Welcome to GeekPolice!
Homeproblem with system security 2009
Page 1 of 3 • 1, 2, 3 
- darkangel79
Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 
darkangel79 on 8th July 2009, 7:43 pm
Hi , i made all the tings with malwarebits and on and off ss2009 keeps showing on my pc. sometimes gives a bna.tmp file error or a runtime error 203 and crash my pc. Can you help me? 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:35, on 08-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ULI5287\ULiRaid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ESET\CyberMania.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Documents and Settings\Ricardo Fonseca\Desktop\winlogon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 76.107.89.44:9090
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CyberMania] C:\Program Files\ESET\CyberMania.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [BN362] C:\DOCUME~1\RICARD~1\LOCALS~1\Temp\BN362.tmp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LocalService] C:\Documents and Settings\LocalService\LocalService.exe /i (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{097328C6-0D98-404D-82F8-3EEB56B92B2B}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{097328C6-0D98-404D-82F8-3EEB56B92B2B}: NameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{097328C6-0D98-404D-82F8-3EEB56B92B2B}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SMC Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 11244 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:35, on 08-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ULI5287\ULiRaid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ESET\CyberMania.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Documents and Settings\Ricardo Fonseca\Desktop\winlogon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 76.107.89.44:9090
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CyberMania] C:\Program Files\ESET\CyberMania.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [BN362] C:\DOCUME~1\RICARD~1\LOCALS~1\Temp\BN362.tmp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LocalService] C:\Documents and Settings\LocalService\LocalService.exe /i (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{097328C6-0D98-404D-82F8-3EEB56B92B2B}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{097328C6-0D98-404D-82F8-3EEB56B92B2B}: NameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{097328C6-0D98-404D-82F8-3EEB56B92B2B}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SMC Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 11244 bytes
- Origin
Tech Colleague -
OS : Windows Xp Sp3
Posts : 2684
Rubies : 6823
Likes : 0 -
Origin on 8th July 2009, 8:03 pm
Hello darkangel79,
Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:
Please download and run this tool.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:
- If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
- If you have any cracked/pirated software in your computer delete them or we will not help you.
- Only follow advise from Geek Police Staff and not a regular member.
- Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
- Open HijackThis.
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [BN362] C:\DOCUME~1\RICARD~1\LOCALS~1\Temp\BN362.tmp
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) - Press "Fix Checked"
- Close Hijack This.
Please download and run this tool.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
While my help is always free, please consider donating to keep this site alive: Donate
- darkangel79Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 -
darkangel79 on 8th July 2009, 11:27 pm
If you get me rid of this you are my hero,my god 
greetings from Portugal
Malwarebytes' Anti-Malware 1.38
Database version: 2397
Windows 5.1.2600 Service Pack 3
09-07-2009 0:25:46
mbam-log-2009-07-09 (00-25-46).txt
Scan type: Quick Scan
Objects scanned: 91091
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\localservice\local settings\Temp\BN37D.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN362.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN377.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN37F.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN380.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN388.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN38A.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN391.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN34E.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN385.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN386.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN38D.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN393.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN394.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Ricardo Fonseca\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
greetings from Portugal
Malwarebytes' Anti-Malware 1.38
Database version: 2397
Windows 5.1.2600 Service Pack 3
09-07-2009 0:25:46
mbam-log-2009-07-09 (00-25-46).txt
Scan type: Quick Scan
Objects scanned: 91091
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\localservice\local settings\Temp\BN37D.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN362.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN377.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN37F.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN380.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN388.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN38A.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\ricardo fonseca\local settings\Temp\BN391.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN34E.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN385.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN386.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN38D.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN393.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN394.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Ricardo Fonseca\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
- OriginTech Colleague
-
OS : Windows Xp Sp3
Posts : 2684
Rubies : 6823
Likes : 0 -
Origin on 9th July 2009, 12:39 am
- Download combofix from here
Link 1
Link 2 - We need to disable your local AV (Anti-virus) before running Combofix.
- See HERE for how to disable your AV.
- Double click on ComboFix.exe.
- Follow the prompts. NOTE:
- ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan. - The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
- Allow ComboFix to download the Recovery Console.
- Accept the End-User License Agreement.
- The Recovery Console will be installed.
