=dword:00000014
"WBHeadingCoef"=dword:00000019
"WBLongShotsCoef"=dword:0000000f
"WBLongThrowsCoef"=dword:0000000f
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000050
"WBTechniqueCoef"=dword:00000032
"WBLeftFootCoef"=dword:0000000a
"WBRightFootCoef"=dword:0000000a
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000032
"WBBraveryCoef"=dword:0000000f
"WBComposureCoef"=dword:00000014
"WBConcentrationCoef"=dword:00000019
"WBConsistencyCoef"=dword:00000014
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:00000014
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:00000014
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:0000003c
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:0000001e
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:00000005
"WBBalanceCoef"=dword:0000000f
"WBInjuryPronenessCoef"=dword:fffffff6
"WBJumpingCoef"=dword:00000019
"WBNaturalFitnessCoef"=dword:0000000a
"WBPaceCoef"=dword:0000005a
"WBStaminaCoef"=dword:0000004b
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:0000000a
"WBAmbitionCoef"=dword:00000014
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:0000000a
"WBPressureCoef"=dword:00000014
"WBProfessionalismCoef"=dword:0000000f
"WBSportsmanshipCoef"=dword:0000000a
"WBTemperamentCoef"=dword:00000005
"DMPositionCoef"=dword:00000000
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:00000014
"DMCrossingCoef"=dword:00000028
"DMDribblingCoef"=dword:00000019
"DMFinishingCoef"=dword:0000001e
"DMFirstTouchCoef"=dword:00000019
"DMFreeKicksCoef"=dword:00000014
"DMHeadingCoef"=dword:00000032
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:0000000a
"DMMarkingCoef"=dword:0000004b
"DMPassingCoef"=dword:00000032
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000050
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:0000000a
"DMRightFootCoef"=dword:0000000a
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:0000000f
"DMComposureCoef"=dword:00000014
"DMConcentrationCoef"=dword:00000019
"DMConsistencyCoef"=dword:00000014
"DMCreativityCoef"=dword:00000019
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:00000014
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000f
"DMImportantMatchesCoef"=dword:00000014
"DMInfluenceCoef"=dword:0000000f
"DMOffTheBallCoef"=dword:00000019
"DMPositioningCoef"=dword:0000003c
"DMTeamworkCoef"=dword:0000001e
"DMWorkRateCoef"=dword:0000003c
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:00000005
"DMBalanceCoef"=dword:0000000f
"DMInjuryPronenessCoef"=dword:fffffff6
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:0000000a
"DMPaceCoef"=dword:00000023
"DMStaminaCoef"=dword:00000041
"DMStrengthCoef"=dword:00000032
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:0000000a
"DMAmbitionCoef"=dword:00000014
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:0000000a
"DMPressureCoef"=dword:00000014
"DMProfessionalismCoef"=dword:0000000f
"DMSportsmanshipCoef"=dword:0000000a
"DMTemperamentCoef"=dword:00000005
"MPositionCoef"=dword:00000000
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:00000019
"MCrossingCoef"=dword:00000032
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000028
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:00000014
"MHeadingCoef"=dword:00000028
"MLongShotsCoef"=dword:00000019
"MLongThrowsCoef"=dword:0000000a
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:0000004b
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:00000028
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:0000000a
"MRightFootCoef"=dword:0000000a
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:00000014
"MConcentrationCoef"=dword:00000014
"MConsistencyCoef"=dword:00000014
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:00000014
"MDeterminationCoef"=dword:00000014
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:00000014
"MImportantMatchesCoef"=dword:00000014
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:0000001e
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000023
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:0000002d
"MAgilityCoef"=dword:00000005
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffff6
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:0000000a
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:00000023
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:0000000a
"MAmbitionCoef"=dword:00000014
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:0000000a
"MPressureCoef"=dword:00000014
"MProfessionalismCoef"=dword:0000000f
"MSportsmanshipCoef"=dword:0000000a
"MTemperamentCoef"=dword:00000005
"AMPositionCoef"=dword:00000000
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:00000019
"AMCrossingCoef"=dword:00000046
"AMDribblingCoef"=dword:00000046
"AMFinishingCoef"=dword:00000032
"AMFirstTouchCoef"=dword:00000028
"AMFreeKicksCoef"=dword:00000014
"AMHeadingCoef"=dword:0000001e
"AMLongShotsCoef"=dword:0000001e
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000f
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:0000000a
"AMRightFootCoef"=dword:0000000a
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:00000023
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:00000014
"AMConcentrationCoef"=dword:00000014
"AMConsistencyCoef"=dword:00000014
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000014
"AMDeterminationCoef"=dword:00000014
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:0000001e
"AMImportantMatchesCoef"=dword:00000014
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:00000028
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:00000028
"AMWorkRateCoef"=dword:00000019
"AMAccelerationCoef"=dword:00000032
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffff6
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:0000000a