- You will then get this next prompt that asks if you want to continue the malware scan, select yes
- Allow combofix to run
- Post C:\combofix.txt back here.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
While my help is always free, please consider donating to keep this site alive: Donate
- darkangel79Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 -
darkangel79 on 10th July 2009, 6:25 pm
ComboFix 09-07-09.08 - Ricardo Fonseca 10-07-2009 19:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.374 [GMT 1:00]
Running from: c:\documents and settings\Ricardo Fonseca\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\97432806.ini
c:\windows\Installer\16b3f98.msi
c:\windows\Installer\3c286.msi
c:\windows\Installer\5e399.msi
c:\windows\Installer\5efed.msi
c:\windows\Installer\64cea09.msi
c:\windows\Installer\a19c6.msi
c:\windows\Installer\aa702.msi
c:\windows\Installer\b3d9de4.msi
c:\windows\Installer\f6f9af6.msi
c:\windows\Installer\f7e11bd.msi
c:\windows\kb913800.exe
c:\windows\system32\wgalogon.dll
D:\AUTORUN.INF
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-08 19:15 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-08 19:15 . 2009-07-08 19:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-08 19:15 . 2009-07-08 19:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-08 19:15 . 2009-07-08 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-08 19:15 . 2009-07-08 19:15 -------- d-----w- c:\program files\NOS
2009-07-08 19:15 . 2009-06-04 09:53 22848 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-07-08 19:15 . 2009-06-04 09:53 31944 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-07-08 19:15 . 2009-06-04 09:53 18776 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-07-08 19:03 . 2009-07-08 19:05 -------- d-----w- c:\documents and settings\Ricardo Fonseca\.SunDownloadManager
2009-07-07 20:41 . 2009-07-07 20:41 -------- d-----w- C:\!KillBox
2009-07-07 17:52 . 2009-07-07 17:46 33630 ---h--w- c:\documents and settings\LocalService\LocalService.exe
2009-07-07 17:48 . 2009-07-07 17:45 33630 ---h--w- c:\documents and settings\NetworkService\NetworkService.exe
2009-07-07 01:00 . 2009-07-07 01:03 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-07 01:00 . 2009-07-07 01:03 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-07 01:00 . 2009-07-07 01:03 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-07 01:00 . 2008-06-02 14:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-07 01:00 . 2009-07-07 01:00 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\PC Tools
2009-07-07 00:44 . 2009-07-07 00:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-07-07 00:22 . 2009-07-07 01:17 -------- d-----w- c:\program files\Spyware Doctor
2009-07-06 22:29 . 2009-07-06 22:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-07-06 22:14 . 2009-07-06 22:14 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Local Settings\Application Data\ESET
2009-07-06 20:11 . 2009-07-06 20:11 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\Malwarebytes
2009-07-06 20:11 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 20:11 . 2009-07-08 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 20:11 . 2009-07-06 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 20:11 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 21:44 . 2009-06-25 21:44 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Local Settings\Application Data\JollyBear
2009-06-25 21:44 . 2009-06-25 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-06-14 18:57 . 2009-06-14 18:57 152576 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-14 18:57 . 2009-06-14 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-06-14 18:56 . 2009-07-07 00:46 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\Azureus
2009-06-14 18:56 . 2009-06-14 18:56 -------- d-----w- c:\program files\Vuze
2009-06-14 18:53 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-06-14 18:53 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 18:10 . 2008-08-31 10:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-08 19:16 . 2007-04-28 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-08 19:11 . 2006-10-30 02:00 -------- d-----w- c:\program files\Java
2009-07-08 19:09 . 2008-12-09 18:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-07 00:42 . 2007-12-09 12:48 -------- d-----w- c:\program files\CCleaner
2009-07-06 22:11 . 2007-10-02 19:26 -------- d-----w- c:\program files\ESET
2009-07-06 19:51 . 2007-12-08 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-16 22:03 . 2007-08-16 18:50 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\uTorrent
2009-06-08 17:35 . 2009-05-29 18:00 -------- d-----w- c:\program files\BetClick Poker
2009-05-29 00:14 . 2009-05-22 19:15 -------- d-----w- c:\program files\PokerStars
2009-05-25 20:39 . 2009-05-25 20:39 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-25 20:38 . 2007-09-27 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-25 20:36 . 2009-01-28 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-05-24 23:51 . 2007-02-26 22:08 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\Skype
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-07-19 20:16 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2006-07-19 20:16 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-07-19 20:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-31 09:44 . 2008-08-31 09:44 0 ----a-w- c:\program files\temp01
2006-07-18 13:41 . 2006-06-17 17:32 1019094 --sha-r- c:\program files\serial.tde
2006-05-28 16:46 . 2006-05-28 16:45 397306 --sha-r- c:\program files\wunauclt.zip
2006-05-28 16:46 . 2006-05-28 16:45 397306 --sha-r- c:\program files\wunauclt.tbe
2007-08-09 12:08 . 2007-10-01 15:54 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 . 2007-10-01 15:54 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.374 [GMT 1:00]
Running from: c:\documents and settings\Ricardo Fonseca\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\97432806.ini
c:\windows\Installer\16b3f98.msi
c:\windows\Installer\3c286.msi
c:\windows\Installer\5e399.msi
c:\windows\Installer\5efed.msi
c:\windows\Installer\64cea09.msi
c:\windows\Installer\a19c6.msi
c:\windows\Installer\aa702.msi
c:\windows\Installer\b3d9de4.msi
c:\windows\Installer\f6f9af6.msi
c:\windows\Installer\f7e11bd.msi
c:\windows\kb913800.exe
c:\windows\system32\wgalogon.dll
D:\AUTORUN.INF
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-08 19:15 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-08 19:15 . 2009-07-08 19:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-08 19:15 . 2009-07-08 19:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-08 19:15 . 2009-07-08 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-08 19:15 . 2009-07-08 19:15 -------- d-----w- c:\program files\NOS
2009-07-08 19:15 . 2009-06-04 09:53 22848 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-07-08 19:15 . 2009-06-04 09:53 31944 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-07-08 19:15 . 2009-06-04 09:53 18776 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-07-08 19:03 . 2009-07-08 19:05 -------- d-----w- c:\documents and settings\Ricardo Fonseca\.SunDownloadManager
2009-07-07 20:41 . 2009-07-07 20:41 -------- d-----w- C:\!KillBox
2009-07-07 17:52 . 2009-07-07 17:46 33630 ---h--w- c:\documents and settings\LocalService\LocalService.exe
2009-07-07 17:48 . 2009-07-07 17:45 33630 ---h--w- c:\documents and settings\NetworkService\NetworkService.exe
2009-07-07 01:00 . 2009-07-07 01:03 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-07 01:00 . 2009-07-07 01:03 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-07 01:00 . 2009-07-07 01:03 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-07 01:00 . 2008-06-02 14:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-07 01:00 . 2009-07-07 01:00 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\PC Tools
2009-07-07 00:44 . 2009-07-07 00:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-07-07 00:22 . 2009-07-07 01:17 -------- d-----w- c:\program files\Spyware Doctor
2009-07-06 22:29 . 2009-07-06 22:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-07-06 22:14 . 2009-07-06 22:14 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Local Settings\Application Data\ESET
2009-07-06 20:11 . 2009-07-06 20:11 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\Malwarebytes
2009-07-06 20:11 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 20:11 . 2009-07-08 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 20:11 . 2009-07-06 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 20:11 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 21:44 . 2009-06-25 21:44 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Local Settings\Application Data\JollyBear
2009-06-25 21:44 . 2009-06-25 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-06-14 18:57 . 2009-06-14 18:57 152576 ----a-w- c:\documents and settings\Ricardo Fonseca\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-14 18:57 . 2009-06-14 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-06-14 18:56 . 2009-07-07 00:46 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\Azureus
2009-06-14 18:56 . 2009-06-14 18:56 -------- d-----w- c:\program files\Vuze
2009-06-14 18:53 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-06-14 18:53 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 18:10 . 2008-08-31 10:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-08 19:16 . 2007-04-28 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-08 19:11 . 2006-10-30 02:00 -------- d-----w- c:\program files\Java
2009-07-08 19:09 . 2008-12-09 18:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-07 00:42 . 2007-12-09 12:48 -------- d-----w- c:\program files\CCleaner
2009-07-06 22:11 . 2007-10-02 19:26 -------- d-----w- c:\program files\ESET
2009-07-06 19:51 . 2007-12-08 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-16 22:03 . 2007-08-16 18:50 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\uTorrent
2009-06-08 17:35 . 2009-05-29 18:00 -------- d-----w- c:\program files\BetClick Poker
2009-05-29 00:14 . 2009-05-22 19:15 -------- d-----w- c:\program files\PokerStars
2009-05-25 20:39 . 2009-05-25 20:39 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-25 20:38 . 2007-09-27 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-25 20:36 . 2009-01-28 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-05-24 23:51 . 2007-02-26 22:08 -------- d-----w- c:\documents and settings\Ricardo Fonseca\Application Data\Skype
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-07-19 20:16 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2006-07-19 20:16 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-07-19 20:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-31 09:44 . 2008-08-31 09:44 0 ----a-w- c:\program files\temp01
2006-07-18 13:41 . 2006-06-17 17:32 1019094 --sha-r- c:\program files\serial.tde
2006-05-28 16:46 . 2006-05-28 16:45 397306 --sha-r- c:\program files\wunauclt.zip
2006-05-28 16:46 . 2006-05-28 16:45 397306 --sha-r- c:\program files\wunauclt.tbe
2007-08-09 12:08 . 2007-10-01 15:54 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 . 2007-10-01 15:54 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
- darkangel79Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 -
darkangel79 on 10th July 2009, 6:26 pm
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid"="c:\program files\ULI5287\ULiRaid.exe" [2005-02-15 401408]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-07 1168264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\hdashcut.exe [2006-07-19 61952]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-06-18 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-5 1011712]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-5-31 303104]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bowlfish\\eMule.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"d:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\thq\\company of heroes\\RelicCOH.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Portuguese\\setup.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [01-01-1980 1:00 85888]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09-04-2009 15:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [09-04-2009 15:21 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09-04-2009 15:19 731840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [07-07-2009 2:00 356920]
R3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [30-10-2006 2:12 44544]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [08-07-2009 20:15 66048]
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid"="c:\program files\ULI5287\ULiRaid.exe" [2005-02-15 401408]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-07 1168264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\hdashcut.exe [2006-07-19 61952]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-06-18 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-5 1011712]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-5-31 303104]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bowlfish\\eMule.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"d:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\thq\\company of heroes\\RelicCOH.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Portuguese\\setup.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [01-01-1980 1:00 85888]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09-04-2009 15:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [09-04-2009 15:21 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09-04-2009 15:19 731840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [07-07-2009 2:00 356920]
R3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [30-10-2006 2:12 44544]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [08-07-2009 20:15 66048]
- darkangel79Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 -
darkangel79 on 10th July 2009, 6:28 pm
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
c:\documents and settings\Ricardo Fonseca\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-07-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 21:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-WebCamRT.exe - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 76.107.89.44:9090
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {097328C6-0D98-404D-82F8-3EEB56B92B2B} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 19:11
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-1214440339-1801674531-1003\Software\G*e*n*i*e*"!\FM Genie Scout]
"GameDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data\\games"
"ShortlistDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data\\shortlists"
"ScreenshotsDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data"
"SaveDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data"
"HistoryDir"="d:\\fm_genie_scout_2007\\FM Genie Scout 2007\\History Points"
"LangDB"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\data\\db\\700\\lang_db.dat"
"LastSaveGame"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\carreira.fm"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"HighQualityGUI"=dword:00000000
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"WindowHeight"=dword:0000033f
"WindowWidth"=dword:000003f8
"WindowLeft"=dword:00000084
"WindowTop"=dword:00000060
"Currency"=dword:00000056
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
c:\documents and settings\Ricardo Fonseca\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-07-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 21:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-WebCamRT.exe - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 76.107.89.44:9090
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {097328C6-0D98-404D-82F8-3EEB56B92B2B} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Ricardo Fonseca\Application Data\Mozilla\Firefox\Profiles\0p2p7c2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 19:11
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-1214440339-1801674531-1003\Software\G*e*n*i*e*"!\FM Genie Scout]
"GameDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data\\games"
"ShortlistDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data\\shortlists"
"ScreenshotsDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data"
"SaveDir"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data"
"HistoryDir"="d:\\fm_genie_scout_2007\\FM Genie Scout 2007\\History Points"
"LangDB"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\data\\db\\700\\lang_db.dat"
"LastSaveGame"="d:\\Program Files\\Sports Interactive\\Football Manager 2007\\carreira.fm"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"HighQualityGUI"=dword:00000000
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"WindowHeight"=dword:0000033f
"WindowWidth"=dword:000003f8
"WindowLeft"=dword:00000084
"WindowTop"=dword:00000060
"Currency"=dword:00000056
- darkangel79Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 -
darkangel79 on 10th July 2009, 6:28 pm
[HKEY_USERS\S-1-5-21-2000478354-1214440339-1801674531-1003\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000088
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000087
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000059
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000008
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:00000009
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000a
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:0000000c