"AMPaceCoef"=dword:00000032
"AMStaminaCoef"=dword:00000028
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:0000000a
"AMAmbitionCoef"=dword:00000014
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:0000000a
"AMPressureCoef"=dword:00000014
"AMProfessionalismCoef"=dword:0000000f
"AMSportsmanshipCoef"=dword:0000000a
"AMTemperamentCoef"=dword:00000005
"WPositionCoef"=dword:00000000
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:00000019
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:00000014
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000019
"WLongThrowsCoef"=dword:0000000a
"WMarkingCoef"=dword:00000019
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:00000014
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:0000000a
"WRightFootCoef"=dword:0000000a
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000023
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:00000014
"WConcentrationCoef"=dword:00000014
"WConsistencyCoef"=dword:00000014
"WCreativityCoef"=dword:00000032
"WDecisionsCoef"=dword:0000000f
"WDeterminationCoef"=dword:00000014
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000001e
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:00000005
"WOffTheBallCoef"=dword:00000032
"WPositioningCoef"=dword:00000019
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffff6
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:0000000a
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:00000032
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:0000000a
"WAmbitionCoef"=dword:00000014
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:0000000a
"WPressureCoef"=dword:00000014
"WProfessionalismCoef"=dword:0000000f
"WSportsmanshipCoef"=dword:0000000a
"WTemperamentCoef"=dword:00000005
"FSTPositionCoef"=dword:00000000
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:00000014
"FSTCrossingCoef"=dword:0000001e
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:00000014
"FSTHeadingCoef"=dword:0000003c
"FSTLongShotsCoef"=dword:0000001e
"FSTLongThrowsCoef"=dword:00000005
"FSTMarkingCoef"=dword:0000000a
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:0000000a
"FSTTechniqueCoef"=dword:0000004b
"FSTLeftFootCoef"=dword:0000000a
"FSTRightFootCoef"=dword:0000000a
"FSTAggressionCoef"=dword:00000014
"FSTAnticipationCoef"=dword:00000014
"FSTBraveryCoef"=dword:0000000f
"FSTComposureCoef"=dword:00000014
"FSTConcentrationCoef"=dword:00000014
"FSTConsistencyCoef"=dword:00000014
"FSTCreativityCoef"=dword:00000032
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:00000014
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:00000019
"FSTImportantMatchesCoef"=dword:00000014
"FSTInfluenceCoef"=dword:00000005
"FSTOffTheBallCoef"=dword:0000003c
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:0000001e
"FSTBalanceCoef"=dword:00000014
"FSTInjuryPronenessCoef"=dword:fffffff6
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:0000000a
"FSTPaceCoef"=dword:0000005a
"FSTStaminaCoef"=dword:00000014
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:0000000a
"FSTAmbitionCoef"=dword:00000014
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:0000000a
"FSTPressureCoef"=dword:00000014
"FSTProfessionalismCoef"=dword:0000000f
"FSTSportsmanshipCoef"=dword:0000000a
"FSTTemperamentCoef"=dword:00000005
"TSTPositionCoef"=dword:00000000
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000014
"TSTCrossingCoef"=dword:0000001e
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:0000003c
"TSTFirstTouchCoef"=dword:00000028
"TSTFreeKicksCoef"=dword:00000014
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:0000001e
"TSTLongThrowsCoef"=dword:00000005
"TSTMarkingCoef"=dword:0000000a
"TSTPassingCoef"=dword:0000001e
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:0000000a
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:0000000a
"TSTRightFootCoef"=dword:0000000a
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:00000014
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:00000014
"TSTConcentrationCoef"=dword:00000014
"TSTConsistencyCoef"=dword:00000014
"TSTCreativityCoef"=dword:00000028
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:00000014
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:00000019
"TSTImportantMatchesCoef"=dword:00000014
"TSTInfluenceCoef"=dword:00000005
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:0000000a
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffff6
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:0000000a
"TSTPaceCoef"=dword:00000023
"TSTStaminaCoef"=dword:0000000f
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:0000000a
"TSTAmbitionCoef"=dword:00000014
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:0000000a
"TSTPressureCoef"=dword:00000014
"TSTProfessionalismCoef"=dword:0000000f
"TSTSportsmanshipCoef"=dword:0000000a
"TSTTemperamentCoef"=dword:00000005
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"GameDir"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Documents and Settings\\Julie\\Desktop\\FM Genie Scout 2009\\History Points"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009\\games\\new city.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009bb2
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="34-F494-0030"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\windows\system32\VTTimer.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Micro Niche Finder\bggoogle.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-07 21:30:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 20:29
ComboFix2.txt 2011-06-04 20:25
.
Pre-Run: 18,511,069,184 bytes free
Post-Run: 18,666,700,800 bytes free
.
- - End Of File - - ACDEDD18BD33FBCDE890E5E09064F328
  • 0