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000d
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:0000000e
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:0000000f
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000010
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000011
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000012
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000013
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000014
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000015
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000016
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000017
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:00000018
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:00000019
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001a
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001b
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001c
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001d
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:0000001e
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:0000001f
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000020
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000021
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000022
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000023
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000024
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000026
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002a
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:0000002c
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002f
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000031
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000032
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000025
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:00000027
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000029
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000033
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000034
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000035
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:00000036
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:00000037
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:00000038
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:00000039
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003a
"Visible52"=dword:00000000
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000088
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000087
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000059
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000008
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:00000009
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000a
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:0000000c
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000d
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:0000000e
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:0000000f
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000010
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000011
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000012
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000013
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000014
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000015
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000016
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000017
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:00000018
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:00000019
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001a
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001b
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001c
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001d
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:0000001e
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:0000001f
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000020
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000021
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000022
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000023
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000024
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000026
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002a
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:0000002c
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002f
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000031
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000032
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000025
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:00000027
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000029
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000033
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000034
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000035
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:00000036
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:00000037
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:00000038
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:00000039
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003a
"Visible52"=dword:00000000
- darkangel79Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 -
darkangel79 on 10th July 2009, 6:29 pm
"Width52"=dword:0000003c
"Position53"=dword:0000003b
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:0000003c
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:0000003d
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000040
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000041
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000042
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000043
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000044
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000045
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000046
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:00000047
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:00000048
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:00000049
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004a
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004b
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000004c
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000004d
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:0000004e
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:0000004f
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000050
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000051
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000052
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000053
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000054
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000055
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000056
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000057
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:00000058
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:00000059
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005a
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005b
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000005c
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000005d
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:0000005e
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:0000005f
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000060
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000061
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000062
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000063
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000064
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000065
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000066
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000067
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:00000068
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:00000069
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006a
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006b
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000003e
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000006c
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:0000006d
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:0000006e
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:0000006f
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000070
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000b