#34
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

Unfortunately it appears your machine may be infected with a form of Polymorphic File Infector type malware(my personal thanks to SweetTech), this would go a long way to explain the current issues you have been experiencing and the fact certain files appear to have been re-spawned.

So we need to try and verify if this is the case or not before going any further. Please check if you can view this webpage for me. Also check if this file is present:-

Using Windows Explorer (to get there right-click your Start button and go to Explore), navigate to:-

C:\wiexexmo.exe

If it is present please upload the file for a check here. The exact same principle as I outlined in a prior post here...

and we will go from there, thank you.
  • 0

#35
pat208

pat208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Dakeyras thanks for reply :)

Yes I can view the eset.co.uk website. Unfortunatly i can't find wiexexmo.exe to upload it.
  • 0

#36
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

Yes I can view the eset.co.uk website. Unfortunatly i can't find wiexexmo.exe to upload it.

OK and thanks for the update, your most welcome also!

The below custom ComboFix Script will attempt to send what I suspect are the Polymorphic infected files to my submission channel, if it fails not to worry just proceed to the online scan please, thank you.

Custom ComboFix-Script:

Note: As last time regardless if your security software is actually active or not proceed with the script.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote-box(do not copy the word quote) below:

KillAll::

Suspect::[87]
c:\documents and settings\Julie\Start Menu\Programs\Startup\wiexexmo.exe
C:\wiexexmo.exe
c:\program files\ocmlqudx\wiexexmo.exe

ReBoot::

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here to run the scan...Click on Scan Now

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log(if available).
  • Eset Log.

  • 0

#37
pat208

pat208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi thanks for reply i was able to do the combofix scan but not the eset.co.uk scan. I can visit their website but when i click scan the pop-up window gives me a internet explorer cannot display the webpage. No luck with firefox either. Here is the combofix log:


ComboFix 11-06-08.04 - Julie 09/06/2011 10:21:09.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1215.762 [GMT 1:00]
Running from: c:\documents and settings\Julie\Desktop\patFix.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
file zipped: c:\documents and settings\Julie\Start Menu\Programs\Startup\wiexexmo.exe
file zipped: c:\program files\ocmlqudx\wiexexmo.exe
file zipped: C:\wiexexmo.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\IEXPLOREmgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 09:04 . 2011-06-09 09:06 -------- d-----w- C:\patFix
2011-06-07 20:12 . 2011-06-09 09:34 -------- d-----w- c:\program files\ocmlqudx
2011-06-03 20:18 . 2011-06-03 20:18 -------- d-----w- C:\_OTM
2011-06-03 09:03 . 2011-06-03 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-02 16:00 . 2010-10-05 19:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\abhelperxpcom.dll
2011-06-01 07:31 . 2011-06-01 07:31 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2011-06-01 07:31 . 2011-06-01 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-01 07:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 07:31 . 2011-06-01 07:31 -------- d-----w- c:\program files\Malwarebytes' Antipat-Malware
2011-06-01 07:31 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-01 00:01 . 2011-06-01 12:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-31 23:13 . 2010-10-05 19:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
2011-05-31 23:13 . 2011-05-31 23:13 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-31 23:13 . 2011-05-31 23:13 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-29 14:21 . 2011-05-29 14:21 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\NP3
2011-05-29 14:11 . 2011-05-29 15:24 -------- d-----w- c:\documents and settings\Julie\Application Data\NeuroProgrammer3
2011-05-29 14:11 . 2011-05-29 15:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-05-29 14:11 . 2011-05-29 14:11 -------- d-----w- c:\program files\Xenocode
2011-05-29 14:11 . 2011-05-29 14:11 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Xenocode
2011-05-29 14:09 . 2011-06-01 20:54 -------- d-----w- c:\program files\Neuro-Programmer 3
2011-05-27 18:11 . 2011-05-27 18:11 -------- d-----w- c:\program files\EASEUS
2011-05-24 20:03 . 2011-05-24 20:03 -------- d-----w- c:\documents and settings\Julie\Application Data\Traffic Mystic IM Solutions
2011-05-20 07:33 . 2011-05-20 07:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 07:10 . 2011-06-01 13:01 -------- d-----w- c:\program files\DVD Decrypter
2011-05-11 16:53 . 2011-05-11 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"VTTimer"="VTTimer.exe" [2004-03-26 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-04 180269]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-22 387096]
"F5D8055v2"="c:\program files\Belkin\F5D8055\v2\Belkinwcui.exe" [2009-04-08 1929696]
"ACU"="c:\program files\Cable & Wireless\ACU.exe" [2005-07-08 577949]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\ocmlqudx\wiexexmo.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Julie\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 16:43 11352]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [10/11/2009 15:08 8192]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [03/02/2009 15:49 14976]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 19:27 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 12:29 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 12:29 135664]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\Julie\LOCALS~1\Temp\jnv4_mib.sys --> c:\docume~1\Julie\LOCALS~1\Temp\jnv4_mib.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [22/08/2008 19:56 7680]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\windows\TEMP\etfieufb.sys --> c:\windows\TEMP\etfieufb.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:29]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:29]
.
2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{5FD2FFC1-CA84-4C02-B134-8D0F0FEEA183}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 68.168.215.133:51791
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Toevoegen aan Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\qq76kyfl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp
FF - Ext: Hide My IP: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Niche Watch Tool: {5c1a272d-6af9-4229-b821-11703c6b5ccf} - %profile%\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: SEO For Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LinkDiagnosis 2.0: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Shareaholic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Elite Proxy Switcher: [email protected] - c:\program files\My-Proxy\Elite Proxy Switcher\firefox
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 10:35
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Julie\Start Menu\Programs\Startup\wiexexmo.exe 260763 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout]
"GameDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data\\games"
"ShortlistDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data\\shortlists"
"ScreenshotsDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data"
"SaveDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\user data"
"HistoryDir"="c:\\DOCUME~1\\Julie\\LOCALS~1\\Temp\\Rar$EX00.156\\FM Genie Scout 2007\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2006\\data\\db\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2007\\games\\havant.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"LastUpdateCheck"=dword:000098ff
"HighQualityGUI"=dword:00000000
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"ShowHistory"=dword:00000000
"WindowState"=dword:00000002
"WindowHeight"=dword:0000030c
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:00000002
"WindowTop"=dword:00000000
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Questionnaire]
"FormCountry"=dword:0000003d
"FormAge"=dword:00000019
"FormFMStart"=dword:00000002
"FormScoutStart"=dword:00000001
"FormFMPeriodicity"=dword:00000002
"FormScoutPeriodicity"=dword:00000002
"FormScoutFrequency"=dword:00000000
"FormScoutRate"=dword:00000003
"FormInternetFrequency"=dword:00000001
"FormScoutPrice"=dword:00000000
"QuestionnaireComplete"=dword:00000001
"QuestionnaireReminds"=dword:00000001
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout\Rating]
"GKPositionCoef"=dword:00000000
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000005
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000005
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:0000000a
"GKPenaltiesCoef"=dword:00000005
"GKTacklingCoef"=dword:0000000a
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000005
"GKRightFootCoef"=dword:00000005
"GKAggressionCoef"=dword:0000001e
"GKAnticipationCoef"=dword:0000000a
"GKBraveryCoef"=dword:0000001e
"GKComposureCoef"=dword:0000001e
"GKConcentrationCoef"=dword:00000014
"GKConsistencyCoef"=dword:00000014
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:0000001e
"GKDeterminationCoef"=dword:00000014
"GKDirtinessCoef"=dword:fffffff6
"GKFlairCoef"=dword:00000005
"GKImportantMatchesCoef"=dword:00000014
"GKInfluenceCoef"=dword:0000000f
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:0000003c
"GKTeamworkCoef"=dword:0000000a
"GKWorkRateCoef"=dword:00000005
"GKAccelerationCoef"=dword:0000000a
"GKAgilityCoef"=dword:00000014
"GKBalanceCoef"=dword:00000014
"GKInjuryPronenessCoef"=dword:fffffff6
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:0000000a
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000005
"GKStrengthCoef"=dword:0000001e
"GKVersatilityCoef"=dword:00000005
"GKAerialAbilityCoef"=dword:00000050
"GKCommandOfAreaCoef"=dword:00000032
"GKCommunicationCoef"=dword:0000003c
"GKEccentricityCoef"=dword:ffffffe7
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:00000019
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:0000001e
"GKTendencyToPunchCoef"=dword:ffffffe7
"GKThrowingCoef"=dword:00000019
"GKAdaptabilityCoef"=dword:0000000a
"GKAmbitionCoef"=dword:00000014
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:0000000a
"GKPressureCoef"=dword:00000014
"GKProfessionalismCoef"=dword:0000000f
"GKSportsmanshipCoef"=dword:0000000a
"GKTemperamentCoef"=dword:00000005
"SWPositionCoef"=dword:00000000
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:0000000a
"SWCrossingCoef"=dword:00000005
"SWDribblingCoef"=dword:00000005
"SWFinishingCoef"=dword:00000005
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:00000005
"SWLongThrowsCoef"=dword:00000005
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:00000014
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000f
"SWLeftFootCoef"=dword:0000000a
"SWRightFootCoef"=dword:0000000a
"SWAggressionCoef"=dword:0000000f
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:00000028
"SWConsistencyCoef"=dword:00000014
"SWCreativityCoef"=dword:00000005
"SWDecisionsCoef"=dword:0000001e
"SWDeterminationCoef"=dword:00000014
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000005
"SWImportantMatchesCoef"=dword:00000014
"SWInfluenceCoef"=dword:0000000f
"SWOffTheBallCoef"=dword:00000005
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:0000000a
"SWAccelerationCoef"=dword:00000019
"SWAgilityCoef"=dword:00000005
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffff6
"SWJumpingCoef"=dword:00000050
"SWNaturalFitnessCoef"=dword:0000000a
"SWPaceCoef"=dword:00000019
"SWStaminaCoef"=dword:0000000f
"SWStrengthCoef"=dword:0000003c
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:0000000a
"SWAmbitionCoef"=dword:00000014
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:0000000a
"SWPressureCoef"=dword:00000014
"SWProfessionalismCoef"=dword:0000000f
"SWSportsmanshipCoef"=dword:0000000a
"SWTemperamentCoef"=dword:00000005
"CBPositionCoef"=dword:00000000
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000014
"CBCrossingCoef"=dword:0000000a
"CBDribblingCoef"=dword:00000005
"CBFinishingCoef"=dword:00000005
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:00000014
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:00000005
"CBLongThrowsCoef"=dword:00000005
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:0000001e
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000f
"CBLeftFootCoef"=dword:0000000a
"CBRightFootCoef"=dword:0000000a
"CBAggressionCoef"=dword:0000000f
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:0000001e
"CBConcentrationCoef"=dword:0000001e
"CBConsistencyCoef"=dword:00000014
"CBCreativityCoef"=dword:00000005
"CBDecisionsCoef"=dword:0000001e
"CBDeterminationCoef"=dword:00000014
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000005
"CBImportantMatchesCoef"=dword:00000014
"CBInfluenceCoef"=dword:0000000f
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:0000000a
"CBAccelerationCoef"=dword:00000023
"CBAgilityCoef"=dword:00000005
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffff6
"CBJumpingCoef"=dword:00000050
"CBNaturalFitnessCoef"=dword:0000000a
"CBPaceCoef"=dword:00000023
"CBStaminaCoef"=dword:00000014
"CBStrengthCoef"=dword:00000032
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:0000000a
"CBAmbitionCoef"=dword:00000014
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:0000000a
"CBPressureCoef"=dword:00000014
"CBProfessionalismCoef"=dword:0000000f
"CBSportsmanshipCoef"=dword:0000000a
"CBTemperamentCoef"=dword:00000005
"FBPositionCoef"=dword:00000000
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:00000014
"FBCrossingCoef"=dword:00000023
"FBDribblingCoef"=dword:0000001e
"FBFinishingCoef"=dword:0000000a
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:00000014
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:00000050
"FBPassingCoef"=dword:00000023
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:0000001e
"FBLeftFootCoef"=dword:0000000a
"FBRightFootCoef"=dword:0000000a
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:0000003c
"FBBraveryCoef"=dword:00000019
"FBComposureCoef"=dword:00000019
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:00000014
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000019
"FBDeterminationCoef"=dword:00000014
"FBDirtinessCoef"=dword:fffffff1
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:00000014
"FBInfluenceCoef"=dword:0000000f
"FBOffTheBallCoef"=dword:0000000f
"FBPositioningCoef"=dword:00000050