"Visible106"=dword:00000001
"Width106"=dword:0000005a
"Position107"=dword:00000007
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:0000003f
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002b
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:0000002d
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:0000002e
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000030
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000071
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000072
"Visible114"=dword:00000000
"Position53"=dword:0000003b
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:0000003c
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:0000003d
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000040
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000041
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000042
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000043
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000044
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000045
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000046
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:00000047
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:00000048
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:00000049
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004a
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004b
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000004c
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000004d
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:0000004e
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:0000004f
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000050
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000051
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000052
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000053
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000054
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000055
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000056
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000057
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:00000058
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:00000059
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005a
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005b
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000005c
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000005d
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:0000005e
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:0000005f
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000060
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000061
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000062
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000063
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000064
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000065
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000066
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000067
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:00000068
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:00000069
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006a
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006b
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000003e
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000006c
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:0000006d
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:0000006e
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:0000006f
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000070
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000b
"Visible106"=dword:00000001
"Width106"=dword:0000005a
"Position107"=dword:00000007
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:0000003f
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002b
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:0000002d
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:0000002e
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000030
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000071
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000072
"Visible114"=dword:00000000
- darkangel79Novice
-
OS : xp
Posts : 20
Rubies : 3019
Likes : 0 -
darkangel79 on 10th July 2009, 6:29 pm
"Width114"=dword:00000050
"Position115"=dword:00000073
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000074
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000075
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:00000076
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:00000077
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:00000078
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:00000079
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007a
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007b
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:0000007c
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:0000007d
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:0000007e
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:0000007f
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000080
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000081
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000082
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000083
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000084
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000085
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:00000086
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:00000087
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:00000088
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:00000089
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008a
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008b
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:0000008c
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:0000008d
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:0000008e
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:0000008f
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000090
"Visible144"=dword:00000000
"Width144"=dword:00000050
[HKEY_USERS\S-1-5-21-2000478354-1214440339-1801674531-1003\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000009c
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000084
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position115"=dword:00000073
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000074
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000075
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:00000076
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:00000077
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:00000078
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:00000079
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007a
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007b
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:0000007c
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:0000007d
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:0000007e
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:0000007f
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000080
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000081
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000082
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000083
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000084
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000085
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:00000086
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:00000087
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:00000088
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:00000089
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008a
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008b
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:0000008c
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:0000008d
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:0000008e
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:0000008f
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000090
"Visible144"=dword:00000000
"Width144"=dword:00000050
[HKEY_USERS\S-1-5-21-2000478354-1214440339-1801674531-1003\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:0000009c
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000084
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
Page 1 of 3 • 1, 2, 3
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 3
Permissions in this forum:
You can reply to topics in this forum