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:00000032
"FBAgilityCoef"=dword:00000005
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffff6
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:0000000a
"FBPaceCoef"=dword:00000032
"FBStaminaCoef"=dword:00000032
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:0000000a
"FBAmbitionCoef"=dword:00000014
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:0000000a
"FBPressureCoef"=dword:00000014
"FBProfessionalismCoef"=dword:0000000f
"FBSportsmanshipCoef"=dword:0000000a
"FBTemperamentCoef"=dword:00000005
"WBPositionCoef"=dword:00000000
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:00000014
"WBCrossingCoef"=dword:0000004b
"WBDribblingCoef"=dword:0000003c
"WBFinishingCoef"=dword:0000001e
"WBFirstTouchCoef"=dword:00000019
"WBFreeKicksCoef"=dword:00000014
"WBHeadingCoef"=dword:00000019
"WBLongShotsCoef"=dword:0000000f
"WBLongThrowsCoef"=dword:0000000f
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000050
"WBTechniqueCoef"=dword:00000032
"WBLeftFootCoef"=dword:0000000a
"WBRightFootCoef"=dword:0000000a
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000032
"WBBraveryCoef"=dword:0000000f
"WBComposureCoef"=dword:00000014
"WBConcentrationCoef"=dword:00000019
"WBConsistencyCoef"=dword:00000014
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:00000014
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:00000014
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:0000003c
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:0000001e
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:00000005
"WBBalanceCoef"=dword:0000000f
"WBInjuryPronenessCoef"=dword:fffffff6
"WBJumpingCoef"=dword:00000019
"WBNaturalFitnessCoef"=dword:0000000a
"WBPaceCoef"=dword:0000005a
"WBStaminaCoef"=dword:0000004b
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:0000000a
"WBAmbitionCoef"=dword:00000014
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:0000000a
"WBPressureCoef"=dword:00000014
"WBProfessionalismCoef"=dword:0000000f
"WBSportsmanshipCoef"=dword:0000000a
"WBTemperamentCoef"=dword:00000005
"DMPositionCoef"=dword:00000000
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:00000014
"DMCrossingCoef"=dword:00000028
"DMDribblingCoef"=dword:00000019
"DMFinishingCoef"=dword:0000001e
"DMFirstTouchCoef"=dword:00000019
"DMFreeKicksCoef"=dword:00000014
"DMHeadingCoef"=dword:00000032
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:0000000a
"DMMarkingCoef"=dword:0000004b
"DMPassingCoef"=dword:00000032
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000050
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:0000000a
"DMRightFootCoef"=dword:0000000a
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:0000000f
"DMComposureCoef"=dword:00000014
"DMConcentrationCoef"=dword:00000019
"DMConsistencyCoef"=dword:00000014
"DMCreativityCoef"=dword:00000019
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:00000014
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000f
"DMImportantMatchesCoef"=dword:00000014
"DMInfluenceCoef"=dword:0000000f
"DMOffTheBallCoef"=dword:00000019
"DMPositioningCoef"=dword:0000003c
"DMTeamworkCoef"=dword:0000001e
"DMWorkRateCoef"=dword:0000003c
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:00000005
"DMBalanceCoef"=dword:0000000f
"DMInjuryPronenessCoef"=dword:fffffff6
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:0000000a
"DMPaceCoef"=dword:00000023
"DMStaminaCoef"=dword:00000041
"DMStrengthCoef"=dword:00000032
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:0000000a
"DMAmbitionCoef"=dword:00000014
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:0000000a
"DMPressureCoef"=dword:00000014
"DMProfessionalismCoef"=dword:0000000f
"DMSportsmanshipCoef"=dword:0000000a
"DMTemperamentCoef"=dword:00000005
"MPositionCoef"=dword:00000000
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:00000019
"MCrossingCoef"=dword:00000032
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000028
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:00000014
"MHeadingCoef"=dword:00000028
"MLongShotsCoef"=dword:00000019
"MLongThrowsCoef"=dword:0000000a
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:0000004b
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:00000028
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:0000000a
"MRightFootCoef"=dword:0000000a
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:00000014
"MConcentrationCoef"=dword:00000014
"MConsistencyCoef"=dword:00000014
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:00000014
"MDeterminationCoef"=dword:00000014
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:00000014
"MImportantMatchesCoef"=dword:00000014
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:0000001e
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000023
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:0000002d
"MAgilityCoef"=dword:00000005
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffff6
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:0000000a
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:00000023
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:0000000a
"MAmbitionCoef"=dword:00000014
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:0000000a
"MPressureCoef"=dword:00000014
"MProfessionalismCoef"=dword:0000000f
"MSportsmanshipCoef"=dword:0000000a
"MTemperamentCoef"=dword:00000005
"AMPositionCoef"=dword:00000000
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:00000019
"AMCrossingCoef"=dword:00000046
"AMDribblingCoef"=dword:00000046
"AMFinishingCoef"=dword:00000032
"AMFirstTouchCoef"=dword:00000028
"AMFreeKicksCoef"=dword:00000014
"AMHeadingCoef"=dword:0000001e
"AMLongShotsCoef"=dword:0000001e
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000f
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:0000000a
"AMRightFootCoef"=dword:0000000a
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:00000023
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:00000014
"AMConcentrationCoef"=dword:00000014
"AMConsistencyCoef"=dword:00000014
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000014
"AMDeterminationCoef"=dword:00000014
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:0000001e
"AMImportantMatchesCoef"=dword:00000014
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:00000028
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:00000028
"AMWorkRateCoef"=dword:00000019
"AMAccelerationCoef"=dword:00000032
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffff6
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:0000000a
"AMPaceCoef"=dword:00000032
"AMStaminaCoef"=dword:00000028
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:0000000a
"AMAmbitionCoef"=dword:00000014
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:0000000a
"AMPressureCoef"=dword:00000014
"AMProfessionalismCoef"=dword:0000000f
"AMSportsmanshipCoef"=dword:0000000a
"AMTemperamentCoef"=dword:00000005
"WPositionCoef"=dword:00000000
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:00000019
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:00000014
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000019
"WLongThrowsCoef"=dword:0000000a
"WMarkingCoef"=dword:00000019
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:00000014
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:0000000a
"WRightFootCoef"=dword:0000000a
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000023
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:00000014
"WConcentrationCoef"=dword:00000014
"WConsistencyCoef"=dword:00000014
"WCreativityCoef"=dword:00000032
"WDecisionsCoef"=dword:0000000f
"WDeterminationCoef"=dword:00000014
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000001e
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:00000005
"WOffTheBallCoef"=dword:00000032
"WPositioningCoef"=dword:00000019
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffff6
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:0000000a
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:00000032
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:0000000a
"WAmbitionCoef"=dword:00000014
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:0000000a
"WPressureCoef"=dword:00000014
"WProfessionalismCoef"=dword:0000000f
"WSportsmanshipCoef"=dword:0000000a
"WTemperamentCoef"=dword:00000005
"FSTPositionCoef"=dword:00000000
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:00000014
"FSTCrossingCoef"=dword:0000001e
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:00000014
"FSTHeadingCoef"=dword:0000003c
"FSTLongShotsCoef"=dword:0000001e
"FSTLongThrowsCoef"=dword:00000005
"FSTMarkingCoef"=dword:0000000a
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:0000000a
"FSTTechniqueCoef"=dword:0000004b
"FSTLeftFootCoef"=dword:0000000a
"FSTRightFootCoef"=dword:0000000a
"FSTAggressionCoef"=dword:00000014
"FSTAnticipationCoef"=dword:00000014
"FSTBraveryCoef"=dword:0000000f
"FSTComposureCoef"=dword:00000014
"FSTConcentrationCoef"=dword:00000014
"FSTConsistencyCoef"=dword:00000014
"FSTCreativityCoef"=dword:00000032
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:00000014
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:00000019
"FSTImportantMatchesCoef"=dword:00000014
"FSTInfluenceCoef"=dword:00000005
"FSTOffTheBallCoef"=dword:0000003c
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:0000001e
"FSTBalanceCoef"=dword:00000014
"FSTInjuryPronenessCoef"=dword:fffffff6
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:0000000a
"FSTPaceCoef"=dword:0000005a
"FSTStaminaCoef"=dword:00000014
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:0000000a
"FSTAmbitionCoef"=dword:00000014
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:0000000a
"FSTPressureCoef"=dword:00000014
"FSTProfessionalismCoef"=dword:0000000f
"FSTSportsmanshipCoef"=dword:0000000a
"FSTTemperamentCoef"=dword:00000005
"TSTPositionCoef"=dword:00000000
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000014
"TSTCrossingCoef"=dword:0000001e
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:0000003c
"TSTFirstTouchCoef"=dword:00000028
"TSTFreeKicksCoef"=dword:00000014
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:0000001e
"TSTLongThrowsCoef"=dword:00000005
"TSTMarkingCoef"=dword:0000000a
"TSTPassingCoef"=dword:0000001e
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:0000000a
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:0000000a
"TSTRightFootCoef"=dword:0000000a
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:00000014
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:00000014
"TSTConcentrationCoef"=dword:00000014
"TSTConsistencyCoef"=dword:00000014
"TSTCreativityCoef"=dword:00000028
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:00000014
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:00000019
"TSTImportantMatchesCoef"=dword:00000014
"TSTInfluenceCoef"=dword:00000005
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:0000000a
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffff6
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:0000000a
"TSTPaceCoef"=dword:00000023
"TSTStaminaCoef"=dword:0000000f
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:0000000a
"TSTAmbitionCoef"=dword:00000014
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:0000000a
"TSTPressureCoef"=dword:00000014
"TSTProfessionalismCoef"=dword:0000000f
"TSTSportsmanshipCoef"=dword:0000000a
"TSTTemperamentCoef"=dword:00000005
.
[HKEY_USERS\S-1-5-21-463557466-820520665-809071625-1007\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"GameDir"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Documents and Settings\\Julie\\Desktop\\FM Genie Scout 2009\\History Points"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Julie\\My Documents\\Sports Interactive\\Football Manager 2009\\games\\new city.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009bb2
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="34-F494-0030"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Micro Niche Finder\bggoogle.exe
c:\windows\system32\VTTimer.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-09 10:49:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-09 09:49
ComboFix2.txt 2011-06-07 20:30
ComboFix3.txt 2011-06-04 20:25
.
Pre-Run: 19,799,695,360 bytes free
Post-Run: 19,713,847,296 bytes free
.
- - End Of File - - 2D10270F5C9FCC8C17DEA47C196357CA
Upload was successful
  • 0

#38
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi.

I'm afraid I have very bad news. :)

Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


  • 0

#39
pat208

pat208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks for reply Dakeyras. Oh dear not great news. i'm not sure if i'm going to reformat my hardrive or saveup for a new computer. I have a portable harddrive will it be possible to put any of the files on my computer onto it?
  • 0

#40
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

Thanks for reply Dakeyras. Oh dear not great news.

You're welcome! No it is not and unfortunately and not a post/advice I particularly wanted to impart to you good self...though saying that so to speak I would be extremely remiss with my support if I had not made you aware of the ramifications etc.

i'm not sure if i'm going to reformat my hardrive or saveup for a new computer.

The former for the time being is the most expedient course of action to undertake, if any consolation if one of my machines was infected thus I would not hesitate to perform a reformat and reinstallation of the Windows Operating System. Reason being over time the malware on-board will spread exponentially and the distinct possibility the actual machine may cease to function correctly and the salient fact because of the back-door access the machine could be used as what is known as a zombie computer every time it has online access and in turn be used for nefarious purposes.

I have a portable harddrive will it be possible to put any of the files on my computer onto it?

Not many I'm afraid as I mentioned in my prior post this particular infection targets the following...

a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files

If you have any other questions feel free to ask, if not stay safe!
  • 0

Advertisements


#41
pat208

pat208

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Just wanted to say thanks to Dakeyras for giving his time to help me out.
Thanks! :)
  • 0

#42
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
You're most welcome! :)
  • 0

#43
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP