Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: calciver on August 26, 2007, 07:42:00 PM

Title: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on August 26, 2007, 07:42:00 PM
i try for scan many time, keep scan and scan. it show safe, but i stil; atked by that trj virus. Any1 can help me :'(?? some file cant b delete coz file not found.

this is example:
File C:\Documents and Settings\Calciver\Local Settings\Temp\00DNw2jl.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\00DNw2jl.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\037jr4aR.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\037jr4aR.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\07Ch74T0.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\07Ch74T0.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\07J051fa.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\07J051fa.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\15G8axY3.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\15G8axY3.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\3c22FnTJ.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\3c22FnTJ.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\3hyd3rhe.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\3hyd3rhe.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\4P6MkGK7.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\4P6MkGK7.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\5wK6GF7W.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\5wK6GF7W.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\gT25fiTd.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\gT25fiTd.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\knTd335c.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\knTd335c.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\ny78Pq1U.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\ny78Pq1U.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\qN5KmxV0.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\qN5KmxV0.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\radBYlxD.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\radBYlxD.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\s3dj30G4.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\s3dj30G4.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\SEELdLN1.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\SEELdLN1.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\tFxx5G1m.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\tFxx5G1m.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\VjuSL3N5.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\VjuSL3N5.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\Xmu4f873.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\Xmu4f873.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\_avast4_\unp248327569.tmp\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\D76c8ypA.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\D76c8ypA.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\NetworkService\Local Settings\Temp\V77h1Wgp.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\V77h1Wgp.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Program Files\Internet Explorer\RAVCHDMON.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP43\A0009476.exe is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024288.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024323.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024505.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024530.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024544.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024558.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024570.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024586.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024777.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP58\A0028814.exe is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP58\A0028816.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on August 26, 2007, 08:34:02 PM
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate. So those that you have already deleted you have no options left.

For the other ones classed as not found, did you empty the Temp folder ?
They could have been placed in the temp folder as a result of another security application unpacking archives into the Temp folder and avast is detecting these files. However at the end of a scan the other scanner usually cleans up after its scan removing the files.
So does this ring any bells, what were you doing when these alerts happened ?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on August 27, 2007, 03:39:28 AM
General cleaning procedure:

1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887) or Windows XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware (http://www.ewido.net/en/). Some users recommend SUPERantispyware (http://www.superantispyware.com), Spyware Terminator (http://www.spywareterminator.com/) and/or a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest AVG (http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0), Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx) and/or F-Secure BlackLight (http://www.f-secure.com/blacklight/try_blacklight.html).

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the  Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Maxx_original on August 27, 2007, 09:18:06 AM
your "file not found" problem is only a misinterpretation of scan results.. the infection was found in some embedded PE file... when some infection is found in embedded file, then its parent file is deleted.. the same infection was found in the parent file (loaded in memory), but the file can't be deleted, cause it was deleted by previous (underlaying) detection already...
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 06, 2007, 08:17:45 AM
i choosing the take no action and then starting boots time scan but it appear this problem. Now this problem is gone but the same virus keep attacking my pc. I move all the files to the chest but dont know how to do it then. Hv another suggestion??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Maxx_original on September 06, 2007, 10:08:08 AM
there must be some dropper.. can you post a HJT log here? you can find many tutorials on this forum how to do it...
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on September 06, 2007, 02:47:07 PM
If you want to do it by yourself, click here (http://www.thespykiller.co.uk/files/HJTsetup.exe) to download HJTsetup.exe

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 07, 2007, 04:18:35 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:08 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {a5edcd28-669c-44d7-afa0-6e6649e7fde4} - C:\WINDOWS\system32\comard.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce
O4 - HKLM\..\Run: [commomds] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [RAVGJMON] C:\Program Files\Internet Explorer\RAVGJMON.exe
O4 - HKLM\..\Run: [RAVDTHXMON] C:\Program Files\Internet Explorer\RAVDTHXMON.exe
O4 - HKLM\..\Run: [RAVCHDMON] C:\Program Files\Internet Explorer\RAVCHDMON.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RAVWLMON] C:\WINDOWS\system32\RAVWLMON.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O20 - AppInit_DLLs: jzgpri.dll
O20 - Winlogon Notify: comard - comard.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7760 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 07, 2007, 04:38:21 PM
Fix these:
O2 - BHO: (no name) - {a5edcd28-669c-44d7-afa0-6e6649e7fde4} - C:\WINDOWS\system32\comard.dll (file missing) - apart from the file is missing, check and make sure, a google search for this file returns zero hits, which in itself is suspicious
O20 - Winlogon Notify: comard - comard.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)


These are reported nasty and if avast hasn't detected it a sample should be sent to avast I would also confirm using VT and Jotti (see below).
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll - see http://www.google.com/search?q=WebAssist.dll (http://www.google.com/search?q=WebAssist.dll)
O4 - HKLM\..\Run: [RAVWLMON] C:\WINDOWS\system32\RAVWLMON.exe - see http://www.prevx.com/filenames/3417583867049942784-X1/RAVWLMON.EXE.html (http://www.prevx.com/filenames/3417583867049942784-X1/RAVWLMON.EXE.html)

O20 - AppInit_DLLs: jzgpri.dll - see http://www.castlecops.com/p981744-MD5_228b2084b7ade49987c38d87f84e1903_jzgpri_dll.html (http://www.castlecops.com/p981744-MD5_228b2084b7ade49987c38d87f84e1903_jzgpri_dll.html)

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html) I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 07, 2007, 07:52:25 PM
thx for ur help. I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 07, 2007, 09:06:39 PM
Do you mean outlook express ?
You shouldn't have to do anything to it to send the zipped password protected files, however, OE might need the security settings sorted (Tools, Options, Security tab, uncheck the arrowed option in the image below), this was changed after a security update.

I don't use MS Outlook so I can't be any practical help there.

By far the best option is to add them to the user files section of the chest and send them from there as I mentioned above.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 08, 2007, 08:21:46 AM
erm... I try but cant add. Add cant b choosen
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 08, 2007, 02:14:55 PM
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Maxx_original on September 10, 2007, 10:20:09 AM
also this item looks strange:

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 10, 2007, 10:42:49 AM
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.

after that i nid to add what file??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 10, 2007, 10:46:48 AM
also this item looks strange:

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce

Yea, it is 1 of the threat. It make me headaches because i follow Tech™'s step it harm my system and avast. Now i also want to fix it or take no action. And my pc still infected by the win32 dialer
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: SpeedyPC on September 10, 2007, 02:34:48 PM
also this item looks strange:

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce

Yea, it is 1 of the threat. It make me headaches because i follow Tech™'s step it harm my system and avast. Now i also want to fix it or take no action. And my pc still infected by the win32 dialer

The only way to solve your dead problem if those virus are very hard to remove, it time to KILL your PC good bye and reformat your HD from scratch.

You should have cloned your HD long ago before you get your backside for a good hard scratching sand paper........Ouch! that virus must have got you stone COLD you couldn't even move to your next task to KILL win32 dialer.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 10, 2007, 03:05:37 PM
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.

after that i nid to add what file??
The one/s which you say are detected as infected file and you wanted to email, I though you knew what they were from your previous posts.

thx for ur help. I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

erm... I try but cant add. Add cant b choosen
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 10, 2007, 05:50:09 PM
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.

after that i nid to add what file??
The one/s which you say are detected as infected file and you wanted to email, I though you knew what they were from your previous posts.

thx for ur help. I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

erm... I try but cant add. Add cant b choosen

yes, i know where the infected files but i remove all to chest alrdy. after that i should take no action and attach to avast mail next time i hv detect it?? Or hv other way??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 10, 2007, 06:32:27 PM
In theory there should be no need to send files to avast that are already detected by avast unless you feel that the detection isn't correct.
So no need to take any action other than leave them in the chest foe a few weeks, scan the file again inside the chest (right click on the file) and if it is still detected then delete it from within the chest.

The only reason for giving the information was because you expressed you wanted to email the files to avast and were trying to find out how to do this in outlook. So I said they could be sent from the chest.

If you have already sent the files to the chest when they were detected there is no need to add them as they would be in the Infected Files section and could be sent from there.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 11, 2007, 09:06:52 AM
In theory there should be no need to send files to avast that are already detected by avast unless you feel that the detection isn't correct.
So no need to take any action other than leave them in the chest foe a few weeks, scan the file again inside the chest (right click on the file) and if it is still detected then delete it from within the chest.

The only reason for giving the information was because you expressed you wanted to email the files to avast and were trying to find out how to do this in outlook. So I said they could be sent from the chest.

If you have already sent the files to the chest when they were detected there is no need to add them as they would be in the Infected Files section and could be sent from there.

Thx. But that virus still attacking my pc, have any ways to protect from that virus?? Or just Like SpeedPc say just kill my Pc??  :'(
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on September 11, 2007, 02:13:04 PM
But that virus still attacking my pc
I generally suggest that will be good if you download, install, update and run AVG Antispyware (http://www.ewido.net/en/). Some users recommend SUPERantispyware (http://www.superantispyware.com), Spyware Terminator (http://www.spywareterminator.com/) and/or a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

Also, if you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest AVG (http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0), Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx) and/or F-Secure BlackLight (http://www.f-secure.com/blacklight/try_blacklight.html).

If after that, you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 11, 2007, 02:32:44 PM
Personally I discounted SpeedyPCs comment as I don't believe we are that far down the road yet.

What did you do about the items I mentioned in my reply #8 in this topic, http://forum.avast.com/index.php?topic=30139.msg250229#msg250229 (http://forum.avast.com/index.php?topic=30139.msg250229#msg250229), did you fix them in HJT, etc. ?
Did you send the files to VirusTotal and Jotti as suggested, you never mentioned if you had ?

Take some time in rereading that post again, there are a number of links for the different entries that you should visit

You should also include in the fix the item mentioned by Maxx_original:
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce

Also I have been rereading the topic and your comment after my reply (link above) had me thinking you want to send the suspect files mentioned in my reply rather than infected files in the chest. The location of the files you get from your HJT log entries that I quoted.

I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

Do you connect by dial-up to the internet ?
If not a dialler isn't such a great issue as it can't do what its purpose is, to dial premium rate number to connect to the internet rather than your ISPs dial-up number. But, we still want to get rid of it.

How is it attacking your PC, do you simply mean it keeps coming back and avast keeps detecting it, or do you mean something more ?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 11, 2007, 07:04:42 PM
yes, i hv rereading the post. But actually i have do it all. Some ways like SuperAntiSpyware i hv try it too but after i quarentine the threat, it harm my pc and force to release those files. And i send the files to VirusTotal and Jotti already. "O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll", i dont dare to fix it. This is because i have use SuperAntiSpyware quarrentine this file and my pc could'nt work properly. Yes, i connected by dial-up to the internet. It have modified some files and make it cant work. My avast! antivirus also modified by it and cant be work. After i repair the Avast! only can work back. I already solve many virus problem in my pc, this is the last i cant settle :'(
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 12, 2007, 05:30:25 AM
i do 1 more scan 1 of the files and this is result:

AhnLab-V3 2007.9.11.1 2007.09.11 -
AntiVir 7.6.0.5 2007.09.12 TR/Dialer.VUB
Authentium 4.93.8 2007.09.12 W32/Trojan.BWCN
Avast 4.7.1043.0 2007.09.11 Win32:Dialer-1026
AVG 7.5.0.485 2007.09.11 SHeur.AID
BitDefender 7.2 2007.09.12 Dropped:Trojan.Dialer.VUB
CAT-QuickHeal 9.00 2007.09.11 -
ClamAV 0.91.2 2007.09.12 -
DrWeb 4.33 2007.09.11 Dialer.Doing
eSafe 7.0.15.0 2007.09.11 suspicious Trojan/Worm
eTrust-Vet 31.1.5127 2007.09.12 -
Ewido 4.0 2007.09.11 Trojan.Dialer.tn
FileAdvisor 1 2007.09.12 -
Fortinet 3.11.0.0 2007.09.12 W32/Dialer.TN!tr
F-Prot 4.3.2.48 2007.09.12 W32/Trojan.BWCN
F-Secure 6.70.13030.0 2007.09.11 Trojan.Win32.Dialer.tn
Ikarus T3.1.1.12 2007.09.12 Trojan-Dialer.VUB
Kaspersky 4.0.2.24 2007.09.12 Trojan.Win32.Dialer.tn
McAfee 5117 2007.09.11 -
Microsoft 1.2803 2007.09.12 -
NOD32v2 2523 2007.09.12 probably a variant of Win32/Dialer
Norman 5.80.02 2007.09.11 W32/Malware.ABDY
Panda 9.0.0.4 2007.09.11 Suspicious file
Prevx1 V2 2007.09.12 -
Rising 19.40.20.00 2007.09.12 -
Sophos 4.21.0 2007.09.12 -
Sunbelt 2.2.907.0 2007.09.12 -
Symantec 10 2007.09.12 -
TheHacker 6.1.10.184 2007.09.11 -
VBA32 3.12.2.4 2007.09.12 Trojan.Win32.Dialer.tn
VirusBuster 4.3.26:9 2007.09.11 -
Webwasher-Gateway 6.0.1 2007.09.12 Trojan.Dialer.VUB
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 12, 2007, 06:20:21 AM
"O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll", i dont dare to fix it. This is because i have use SuperAntiSpyware quarrentine this file and my pc could'nt work properly.
What went wrong when you did this?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 12, 2007, 08:44:48 AM
My pc will go very slow and many application going error
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: SpeedyPC on September 12, 2007, 09:54:08 AM
Time to reformat your HD as I said before.

Just wait for DavidR to reply first before you go ahead and kill your HD.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 12, 2007, 01:53:41 PM
Why do you feel it is time to format, you didn't offer a reason why that is necessary.

If the only problem on the system is this dialler then there is absolutely no way I would format for that, especially since avast detects it every time it rears its ugly head.

Yes there is most certainly a downloader hidden on the system and I still don't know if calciver has done everything that has bee suggested because answers have been sparce and no details given on results, just answers like I have done it all don't give information to suggest other actions.

calciver hasn't posted a new hijackthis log to show us what he has fixed and if things have been dealt with or not. This lack of confirmation just makes the task harder as we keep having to ask for confirmation.

The most important I feel are the anti-rootkit tools to try and find what is hiding the downloader and we don't know exactly what has been run or what results returned.

@ mauserme
Do you think Combofix would be a worthwhile option as doesn't it use the GMER anti-rootkit, which is one of the best but not for the novice to use as a stand alone application ?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on September 12, 2007, 02:16:03 PM
I see no reason for reformatting (yet).
Why don't you test antispyware tools?
AVG Antispyware (http://www.ewido.net/en/)
SUPERantispyware (http://www.superantispyware.com)
Spyware Terminator (http://www.spywareterminator.com/)
a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 12, 2007, 07:57:08 PM
I see no reason for reformatting (yet).
Why don't you test antispyware tools?
AVG Antispyware (http://www.ewido.net/en/)
SUPERantispyware (http://www.superantispyware.com)
Spyware Terminator (http://www.spywareterminator.com/)
a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

I hv try it already, but nothing detect. And i fix my problem at windows advance care then my pc going a bit strange... :P
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 12, 2007, 07:58:15 PM
new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:30 AM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\U040YIUQ.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O20 - AppInit_DLLs: jzgpri.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7415 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 12, 2007, 08:05:50 PM
Please also run ComboFix and post the log it produces.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: FreewheelinFrank on September 12, 2007, 08:11:49 PM
O20 - AppInit_DLLs: jzgpri.dll

http://www.castlecops.com/p981744-MD5_228b2084b7ade49987c38d87f84e1903_jzgpri_dll.html (http://www.castlecops.com/p981744-MD5_228b2084b7ade49987c38d87f84e1903_jzgpri_dll.html)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\U040YIUQ.dll

http://forums.techguy.org/malware-removal-hijackthis-logs/618604-solved-spyware-virus-infection.html (http://forums.techguy.org/malware-removal-hijackthis-logs/618604-solved-spyware-virus-infection.html)

Please disable 'Hide protected operating system files' (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) and enable 'View Hidden Files and Folders' (http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp), and upload the above files to VirusTotal (http://www.virustotal.com/) for analysis.

Then zap 'em with HijackThis! If that doesn't work, try Bitdefender online scanner or SUPERAntiSpyware, as these detect the nasties.

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 12, 2007, 08:37:38 PM
Did you investigate bumping up the security level in comodo firewall as there are new suspect entries from your previous HJT log ?

We have got to try and stop what is on your system connecting to download more malware.

Zero hits on google, Upload to VirusTotal, add to user files section of avast chest, submit to avast and fix
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\U040YIUQ.dll
This is very similar to a previous O2 - BHO entry but with a different file name at the end.

This was on your last HJT but you haven't fixed it or it is back ?
O20 - AppInit_DLLs: jzgpri.dll
See this link - http://fileinfo.prevx.com/spyware/qq2607102335366-JZGP43370664/JZGPRI.DLL.html (http://fileinfo.prevx.com/spyware/qq2607102335366-JZGP43370664/JZGPRI.DLL.html)

Is this your ISP tm.net.my (Malaysia) as that is where this entry points it may be an indication of Wareout infection?
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5

Did you install this as it appears to be in a different location to what is usual.?
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 07:27:25 AM
Did you investigate bumping up the security level in comodo firewall as there are new suspect entries from your previous HJT log ?

We have got to try and stop what is on your system connecting to download more malware.

Zero hits on google, Upload to VirusTotal, add to user files section of avast chest, submit to avast and fix
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\U040YIUQ.dll
This is very similar to a previous O2 - BHO entry but with a different file name at the end.

This was on your last HJT but you haven't fixed it or it is back ?
O20 - AppInit_DLLs: jzgpri.dll
See this link - http://fileinfo.prevx.com/spyware/qq2607102335366-JZGP43370664/JZGPRI.DLL.html (http://fileinfo.prevx.com/spyware/qq2607102335366-JZGP43370664/JZGPRI.DLL.html)

Is this your ISP tm.net.my (Malaysia) as that is where this entry points it may be an indication of Wareout infection?
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5

Did you install this as it appears to be in a different location to what is usual.?
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe


When the dialer infect, comodo firewall did'nt bumping the warning as new suspect entry. That web assist i hv fix it, i think it come back already. And that 1 O17 i dont know wat is that. fts.exe it show at C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe only.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 07:28:56 AM
new hjk log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:24 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7286 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 07:48:27 AM
Because of cannot post more than 1000 word, so i post my log with attachments. And when i install, avast has detect a trojan horse win32:Dadobra-EY in the C:\combofix\Cfiles.cf
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 13, 2007, 01:47:25 PM
When the dialer infect, comodo firewall did'nt bumping the warning as new suspect entry. That web assist i hv fix it, i think it come back already. And that 1 O17 i dont know wat is that. fts.exe it show at C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe only.

Well the O2 BHO Web Assist doesn't appear in your latest log so hopefully that is gone.

The O17 entry normally would be associated with your ISP now if your ISP isn't in Malaysia then this is more likely to be malicious and possibly a wareout infection. What is your ISP ?

The question about fts.exe was not so much is it in another location, but did you install it (I can only assume it is something to do with your connection ?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 02:39:36 PM
my ISP is TM net, in malaysia. And then the fts.exe i nvr install it but may b it is come with the installer pack. New log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:23 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7319 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 02:43:42 PM
i very weird about something... all the thing i scan alrdy and my pc is clean now. But the dialer look like will infected my pc when i was online. After i move it to chest then clear all the TEMP files then reboot pc and online back.... it still detect by avast with different name.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 13, 2007, 03:01:31 PM
Quote from: calciver
my ISP is TM net, in malaysia. And then the fts.exe i nvr install it but may b it is come with the installer pack.

That is fine.

I don't see anything obvious in your new log.

I have had a quick look at the combofix logs and it seems that has also done some good work in quarantining a number of files and registry entries. I will however leave any analysis to mauserme as he is much more familiar with that tool.
Since this is back whilst browsing you need to start taking some additional measures. First I would suggest using a different browser, opera or firefox.

I would also suggest you start looking at your browsing habits and pre scan some of the sites you use. DrWeb link scanner is only one and that has an extension for firefox and also IE I believe.

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: SpeedyPC on September 13, 2007, 03:35:21 PM
DavidR do you think is a great idea to start cloning his HD, unless you guys are 100% the virus is dead gone I mean GONE!
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 13, 2007, 05:21:57 PM
Cloning the HD is really only recommended when you are certain that there is no infection and is something that should really be top of the software lists early on. Boy would this have been easy if hard disk image back-ups had been done regularly prior to any infection.

I would say the combofix logs need to be analyse first by someone that is familiar with them, but from what I see it is a big improvement. What needs to be found is why they the dialler is still arriving on the system (C:\Documents and Settings\NetworkService\Local Settings\Temp\) to be detected. If it is being downloaded (we still have work to do) using http I would have expected the web shield to detect it before it gets to the HDD.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 05:28:56 PM
Agree. I feel strange bout this dialer. I hv try online and just put it and half hour ago avast sure detect it in TEMP folder.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 13, 2007, 05:47:34 PM
Patience  - I have you logs but will not be able to review them until a little later.   Combofix removed much but possibly not all.

How is the computer running at the moment?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 08:04:10 PM
Patience  - I have you logs but will not be able to review them until a little later.   Combofix removed much but possibly not all.

How is the computer running at the moment?

Erm.. still same. And the dialer still detected. I use the last spyware scanner that Tech™ introduce, i detect 2 backdoor downloader that avg anti-spyware gv me the result show ntg. SUPERantispyware had scan many thread but almost hard my pc also. Now i quarentine that backdoor, should i delete it from my pc??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 13, 2007, 08:14:21 PM
erm.. have any1 at here have a avg uninstaller or cleaner?? I want to uninstall my avg antispyware ???
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 13, 2007, 08:17:22 PM
There is still some malware on your computer including at least one adware and, of sourse, a downloader.  Sometimes removing certain adware can damage your internet connection.  This is not common, but if it happens at any point during the following fixes you should be able to repair it as follows:

>>  Open Super AntiSpyware  and click the Preferences button.  Then click the Repairs tab.
>>  Scroll down and highlight Repair Broken Network Connection (WinSock LSP Chain)
>>  Click perform Repair

Again, use this only if you lose your internet connection


Please download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe)  by OldTimer and save it to your desktop. 

Double-click OTMoveIt.exe to run it.  Copy the file path below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\WINDOWS\system32\U040YIUQ.dll
C:\WINDOWS\system32\2177Ej5w.dll
C:\WINDOWS\system32\d014u8v8.dll
C:\WINDOWS\system32\Msb8BVx2.dll
C:\WINDOWS\system32\Y0fRCQRR.dll
C:\WINDOWS\system32\P5TvP218.dll
C:\WINDOWS\system32\fv7348t6.dll
C:\WINDOWS\system32\3LNak2sT.dll
C:\WINDOWS\WEBASSIST.DLL
C:\WINDOWS\system32\HGNB0WUO.DLL
C:\WINDOWS\system32\056205C6.exe


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new ComboFix log and Hijack log (run in that order).
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


You have quite a lot in your scheduled tasks.   Please review these in the ComboFix log and let me know if you put them there.

Also, please upload this file to Virus Total[/u][/color] (http://www.virustotal.com/) and post the results.

C:\WINDOWS\system32\msavpw1.dll

Let's leave AVG AS alone for now.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:15:07 AM
when lost internet connection only use OT move it?? I already uninstall and install spyware terminator. Spyware terminator alrdy detected C:\WINDOWS\system32\056205C6.exe, and i quarentine it.

C:\WINDOWS\system32\U040YIUQ.dll
C:\WINDOWS\system32\2177Ej5w.dll
C:\WINDOWS\system32\d014u8v8.dll
C:\WINDOWS\system32\Msb8BVx2.dll
C:\WINDOWS\system32\Y0fRCQRR.dll
C:\WINDOWS\system32\P5TvP218.dll
C:\WINDOWS\system32\fv7348t6.dll
C:\WINDOWS\system32\3LNak2sT.dll
C:\WINDOWS\WEBASSIST.DLL
C:\WINDOWS\system32\HGNB0WUO.DLL

upside this files i will upload to scan after i come back from school
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on September 14, 2007, 05:18:18 AM
upside this files i will upload to scan after i come back from school
Seems all infected...
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:44:30 AM
I hv running the spyware terminator and scan but look like those files showing safe when scan. If i scan at virus total got unsafe, wat should i do??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on September 14, 2007, 05:56:13 AM
I hv running the spyware terminator and scan but look like those files showing safe when scan. If i scan at virus total got unsafe, wat should i do??
Post the virus total results here and we can analyze. I really doubt they're clean files, but, safer is asking before doing more harm to your computer.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 07:35:12 AM
C:\WINDOWS\system32\U040YIUQ.dll
C:\WINDOWS\system32\2177Ej5w.dll
C:\WINDOWS\system32\d014u8v8.dll
C:\WINDOWS\system32\Msb8BVx2.dll
C:\WINDOWS\system32\Y0fRCQRR.dll
C:\WINDOWS\system32\P5TvP218.dll
C:\WINDOWS\system32\fv7348t6.dll
C:\WINDOWS\system32\3LNak2sT.dll

Result:

AhnLab-V3 2007.9.14.0 2007.09.13 -
AntiVir 7.6.0.10 2007.09.13 TR/BHO.Agent.mio
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.13 -
AVG 7.5.0.485 2007.09.14 Adware Generic2.PDI
BitDefender 7.2 2007.09.14 Trojan.Downloader.BHO.NXO
CAT-QuickHeal 9.00 2007.09.13 -
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.13 Trojan.Virtumod.210
eSafe 7.0.15.0 2007.09.13 -
eTrust-Vet 31.1.5134 2007.09.13 -
Ewido 4.0 2007.09.13 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 Adware/BHO
F-Prot 4.3.2.48 2007.09.13 -
F-Secure 6.70.13030.0 2007.09.14 -
Ikarus T3.1.1.12 2007.09.14 not-a-virus:AdWare.Win32.BHO.fd
Kaspersky 4.0.2.24 2007.09.14 not-a-virus:AdWare.Win32.BHO.fd
McAfee 5119 2007.09.13 potentially unwanted program Adware-BHO
Microsoft 1.2803 2007.09.14 -
NOD32v2 2529 2007.09.13 -
Norman 5.80.02 2007.09.13 -
Panda 9.0.0.4 2007.09.13 Adware/BaiduBar
Prevx1 V2 2007.09.14 -
Rising 19.40.41.00 2007.09.14 -
Sophos 4.21.0 2007.09.14 -
Sunbelt 2.2.907.0 2007.09.13 -
Symantec 10 2007.09.14 Trojan.Adclicker
TheHacker 6.1.10.186 2007.09.13 -
VBA32 3.12.2.4 2007.09.13 Trojan.Virtumod.210
VirusBuster 4.3.26:9 2007.09.13 -
Webwasher-Gateway 6.0.1 2007.09.14 Trojan.BHO.Agent.mio
Additional information
File size: 184320 bytes
MD5: 9e667caaf36828c4361ba61d3022d807
SHA1: 48a0e394da403000437e122cb233bfea7a386d5f
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 08:26:23 AM
C:\WINDOWS\system32\HGNB0WUO.DLL

Result:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.14.0 2007.09.13 -
AntiVir 7.6.0.10 2007.09.13 TR/BHO.Agent.mio
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.13 -
AVG 7.5.0.485 2007.09.14 Adware Generic2.PAF
BitDefender 7.2 2007.09.14 -
CAT-QuickHeal 9.00 2007.09.13 AdWare.BHO.fb (Not a Virus)
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.13 -
eSafe 7.0.15.0 2007.09.13 -
eTrust-Vet 31.1.5134 2007.09.13 -
Ewido 4.0 2007.09.13 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 Adware/BHO
F-Prot 4.3.2.48 2007.09.13 -
F-Secure 6.70.13030.0 2007.09.14 -
Ikarus T3.1.1.12 2007.09.14 not-a-virus:AdWare.Win32.BHO.fb
Kaspersky 4.0.2.24 2007.09.14 not-a-virus:AdWare.Win32.BHO.fb
McAfee 5119 2007.09.13 potentially unwanted program Adware-BHO
Microsoft 1.2803 2007.09.14 -
NOD32v2 2529 2007.09.13 -
Norman 5.80.02 2007.09.13 -
Panda 9.0.0.4 2007.09.13 Adware/BHO
Prevx1 V2 2007.09.14 -
Rising 19.40.41.00 2007.09.14 -
Sophos 4.21.0 2007.09.14 -
Sunbelt 2.2.907.0 2007.09.13 AdWare.Win32.BHO.fb
Symantec 10 2007.09.14 Trojan.Adclicker
TheHacker 6.1.10.186 2007.09.13 -
VBA32 3.12.2.4 2007.09.13 AdWare.Win32.BHO.fb
VirusBuster 4.3.26:9 2007.09.13 -
Webwasher-Gateway 6.0.1 2007.09.14 Trojan.BHO.Agent.mio
Additional information
File size: 184320 bytes
MD5: e65a3bf6a56358cb330f503980718f8b
SHA1: a137ed5b3f71cd25da5efa3ca89f38398866b989
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 08:39:51 AM
C:\WINDOWS\WEBASSIST.DLL

Result:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.14.0 2007.09.13 Win-AppCare/Bho.84992
AntiVir 7.6.0.10 2007.09.13 ADSPY/BHO.CZ
Authentium 4.93.8 2007.09.14 W32/Agent.GBC
Avast 4.7.1043.0 2007.09.13 -
AVG 7.5.0.485 2007.09.14 Adware Generic2.IZG
BitDefender 7.2 2007.09.14 Adware.WebAssist.A
CAT-QuickHeal 9.00 2007.09.13 AdWare.BHO.cz (Not a Virus)
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.13 -
eSafe 7.0.15.0 2007.09.13 Win32.Trojan
eTrust-Vet 31.1.5134 2007.09.13 -
Ewido 4.0 2007.09.13 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 Heuri.E
F-Prot 4.3.2.48 2007.09.13 W32/Agent.GBC
F-Secure 6.70.13030.0 2007.09.14 -
Ikarus T3.1.1.12 2007.09.14 not-a-virus:AdWare.Win32.BHO.cz
Kaspersky 4.0.2.24 2007.09.14 not-a-virus:AdWare.Win32.BHO.cz
McAfee 5119 2007.09.13 potentially unwanted program Adware-BHO
Microsoft 1.2803 2007.09.14 Adware:Win32/180SolutionsNCase
NOD32v2 2529 2007.09.13 probably a variant of Win32/Adware.BHO
Norman 5.80.02 2007.09.13 -
Panda 9.0.0.4 2007.09.13 Generic Trojan
Prevx1 V2 2007.09.14 -
Rising 19.40.41.00 2007.09.14 -
Sophos 4.21.0 2007.09.14 Mal/Heuri-E
Sunbelt 2.2.907.0 2007.09.13 Trojan.Unclassified.gen
Symantec 10 2007.09.14 Trojan Horse
TheHacker 6.2.5.059 2007.09.14 Adware/BHO.cz
VBA32 3.12.2.4 2007.09.13 AdWare.Win32.BHO.cz
VirusBuster 4.3.26:9 2007.09.13 -
Webwasher-Gateway 6.0.1 2007.09.14 Ad-Spyware.BHO.CZ
Additional information
File size: 84992 bytes
MD5: a4c2283b3031480afe4080bcdd37fa91
SHA1: 5d140c803ef23f6f853afd6f718bfc0fa856cbef
packers: UPX
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 09:05:59 AM
should i run panda the clean them??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 14, 2007, 02:16:38 PM
I think I didn't explain my thoughts as well as I could have.  Here are the steps I was suggesting:


Step #1: - This will remove all of the files listed below in bold and will be easier and quicker than Panda.

Download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe)  by OldTimer and save it to your desktop. 

Double-click OTMoveIt.exe to run it.  Copy the file path below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\WINDOWS\system32\U040YIUQ.dll
C:\WINDOWS\system32\2177Ej5w.dll
C:\WINDOWS\system32\d014u8v8.dll
C:\WINDOWS\system32\Msb8BVx2.dll
C:\WINDOWS\system32\Y0fRCQRR.dll
C:\WINDOWS\system32\P5TvP218.dll
C:\WINDOWS\system32\fv7348t6.dll
C:\WINDOWS\system32\3LNak2sT.dll
C:\WINDOWS\WEBASSIST.DLL
C:\WINDOWS\system32\HGNB0WUO.DLL
C:\WINDOWS\system32\056205C6.exe


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.  If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.


Step #2:

Run ComboFix again and post a new log


Step #3:

Run HijackThis again and post a new log


Step #4:

Review this list of scheduled tasks - have you put these there?

Quote
Contents of the 'Scheduled Tasks' folder
"2007-09-12 16:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-09-08 01:00:00 C:\WINDOWS\Tasks\At10.job"
"2007-08-31 19:00:00 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-31 20:00:00 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-08 01:00:00 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-13 02:00:00 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 03:00:00 C:\WINDOWS\Tasks\At108.job"
"2007-09-12 04:00:00 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-13 02:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-09-02 05:00:00 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-10 06:00:00 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 07:00:00 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 08:00:00 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 09:00:00 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 10:00:00 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-09 11:00:00 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 12:00:00 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 13:00:00 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 14:00:00 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 03:00:01 C:\WINDOWS\Tasks\At12.job"
"2007-09-12 15:00:00 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 04:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-09-02 05:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-09-10 06:00:00 C:\WINDOWS\Tasks\At15.job"
"2007-09-12 07:00:00 C:\WINDOWS\Tasks\At16.job"
"2007-09-12 08:00:00 C:\WINDOWS\Tasks\At17.job"
"2007-09-12 09:00:00 C:\WINDOWS\Tasks\At18.job"
"2007-09-12 10:00:00 C:\WINDOWS\Tasks\At19.job"
"2007-09-12 17:00:00 C:\WINDOWS\Tasks\At2.job"
"2007-09-09 11:00:00 C:\WINDOWS\Tasks\At20.job"
"2007-09-12 12:00:00 C:\WINDOWS\Tasks\At21.job"
"2007-09-12 13:00:00 C:\WINDOWS\Tasks\At22.job"
"2007-09-12 14:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-09-12 15:00:00 C:\WINDOWS\Tasks\At24.job"
"2007-09-12 18:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-31 19:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-31 20:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-01 06:40:41 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-01 06:40:41 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-09-12 16:01:00 C:\WINDOWS\Tasks\At73.job"
"2007-09-12 17:01:00 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 18:01:00 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-31 19:01:00 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-31 20:01:00 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-01 06:40:41 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At80.job"
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-08 01:02:02 C:\WINDOWS\Tasks\At82.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-13 02:02:10 C:\WINDOWS\Tasks\At83.job"
"2007-09-12 03:02:06 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 04:02:08 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-02 05:03:00 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-10 06:02:09 C:\WINDOWS\Tasks\At87.job"
"2007-09-12 07:02:03 C:\WINDOWS\Tasks\At88.job"
"2007-09-12 08:01:00 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-09 00:00:30 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-09-12 09:01:00 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 10:01:00 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-09 11:03:00 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 12:01:54 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 13:01:00 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 14:02:04 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 15:01:00 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 16:00:00 C:\WINDOWS\Tasks\At97.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 17:00:00 C:\WINDOWS\Tasks\At98.job"
"2007-09-12 18:00:00 C:\WINDOWS\Tasks\At99.job"
- C:\WINDOWS\system32\010M3X7k.exe


Step #5:

Upload this file to Virus Total[/u][/color] (http://www.virustotal.com/) and post the results.

C:\WINDOWS\system32\msavpw1.dll
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 04:56:36 PM
C:\WINDOWS\system32\U040YIUQ.dll unregistered successfully.
C:\WINDOWS\system32\U040YIUQ.dll moved successfully.
C:\WINDOWS\system32\2177Ej5w.dll NOT unregistered.
C:\WINDOWS\system32\2177Ej5w.dll moved successfully.
C:\WINDOWS\system32\d014u8v8.dll NOT unregistered.
C:\WINDOWS\system32\d014u8v8.dll moved successfully.
C:\WINDOWS\system32\Msb8BVx2.dll NOT unregistered.
C:\WINDOWS\system32\Msb8BVx2.dll moved successfully.
C:\WINDOWS\system32\Y0fRCQRR.dll NOT unregistered.
C:\WINDOWS\system32\Y0fRCQRR.dll moved successfully.
C:\WINDOWS\system32\P5TvP218.dll NOT unregistered.
C:\WINDOWS\system32\P5TvP218.dll moved successfully.
C:\WINDOWS\system32\fv7348t6.dll NOT unregistered.
C:\WINDOWS\system32\fv7348t6.dll moved successfully.
C:\WINDOWS\system32\3LNak2sT.dll NOT unregistered.
C:\WINDOWS\system32\3LNak2sT.dll moved successfully.
C:\WINDOWS\WEBASSIST.DLL NOT unregistered.
C:\WINDOWS\WEBASSIST.DLL moved successfully.
C:\WINDOWS\system32\HGNB0WUO.DLL NOT unregistered.
C:\WINDOWS\system32\HGNB0WUO.DLL moved successfully.
File/Folder C:\WINDOWS\system32\056205C6.exe not found.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:12:41 PM
combo fix log
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:23:30 PM
hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:06 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinClamAVShield\sp_clamsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8180 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:32:27 PM
Review this list of scheduled tasks - have you put these there?

Quote
Contents of the 'Scheduled Tasks' folder
"2007-09-12 16:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-09-08 01:00:00 C:\WINDOWS\Tasks\At10.job"
"2007-08-31 19:00:00 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-31 20:00:00 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-08-30 04:15:12 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-08 01:00:00 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-13 02:00:00 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 03:00:00 C:\WINDOWS\Tasks\At108.job"
"2007-09-12 04:00:00 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-13 02:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-09-02 05:00:00 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-10 06:00:00 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 07:00:00 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 08:00:00 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 09:00:00 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 10:00:00 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-09 11:00:00 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 12:00:00 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 13:00:00 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 14:00:00 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 03:00:01 C:\WINDOWS\Tasks\At12.job"
"2007-09-12 15:00:00 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 04:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-09-02 05:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-09-10 06:00:00 C:\WINDOWS\Tasks\At15.job"
"2007-09-12 07:00:00 C:\WINDOWS\Tasks\At16.job"
"2007-09-12 08:00:00 C:\WINDOWS\Tasks\At17.job"
"2007-09-12 09:00:00 C:\WINDOWS\Tasks\At18.job"
"2007-09-12 10:00:00 C:\WINDOWS\Tasks\At19.job"
"2007-09-12 17:00:00 C:\WINDOWS\Tasks\At2.job"
"2007-09-09 11:00:00 C:\WINDOWS\Tasks\At20.job"
"2007-09-12 12:00:00 C:\WINDOWS\Tasks\At21.job"
"2007-09-12 13:00:00 C:\WINDOWS\Tasks\At22.job"
"2007-09-12 14:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-09-12 15:00:00 C:\WINDOWS\Tasks\At24.job"
"2007-09-12 18:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-31 19:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-31 20:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-01 06:40:41 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-01 06:40:41 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-09-12 16:01:00 C:\WINDOWS\Tasks\At73.job"
"2007-09-12 17:01:00 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 18:01:00 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-31 19:01:00 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-31 20:01:00 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-01 06:40:41 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At80.job"
"2007-08-11 13:35:52 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-08 01:02:02 C:\WINDOWS\Tasks\At82.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-13 02:02:10 C:\WINDOWS\Tasks\At83.job"
"2007-09-12 03:02:06 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 04:02:08 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-02 05:03:00 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-10 06:02:09 C:\WINDOWS\Tasks\At87.job"
"2007-09-12 07:02:03 C:\WINDOWS\Tasks\At88.job"
"2007-09-12 08:01:00 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-08-09 00:00:30 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\p1gkLQOH.exe
"2007-09-12 09:01:00 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 10:01:00 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-09 11:03:00 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 12:01:54 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 13:01:00 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 14:02:04 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 15:01:00 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 16:00:00 C:\WINDOWS\Tasks\At97.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 17:00:00 C:\WINDOWS\Tasks\At98.job"
"2007-09-12 18:00:00 C:\WINDOWS\Tasks\At99.job"
- C:\WINDOWS\system32\010M3X7k.exe

[/quote]

what is this means??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:33:37 PM
C:\WINDOWS\system32\msavpw1.dll

result:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 TR/Spy.Gen
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.14 -
AVG 7.5.0.485 2007.09.14 PSW.OnlineGames.FLV
BitDefender 7.2 2007.09.14 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 2007.09.14 -
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.14 BACKDOOR.Trojan
eSafe 7.0.15.0 2007.09.13 -
eTrust-Vet 31.1.5135 2007.09.14 Win32/Inhoo!generic
Ewido 4.0 2007.09.14 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 W32/Small.CD48!tr
F-Prot 4.3.2.48 2007.09.13 -
F-Secure 6.70.13030.0 2007.09.14 W32/Malware.AFEA
Ikarus T3.1.1.12 2007.09.14 BehavesLikeWin32.ExplorerHijack
Kaspersky 4.0.2.24 2007.09.14 -
McAfee 5119 2007.09.13 -
Microsoft 1.2803 2007.09.14 -
NOD32v2 2530 2007.09.14 probably a variant of Win32/Genetik
Norman 5.80.02 2007.09.14 W32/Malware.AFEA
Panda 9.0.0.4 2007.09.14 Generic Trojan
Prevx1 V2 2007.09.14 -
Rising 19.40.42.00 2007.09.14 Trojan.PSW.Win32.OnlineGames.xuf
Sophos 4.21.0 2007.09.14 Mal/Behav-010
Sunbelt 2.2.907.0 2007.09.13 Win32.ExplorerHijack
Symantec 10 2007.09.14 Infostealer.Gampass
TheHacker 6.2.5.059 2007.09.14 -
VBA32 3.12.2.4 2007.09.14 suspected of Trojan-PSW.Game.58 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.14 -
Webwasher-Gateway 6.0.1 2007.09.14 Trojan.Spy.Gen
Additional information
File size: 27136 bytes
MD5: df2b99ae949759f752b89191fc5244ba
SHA1: 20d01f5f661b54062c81f4cba1d617e2a464d3ad
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:40:58 PM
below is some files that i feel may b it is thread also then i send to virustotal scan. below is result:

C:\WINDOWS\system32\msavpw0.dll


Antivirus Version Last Update Result
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 TR/Spy.Gen
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.14 -
AVG 7.5.0.485 2007.09.14 PSW.OnlineGames.FLV
BitDefender 7.2 2007.09.14 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 2007.09.14 -
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.14 BACKDOOR.Trojan
eSafe 7.0.15.0 2007.09.13 -
eTrust-Vet 31.1.5135 2007.09.14 Win32/Inhoo!generic
Ewido 4.0 2007.09.14 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 W32/Small.CD48!tr
F-Prot 4.3.2.48 2007.09.13 -
F-Secure 6.70.13030.0 2007.09.14 W32/Malware.AFEA
Ikarus T3.1.1.12 2007.09.14 BehavesLikeWin32.ExplorerHijack
Kaspersky 4.0.2.24 2007.09.14 -
McAfee 5119 2007.09.13 -
Microsoft 1.2803 2007.09.14 -
NOD32v2 2530 2007.09.14 probably a variant of Win32/Genetik
Norman 5.80.02 2007.09.14 W32/Malware.AFEA
Panda 9.0.0.4 2007.09.14 Generic Trojan
Prevx1 V2 2007.09.14 -
Rising 19.40.42.00 2007.09.14 Trojan.PSW.Win32.OnlineGames.xuf
Sophos 4.21.0 2007.09.14 Mal/Behav-010
Sunbelt 2.2.907.0 2007.09.13 Win32.ExplorerHijack
Symantec 10 2007.09.14 Infostealer.Gampass
TheHacker 6.2.5.059 2007.09.14 -
VBA32 3.12.2.4 2007.09.14 suspected of Trojan-PSW.Game.58 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.14 -
Webwasher-Gateway 6.0.1 2007.09.14 Trojan.Spy.Gen
Additional information
File size: 27136 bytes
MD5: df2b99ae949759f752b89191fc5244ba
SHA1: 20d01f5f661b54062c81f4cba1d617e2a464d3ad

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 14, 2007, 05:42:49 PM
Review this list of scheduled tasks - have you put these there?

Quote
Contents of the 'Scheduled Tasks' folder
<snip>
"2007-09-09 11:03:00 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 12:01:54 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 13:01:00 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 14:02:04 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 15:01:00 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\056205C6.exe
"2007-09-12 16:00:00 C:\WINDOWS\Tasks\At97.job"
- C:\WINDOWS\system32\010M3X7k.exe
"2007-09-12 17:00:00 C:\WINDOWS\Tasks\At98.job"
"2007-09-12 18:00:00 C:\WINDOWS\Tasks\At99.job"
- C:\WINDOWS\system32\010M3X7k.exe
what is this means??

It means that these have scheduled task entries to run the files listed and you will no doubt have noticed that these match files detected as infected so I doubt you created the scheduled tasks but the malware created these to ensure your continued infected status.

You should also send the msavpw1.dll and msavpw0.dll files to virus @ avast.com (without the spaces), zipped and password protected.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 05:56:28 PM
C:\WINDOWS\system32\msxml4.dll result:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 -
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.14 -
AVG 7.5.0.485 2007.09.14 -
BitDefender 7.2 2007.09.14 -
CAT-QuickHeal 9.00 2007.09.14 -
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.14 -
eSafe 7.0.15.0 2007.09.13 -
eTrust-Vet 31.1.5135 2007.09.14 -
Ewido 4.0 2007.09.14 -
FileAdvisor 1 2007.09.14 No threat detected, but known vulnerabilities exist
Fortinet 3.11.0.0 2007.09.14 -
F-Prot 4.3.2.48 2007.09.13 -
F-Secure 6.70.13030.0 2007.09.14 -
Ikarus T3.1.1.12 2007.09.14 -
Kaspersky 4.0.2.24 2007.09.14 -
McAfee 5119 2007.09.13 -
Microsoft 1.2803 2007.09.14 -
NOD32v2 2530 2007.09.14 -
Norman 5.80.02 2007.09.14 -
Panda 9.0.0.4 2007.09.14 -
Prevx1 V2 2007.09.14 -
Rising 19.40.42.00 2007.09.14 -
Sophos 4.21.0 2007.09.14 -
Sunbelt 2.2.907.0 2007.09.13 -
Symantec 10 2007.09.14 -
TheHacker 6.2.5.059 2007.09.14 -
VBA32 3.12.2.4 2007.09.14 -
VirusBuster 4.3.26:9 2007.09.14 -
Webwasher-Gateway 6.0.1 2007.09.14 -
Additional information
File size: 1233920 bytes
MD5: 44e45bd9327abc0540593e809b32f3ca
SHA1: 1e7b38866279ae11c74d37da14d701995d6de689
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=44e45bd9327abc0540593e809b32f3ca
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 14, 2007, 06:13:26 PM
i never create the task. And i find a very strange folder, name catroot and catroot2.
Location is at C:\WINDOWS\system32\CatRoot2 and C:\WINDOWS\system32\CatRoot.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 14, 2007, 07:26:49 PM
That is why it asks you created them as a motivation to check if you did and if not to remove the scheduled tasks.

See this link re Catroot folders, http://support.microsoft.com/kb/822798 (http://support.microsoft.com/kb/822798).
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on September 14, 2007, 08:47:34 PM
i never create the task.
This is why WinPatrol could protect you against this malware behavior (creation of tasks).
www.winpatrol.com
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 14, 2007, 08:54:33 PM
We're making progress.  Just a little more and we should be done (I hope  :D).

Download WinPFind3u.exe (http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe)  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 06:55:13 AM
i never create the task.
This is why WinPatrol could protect you against this malware behavior (creation of tasks).
www.winpatrol.com

Then which in the task i should remove it??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:09:23 AM
WinPFind3 logfile created on: 9/15/2007 12:57:53 PM
WinPFind3U by OldTimer - Version 1.0.42   Folder = C:\Documents and Settings\Calciver\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
 
1022.42 Mb Total Physical Memory | 566.99 Mb Available Physical Memory | 55.46% Memory free
2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 135.31 Gb Free Space | 90.78% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HOME-E8AEAB07C2
Current User Name: Calciver
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 6:06:10 PM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 6:05:42 PM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 6:06:04 PM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 6:04:44 PM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 5:54:58 PM | Attr =    ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/22/2006 11:18:36 AM | Attr =    ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/22/2006 11:18:36 AM | Attr =    ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 9:12:20 AM | Attr =    ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 9:12:20 AM | Attr =    ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 9/25/2006 9:12:20 AM | Attr =    ]
cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 8/20/2007 6:10:56 PM | Attr =    ]
cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 8/20/2007 6:10:56 PM | Attr =    ]
ctoolbar.exe -> %ProgramFiles%\Crawler\Toolbar\CToolbar.exe -> Crawler.com [Ver = 5.0.0.90 | Size = 1862144 bytes | Modified Date = 9/6/2007 4:44:26 AM | Attr =    ]
fts.exe -> %ProgramFiles%\TM Net\tmnet streamyx dialer\fts.exe -> Friendly Technologies [Ver = 3, 0, 0, 0 | Size = 77312 bytes | Modified Date = 1/7/2004 2:37:52 PM | Attr =    ]
fwportal.exe -> %ProgramFiles%\TM Net\tmnet streamyx dialer\FWPortal.exe -> Friendly Technologies [Ver = 3.0.0.9 | Size = 800256 bytes | Modified Date = 2/3/2005 2:32:48 PM | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 9/3/2007 10:37:50 PM | Attr =    ]
nbservice.exe -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 6/29/2007 7:16:56 PM | Attr =    ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,16,0 | Size = 152872 bytes | Modified Date = 6/27/2007 7:03:40 PM | Attr =    ]
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 6/27/2007 7:04:00 PM | Attr =    ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 2,0,16,0 | Size = 1213736 bytes | Modified Date = 6/27/2007 7:04:00 PM | Attr =    ]
soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 56 | Size = 577536 bytes | Modified Date = 8/3/2006 5:12:36 AM | Attr =    ]
sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.0.0.181 | Size = 966656 bytes | Modified Date = 9/13/2007 11:54:36 PM | Attr =    ]
spywareterminatorshield.exe -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 2.0.0.175 | Size = 2778112 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
stserver.exe -> %ProgramFiles%\Spyware Terminator\STServer.Exe -> Crawler.com [Ver = 2.0.0.52 | Size = 915968 bytes | Modified Date = 9/13/2007 11:48:22 PM | Attr =    ]
tmnet connect.exe -> %ProgramFiles%\TM Net\Diagnostic Tool\tmnet connect.exe ->  [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 4/4/2005 12:43:32 PM | Attr =    ]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 12, 0, 2007, 6 | Size = 292152 bytes | Modified Date = 9/14/2007 5:00:34 AM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 5:54:58 PM | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/22/2006 11:18:36 AM | Attr =    ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 11/22/2006 10:52:00 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 6:06:04 PM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 6:05:42 PM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 6:04:44 PM | Attr =    ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 8/20/2007 6:10:56 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 8/31/2007 1:49:44 AM | Attr =    ]
(NBService) NBService [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 6/29/2007 7:16:56 PM | Attr =    ]
(NMIndexingService) NMIndexingService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 6/27/2007 7:04:00 PM | Attr =    ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe ->  [Ver =  | Size = 77824 bytes | Modified Date = 4/4/2003 2:54:50 PM | Attr =    ]
(sp_clamsrv) Spyware Terminator Clam Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinClamAVShield\sp_clamsrv.exe -> Crawler.com [Ver = 1.1.0.14 | Size = 320000 bytes | Modified Date = 6/19/2007 6:53:08 AM | Attr =    ]
(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.0.0.181 | Size = 966656 bytes | Modified Date = 9/13/2007 11:54:36 PM | Attr =    ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:12:20 AM
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
%FP%TM Net fts.exe -> %ProgramFiles%\TM Net\tmnet streamyx dialer\fts.exe -> Friendly Technologies [Ver = 3, 0, 0, 0 | Size = 77312 bytes | Modified Date = 1/7/2004 2:37:52 PM | Attr =    ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 9/25/2006 9:12:20 AM | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 6:06:10 PM | Attr =    ]
COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 8/20/2007 6:10:56 PM | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 3:57:24 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\Storm Codec\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr =    ]
SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 56 | Size = 577536 bytes | Modified Date = 8/3/2006 5:12:36 AM | Attr =    ]
SpywareTerminator -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 2.0.0.175 | Size = 2778112 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
StormCodec_Helper -> %ProgramFiles%\Storm Codec\StormSet.exe ->  [Ver =  | Size = 97357 bytes | Modified Date = 11/27/2006 2:30:28 AM | Attr =    ]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 12, 0, 2007, 6 | Size = 292152 bytes | Modified Date = 9/14/2007 5:00:34 AM | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:13:10 AM
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,16,0 | Size = 152872 bytes | Modified Date = 6/27/2007 7:03:40 PM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 9/3/2007 10:37:50 PM | Attr =    ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =    ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{0EA66AD2-CF26-2E23-532B-B292E22F3266} [HKLM] -> Reg Data - Value does not exist [] -> File not found
{759AFD5B-159F-ACD8-954C-ACD545FA6587} [HKLM] -> Reg Data - Value does not exist [jzgpri.dll] -> File not found
{86AAC8D7-BA19-48AC-9269-3C76A52642EC} [HKLM] -> %System32%\msavpw1.dll [Extr rising hook MS] ->  [Ver =  | Size = 27136 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 90112 bytes | Modified Date = 11/22/2006 11:19:40 AM | Attr =    ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:14:38 AM
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =    ]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [] -> Crawler.com [Ver = 5.0.0.119 | Size = 1122816 bytes | Modified Date = 9/6/2007 4:44:20 AM | Attr =    ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.7.4.dll [BitComet Helper] -> BitComet [Ver = 20070704 | Size = 513336 bytes | Modified Date = 7/5/2007 12:28:28 AM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/31/2007 1:49:42 AM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 9/3/2007 10:37:50 PM | Attr =    ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/31/2007 1:49:42 AM | Attr = R  ]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKLM] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.0.0.119 | Size = 1122816 bytes | Modified Date = 9/6/2007 4:44:20 AM | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/31/2007 1:49:42 AM | Attr = R  ]
WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKLM] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.0.0.119 | Size = 1122816 bytes | Modified Date = 9/6/2007 4:44:20 AM | Attr =    ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} -> Reg Data - Value does not exist [ButtonText: BitComet Search] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddLink.htm -> File not found
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddVideo.htm -> File not found
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddAllLink.htm -> File not found
Crawler Search ->  -> File not found
Download Image with Download Manager ->  -> File not found
Download URL in selection with Download Manager ->  -> File not found
Download URL with Download Manager ->  -> File not found
E&xport to Microsoft Excel ->  -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{BEBBDBC7-7013-4F5D-BA31-E3893A9E05B0} ->    (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
tbr -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll -> Crawler.com [Ver = 5.0.0.119 | Size = 1122816 bytes | Modified Date = 9/6/2007 4:44:20 AM | Attr =    ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> FilePlanet Download Control Class - CodeBase = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab ->
{48884C41-EFAC-433D-958A-9FADAC41408E} -> EGamesPlugin Class - CodeBase = https://www.e-games.com.my/com/EGamesPlugin.cab ->
{5F5F9FB8-878E-4455-95E0-F64B2314288A} -> ijjiPlugin2 Class - CodeBase = http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab ->
{7606693A-C18D-4567-AF85-6194FF70761E} -> GomWeb Control - CodeBase = http://app.gomtv.com/gom/GomWeb.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:16:35 AM
[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} ->  ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} ->  ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} ->  ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 9/6/2007 5:59:56 PM | Attr =    ]
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [Catalyst Context Menu extension] ->  [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr =    ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1807656 bytes | Modified Date = 6/22/2007 3:46:46 PM | Attr =    ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr =    ]
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [NeroCoverEd Live Icons] -> Nero AG [Ver = 2, 10, 1, 1 | Size = 1967400 bytes | Modified Date = 6/28/2007 1:58:24 PM | Attr =    ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1807656 bytes | Modified Date = 6/22/2007 3:46:46 PM | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTHandler] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
< BotCheck > ->  ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:17:47 AM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 828 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:18:55 AM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> ·1/›0vÿÀI™M?©r¼b9075105
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> Àr`½ÑD+Ñ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> p5õå¸ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> yLà#ÅP¬ÜzD1ì+ G ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> ¤Ë‰‹
‚ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 9095 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:20:32 AM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:21:01 AM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1807656 bytes | Modified Date = 6/22/2007 3:46:46 PM | Attr =    ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr =    ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 10, 3, 2 | Size = 99624 bytes | Modified Date = 6/29/2007 7:16:56 PM | Attr =    ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 9/6/2007 5:59:56 PM | Attr =    ]
{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Cover Designer] -> Nero AG [Ver = 2, 10, 1, 1 | Size = 1967400 bytes | Modified Date = 6/28/2007 1:58:24 PM | Attr =    ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTContMenu] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ ->
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTContMenu] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ ->
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [ACE] ->  [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr =    ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 10, 3, 2 | Size = 99624 bytes | Modified Date = 6/29/2007 7:16:56 PM | Attr =    ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 9/6/2007 5:59:56 PM | Attr =    ]
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTContMenu] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:21:25 AM
< ControlSets > ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} -> 8194 - Reg Data - Value does not exist ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8195 ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:21:51 AM
< Security Settings > ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:45:41 PM
< Security Settings > ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:46:05 PM
rvices\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 9095 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:46:32 PM
um\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 ->  ->
%SystemRoot% ->  ->
%SystemRoot%\System32\Wbem ->  ->
C:\Program Files\ATI Technologies\ATI.ACE\ ->  ->
C:\Program Files\Storm Codec\QTSystem\ ->  ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM ->  ->
.EXE ->  ->
.BAT ->  ->
.CMD ->  ->
.VBS ->  ->
.VBE ->  ->
.JS ->  ->
.JSE ->  ->
.WSF ->  ->
.WSH ->  ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.1159 (dnsrv.040209-1620) | Size = 10752 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 8:56:46 AM | Attr =    ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr =    ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/4/2004 8:56:54 AM | Attr =    ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/15/2003 10:52:56 AM | Attr =    ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -%1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 3003392 bytes | Modified Date = 8/4/2004 8:56:44 AM | Attr =    ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:47:30 PM
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 8:56:46 AM | Attr =    ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 3003392 bytes | Modified Date = 8/4/2004 8:56:44 AM | Attr =    ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 8:56:46 AM | Attr =    ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:48:21 PM
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ ->  ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:49:32 PM
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Scripts\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableAutoUpdate -> 1 ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\ ->  ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{1865A76F-D5F8-415C-94C2-68CB91D1F843} -> Chinese Star 2006 ->
{20D4A895-748C-4D88-871C-FDB1695B0169} -> Platform ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer ->
{242FBF70-03A3-4317-931F-FA7798F39A13} -> Winflash ->
{2F143483-68D6-4234-9346-724056818193} -> ATI Catalyst Control Center ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{364319B3-BD10-48EB-A8DE-D667B43590B0} -> NBA LIVE 07 ->
{36CDA33B-909B-4719-97D1-C4B99309BDC7} -> ATI Parental Control & Encoder ->
{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66} -> ATI HydraVision ->
{417E7710-C77B-4CB9-839A-D586A12C64E2} -> Smart Guardian ->
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->
{80EAC1F5-3067-4E57-A09F-3AF728C59FE5} -> MapleStory ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{90170409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office FrontPage 2003 ->
{90A10409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office OneNote 2003 ->
{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} -> QuickTime ->
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable ->
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0 ->
{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6} -> AVIVO Codecs ->
{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} -> MSN Messenger 7.5 ->
{D5CD3E08-6B73-471A-93D1-63C7F32118C1} -> O2Jam (e-Games) v.3.50 ->
{DB4C031D-B2F8-47F1-A274-59A8F3B61033} -> Nero 7 Essentials ->
{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer ->
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio ->
Advanced WindowsCare V2 Personal_is1 -> Advanced WindowsCare 2.51 Personal ->
All ATI Software -> ATI - Software Uninstall Utility ->
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:50:18 PM
Any Video Converter_is1 -> Any Video Converter 1.3.2 ->
ATI Display Driver -> ATI Display Driver ->
avast! -> avast! Antivirus ->
BitComet -> BitComet 0.91 ->
COMODO Firewall Pro -> COMODO Firewall Pro ->
CToolbar_UNINSTALL -> Crawler Toolbar with Web Security Guard ->
Diagnostic Tool -> Diagnostic Tool ->
GoogleVideoPlayer -> Google Video Player ->
HijackThis -> HijackThis 2.0.2 ->
InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} -> VIA Platform Device Manager ->
Kate's Video Converter_is1 -> Kate's Video Converter 2.8.4 ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KLiteCodecPack_is1 -> K-Lite Mega Codec Pack 1.52 ->
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->
Pokemon Sapphire -> Pokemon Sapphire ->
Ragnarok Online -> Ragnarok Online ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spyware Terminator_is1 -> Spyware Terminator ->
Storm Codec 5 -> Storm Codec ->
Switch -> Switch ->
tmnet streamyx dialer -> tmnet streamyx dialer ->
VN_VUIns_Rhine_VIA -> VIA Rhine-Family Fast Ethernet Adapter ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
WinPatrol -> WinPatrol 2007 ->
WinPcapInst -> WinPcap 3.0 ->
WinRAR archiver -> WinRAR archiver ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW ->
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< EventViewer Logs > -> Errors and Warnings -> Description
Application - Error - 8/16/2007 7:57:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/16/2007 9:37:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/16/2007 10:58:21 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 12:22:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 9:57:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 10:58:07 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/17/2007 2:47:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error This operation returned because the timeout period expired
Application - Error - 8/17/2007 2:47:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error The specified server cannot perform the requested operation
Application - Warning - 8/17/2007 4:16:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 10:21:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 10:27:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:07:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:09:14 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:16:39 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:23:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:31:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:33:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 12:53:29 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/18/2007 12:53:39 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/18/2007 12:53:48 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application ashSimplexe version 479360 hang module hungapp version 0000 hang address 0x00000000
Application - Error - 8/18/2007 12:56:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application ashSimplexe version 479360 hang module hungapp version 0000 hang address 0x00000000
Application - Error - 8/18/2007 12:57:10 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application ashSimplexe version 479360 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 8/18/2007 12:59:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 1:36:39 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 1:43:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 1:47:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 11:11:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 1:02:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 2:12:08 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 3:03:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 6:16:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 7:11:23 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 7:16:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 7:21:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:51:59 PM
Application - Warning - 8/18/2007 7:57:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 9:32:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 9:33:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 9:38:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 10:41:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 12:39:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 12:45:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 12:57:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:02:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/19/2007 1:11:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 1:18:28 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:20:49 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 1:32:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:34:35 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/19/2007 1:42:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 2:08:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 2:25:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 10:34:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 11:37:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 12:16:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 12:17:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 1:24:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:29:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 2:12:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 2:13:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 2:27:31 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 2:59:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 3:45:07 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 4:04:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 6:56:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 8:53:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 10:19:38 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 10:24:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:52:49 PM
Application - Warning - 8/20/2007 9:39:50 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/20/2007 1:58:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/20/2007 2:05:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/20/2007 2:38:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/20/2007 2:46:23 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/20/2007 3:01:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/20/2007 3:06:12 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/20/2007 3:19:36 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/20/2007 3:56:38 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/20/2007 4:02:20 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/20/2007 5:35:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/20/2007 6:12:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/20/2007 6:42:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/20/2007 6:42:34 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/20/2007 6:49:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/20/2007 6:49:31 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/20/2007 10:07:52 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/20/2007 10:07:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/20/2007 11:18:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = MsiInstaller -> Description = Product Nero 7 Essentials -- Error 2228Database  Unknown table ComponentCT in SQL query SELECT ComponentComponent ComponentComponentId ComponentDirectory ComponentAttributes ComponentCondition ComponentKeyPath ComponentCTMisc ComponentCTOrigName FileFile FileFileName FileFileSize FileVersion FileLanguage FileAttributes FileSequence FileCTMD5  FROM Component ComponentCT File FileCT WHERE( (ComponentComponent = FileComponent) AND (ComponentComponent = ComponentCTComponent) AND (FileFile = FileCTFile)) ORDER BY ComponentComponent
Application - Error - 8/20/2007 11:21:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = MsiInstaller -> Description = Product Nero 7 Essentials -- Error 2228Database  Unknown table ComponentCT in SQL query SELECT ComponentComponent ComponentComponentId ComponentDirectory ComponentAttributes ComponentCondition ComponentKeyPath ComponentCTMisc ComponentCTOrigName FileFile FileFileName FileFileSize FileVersion FileLanguage FileAttributes FileSequence FileCTMD5  FROM Component ComponentCT File FileCT WHERE( (ComponentComponent = FileComponent) AND (ComponentComponent = ComponentCTComponent) AND (FileFile = FileCTFile)) ORDER BY ComponentComponent
Application - Warning - 8/21/2007 2:13:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/21/2007 2:13:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/21/2007 9:13:42 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/21/2007 5:12:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/21/2007 5:12:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/21/2007 7:47:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/21/2007 7:47:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/21/2007 10:43:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/22/2007 1:06:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application DevilRo Patcherexe version 1303 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 8/22/2007 1:13:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/22/2007 1:13:21 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/22/2007 11:17:44 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/22/2007 11:17:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/23/2007 12:37:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/23/2007 12:37:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/23/2007 12:44:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application VDownloaderexe version 0400 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 8/23/2007 11:36:28 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/23/2007 11:36:30 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/23/2007 11:49:45 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/23/2007 11:49:47 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/23/2007 6:21:56 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/23/2007 6:27:31 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/23/2007 6:27:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/23/2007 6:43:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/24/2007 1:57:26 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:53:11 PM
Application - Warning - 8/24/2007 8:20:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/24/2007 9:13:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/24/2007 9:41:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/24/2007 9:41:33 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/24/2007 10:17:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/24/2007 10:17:03 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/24/2007 3:33:18 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/24/2007 8:41:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/24/2007 8:41:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/25/2007 1:02:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/25/2007 1:02:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/25/2007 9:28:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/25/2007 12:10:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/25/2007 12:46:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/25/2007 12:46:08 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/25/2007 12:52:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/25/2007 12:52:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/25/2007 1:31:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/25/2007 8:00:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/26/2007 2:41:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/27/2007 12:57:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/27/2007 12:57:54 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/27/2007 12:57:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/27/2007 1:03:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/27/2007 1:03:58 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/27/2007 2:28:22 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/27/2007 2:28:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/27/2007 2:35:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/27/2007 2:35:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/28/2007 2:01:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/28/2007 2:01:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/28/2007 6:22:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/28/2007 8:04:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/28/2007 8:04:19 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/29/2007 2:17:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/29/2007 4:29:57 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/29/2007 6:01:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/29/2007 7:10:38 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/29/2007 8:15:59 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/30/2007 4:21:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/30/2007 4:21:48 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:53:32 PM
EAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/30/2007 8:38:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/30/2007 2:34:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/30/2007 2:34:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/30/2007 4:13:56 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/30/2007 6:57:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/30/2007 11:35:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/30/2007 11:36:21 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 12:35:57 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/31/2007 12:35:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 12:38:29 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/31/2007 12:38:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 1:22:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 2:07:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 8/31/2007 2:07:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 3:56:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 6:01:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 7:04:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 7:06:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 8:15:19 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/31/2007 11:49:13 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/1/2007 4:33:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/1/2007 4:33:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/1/2007 10:48:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/1/2007 5:03:08 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/1/2007 8:29:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/1/2007 8:29:16 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/1/2007 10:00:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/2/2007 2:40:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/2/2007 1:40:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/2/2007 2:12:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/2/2007 3:04:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/5/2007 2:29:39 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/5/2007 5:32:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/5/2007 9:43:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 9/5/2007 9:46:38 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 9/5/2007 11:36:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/5/2007 11:52:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/7/2007 1:51:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/7/2007 11:31:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/7/2007 8:27:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/7/2007 8:27:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/7/2007 10:22:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = WinMgmt -> Description =
Application - Warning - 9/7/2007 10:22:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = WinMgmt -> Description =
Application - Error - 9/7/2007 10:48:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application SUPERAntiSpywareexe version 3901008 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 9/7/2007 10:49:07 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/8/2007 1:17:03 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application notepadexe version 5126002180 hang module hungapp version 0000 hang address 0x00000000
Application - Error - 9/8/2007 1:46:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error This operation returned because the timeout period expired
Application - Error - 9/8/2007 1:46:10 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error This operation returned because the timeout period expired
Application - Error - 9/8/2007 1:46:12 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error The specified server cannot perform the requested operation
Application - Warning - 9/8/2007 10:26:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/8/2007 12:35:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/8/2007 1:27:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:53:53 PM
Application - Warning - 9/8/2007 2:31:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/8/2007 2:31:20 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/8/2007 7:55:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/9/2007 6:50:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/10/2007 1:59:58 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/10/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/10/2007 4:01:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/10/2007 4:01:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/11/2007 12:07:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/11/2007 12:21:50 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/11/2007 8:22:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/12/2007 1:21:18 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error This operation returned because the timeout period expired
Application - Error - 9/12/2007 1:21:18 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error The specified server cannot perform the requested operation
Application - Error - 9/12/2007 1:22:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error This operation returned because the timeout period expired
Application - Error - 9/12/2007 1:22:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error The specified server cannot perform the requested operation
Application - Warning - 9/12/2007 2:26:57 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/12/2007 2:31:03 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/12/2007 11:09:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/12/2007 12:47:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/12/2007 6:38:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/12/2007 6:38:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/13/2007 2:04:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/13/2007 1:33:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/13/2007 2:40:21 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/13/2007 3:28:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 9/13/2007 7:47:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/14/2007 2:24:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/14/2007 2:30:33 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/14/2007 2:30:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/14/2007 9:42:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/14/2007 1:12:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/14/2007 11:12:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:54:24 PM
Application - Error - 9/15/2007 12:40:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 9/15/2007 12:54:54 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 9/15/2007 1:04:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 9/15/2007 1:07:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = Userenv -> Description =
Application - Warning - 9/15/2007 1:07:42 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 9/15/2007 9:14:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 9/15/2007 9:35:48 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
System - Error - 9/2/2007 2:14:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/2/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At112job command failed to start due to the following error 2147942402
System - Error - 9/2/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 9/2/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/2/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/2/2007 10:44:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/2/2007 10:44:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/2/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/2/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 12:19:34 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/3/2007 12:30:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Fastfat -> Description = Delayed Write FailedWindows was unable to save all the data for the file (null) The data has been lostThis error may be caused by a failure of your computer hardware or network connection Please try to save this file elsewhere
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:55:14 PM
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:55:54 PM
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 12:46:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:56:16 PM
System - Error - 9/3/2007 5:13:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/3/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At115job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 7:11:50 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/3/2007 7:16:49 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/3/2007 7:17:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Warning - 9/3/2007 7:17:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/3/2007 7:17:36 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 9/3/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/3/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 1:12:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/4/2007 1:12:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/4/2007 3:25:34 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/4/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 6:01:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/4/2007 6:01:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/4/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At116job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:57:22 PM
System - Error - 9/4/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 9:21:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/4/2007 9:21:50 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/4/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 2:03:49 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/5/2007 2:03:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/5/2007 3:36:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/5/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Warning - 9/5/2007 7:17:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/5/2007 7:17:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/5/2007 7:17:13 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/5/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 5:53:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/6/2007 6:09:21 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 9/6/2007 6:09:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Administrator - Source = DCOM -> Description =
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4AFDaswTdiBIOSCmdMonFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssTcpip
System - Error - 9/6/2007 6:10:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 9/6/2007 6:11:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/6/2007 6:12:57 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/6/2007 6:13:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:59:04 PM
System - Error - 9/4/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 9:21:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/4/2007 9:21:50 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/4/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/4/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 2:03:49 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/5/2007 2:03:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/5/2007 3:36:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/5/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Warning - 9/5/2007 7:17:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/5/2007 7:17:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/5/2007 7:17:13 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/5/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/5/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 5:53:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/6/2007 6:09:21 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 9/6/2007 6:09:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Administrator - Source = DCOM -> Description =
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 9/6/2007 6:09:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4AFDaswTdiBIOSCmdMonFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssTcpip
System - Error - 9/6/2007 6:10:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 9/6/2007 6:11:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/6/2007 6:12:57 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/6/2007 6:13:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 12:59:36 PM
System - Error - 9/6/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At116job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 7:44:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/6/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 9:39:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/6/2007 9:39:31 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/6/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/6/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 8:39:21 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/7/2007 9:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At10job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 9:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At106job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 10:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At107job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 10:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At11job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 10:44:22 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/7/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At108job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At12job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 5:33:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/7/2007 5:33:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/7/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At115job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At116job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Warning - 9/7/2007 8:26:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpip1AC7128B-89DD-482E-9BAB-F1114D458B8F
System - Error - 9/7/2007 8:27:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/7/2007 8:27:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The avast Web Scanner service terminated with the following error 10049
System - Error - 9/7/2007 9:32:13 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/7/2007 9:32:20 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/7/2007 9:32:20 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The avast Web Scanner service terminated with the following error 10049
System - Error - 9/7/2007 9:34:19 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The avast Mail Scanner service terminated unexpectedly  It has done this 1 time(s)
System - Error - 9/7/2007 10:04:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/7/2007 10:10:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:00:42 PM
System - Error - 9/7/2007 10:10:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/7/2007 10:11:18 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The avast Mail Scanner service terminated unexpectedly  It has done this 1 time(s)
System - Error - 9/7/2007 10:50:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/7/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/7/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Warning - 9/8/2007 1:02:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 9/8/2007 1:03:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/8/2007 1:18:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 1:18:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:18:32 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:18:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:18:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = sr -> Description =
System - Error - 9/8/2007 1:22:17 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 1:22:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:22:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:22:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:25:30 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 1:25:33 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:25:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:25:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:29:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 1:29:14 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:29:15 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:29:15 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:31:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 1:31:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:31:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Error - 9/8/2007 1:31:37 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = HOME-E8AEAB07C2\Calciver - Source = DCOM -> Description =
System - Warning - 9/8/2007 1:38:03 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:01:03 PM
System - Error - 9/8/2007 1:38:15 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Warning - 9/8/2007 1:57:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/8/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At99job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 8:29:18 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 9:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At10job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 9:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At106job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 10:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At107job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 10:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At11job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 11:06:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At109job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At13job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 1:25:12 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/8/2007 1:25:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At111job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At15job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 3:23:57 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/8/2007 3:24:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At115job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At116job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 9:06:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:02:50 PM
System - Error - 9/8/2007 9:07:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/8/2007 9:07:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/8/2007 9:07:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/8/2007 9:07:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/8/2007 9:07:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/8/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/8/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At99job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 2:38:45 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 2:38:45 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:03:23 PM
System - Warning - 9/9/2007 2:42:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 9/9/2007 2:42:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 9/9/2007 2:43:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 2:43:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/9/2007 2:02:50 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/9/2007 2:03:20 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/9/2007 2:03:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/9/2007 2:03:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 2:03:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/9/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At112job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At115job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At116job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 8:48:52 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 8:48:52 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/9/2007 8:49:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 8:49:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/9/2007 8:49:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 8:49:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/9/2007 9:30:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:05:20 PM
System - Error - 9/9/2007 9:30:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/9/2007 9:30:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 9:30:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/9/2007 9:31:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/9/2007 9:31:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/9/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/9/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 1:50:22 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 1:50:22 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 1:55:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 1:55:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At99job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 11:20:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/10/2007 11:20:28 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/10/2007 11:20:42 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 11:20:42 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 11:20:58 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 11:20:58 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At109job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At13job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 12:09:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 12:09:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 12:33:07 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 12:33:07 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 12:33:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:05:46 PM
System - Error - 9/10/2007 12:33:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 1:49:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/10/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At111job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At15job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At112job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 4:28:18 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/10/2007 4:28:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/10/2007 4:28:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 4:28:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 4:32:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 4:32:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 4:32:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 4:32:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At115job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 6:29:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 6:29:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 6:30:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 6:30:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 8:48:38 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/10/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 10:52:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:06:32 PM
System - Error - 9/10/2007 10:52:36 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/10/2007 10:53:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 10:53:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/10/2007 11:46:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 11:46:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/10/2007 11:48:11 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/10/2007 11:48:11 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 12:17:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 12:17:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 12:21:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 12:21:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 8:17:33 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/11/2007 2:07:21 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/11/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At112job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 7:02:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/11/2007 7:14:18 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/11/2007 7:14:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/11/2007 7:14:52 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 7:14:52 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 7:40:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 7:40:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 7:42:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:07:46 PM
System - Error - 9/11/2007 7:42:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 7:42:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 7:42:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 7:42:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 8:53:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 8:53:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 8:53:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 8:53:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 9:18:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/11/2007 9:18:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/11/2007 9:18:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 9:18:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 9:19:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/11/2007 9:19:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/11/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/11/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 2:00:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 2:00:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At99job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 2:17:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:08:52 PM
System - Error - 9/12/2007 2:17:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/12/2007 2:23:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 2:27:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 10:17:54 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 10:46:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 11:00:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At108job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 11:00:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At12job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 11:11:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/12/2007 11:11:51 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/12/2007 11:12:03 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/12/2007 11:12:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 9/12/2007 11:12:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Error - 9/12/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At109job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At13job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 2:19:34 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 2:40:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/12/2007 2:41:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At112job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At115job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Warning - 9/12/2007 6:37:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpip1AC7128B-89DD-482E-9BAB-F1114D458B8F
System - Error - 9/12/2007 6:37:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Srv -> Description = The servers call to a system service failed unexpectedly
System - Error - 9/12/2007 6:37:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Srv -> Description = The servers call to a system service failed unexpectedly
System - Error - 9/12/2007 7:26:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 9:37:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/12/2007 9:37:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/12/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/12/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:15:27 PM
System - Error - 9/13/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At99job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 2:04:58 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 2:11:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 9:40:07 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 10:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At107job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 10:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At11job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 1:05:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/13/2007 1:10:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/13/2007 1:10:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/13/2007 1:34:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At111job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At15job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 2:39:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 2:42:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At112job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 4:10:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 7:36:49 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/13/2007 7:37:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/13/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:17:58 PM
System - Error - 9/13/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/13/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At75job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 2:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At99job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 2:25:47 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/14/2007 2:31:45 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/14/2007 9:35:38 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/14/2007 10:05:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/14/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At108job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At12job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At84job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At109job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At13job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 12:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At85job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 1:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At110job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 1:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At14job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 1:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At86job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 1:13:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Warning - 9/14/2007 1:14:04 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 00E04D0E0C73  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 9/14/2007 1:14:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/14/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At111job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At15job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 2:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At87job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At112job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 3:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At88job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At113job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 4:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At89job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At114job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 5:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At90job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At115job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 6:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At91job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At116job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 7:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At92job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At117job command failed to start due to the following error 2147942402
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:18:26 PM
System - Error - 9/14/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 8:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At93job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At118job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 9:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At94job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At119job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 10:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At95job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At120job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 9/14/2007 11:00:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At96job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At73job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At97job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At74job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 1:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At98job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 1:02:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/15/2007 9:12:53 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/15/2007 9:15:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/15/2007 10:47:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
System - Error - 9/15/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At108job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At12job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 11:00:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Schedule -> Description = The At84job command failed to start due to the following error 2147942402
System - Error - 9/15/2007 12:40:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216813 for the Network Card with network address 00E04D0E0C73 has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)
System - Error - 9/15/2007 12:40:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Service Control Manager -> Description = The NTPort Library Driver service failed to start due to the following error 2001
Antivirus - Warning - 8/17/2007 11:03:49 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Nilage-AI Trj has been found in httpwww198007com0exeUPXEmbedded2af0UPX file
Antivirus - Warning - 8/17/2007 11:04:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE58NYJS9IVjopen11exeUpack file
Antivirus - Warning - 8/17/2007 11:04:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files3exeUpack file
Antivirus - Warning - 8/17/2007 11:04:18 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE563MNUL67jopen21exe file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:19:05 PM
Antivirus - Warning - 8/17/2007 11:04:23 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/17/2007 11:04:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5O501UFWHjopen31exeUpack file
Antivirus - Warning - 8/17/2007 11:04:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/17/2007 11:04:38 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE52XW7Q5M5jopen41exe file
Antivirus - Warning - 8/17/2007 11:04:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/17/2007 11:04:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/17/2007 11:04:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE51CZJNL0Wjopen71exeUpack file
Antivirus - Warning - 8/17/2007 11:04:59 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/17/2007 11:05:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5090RORSVjopen121exeUpack file
Antivirus - Warning - 8/17/2007 11:05:20 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/18/2007 12:08:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:08:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:08:12 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:09:58 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:09:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:09:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:15:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x2000000A dwRes is 2000000A
Antivirus - Warning - 8/18/2007 12:15:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs
Antivirus - Warning - 8/18/2007 12:15:53 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x2000000A dwRes is 2000000A
Antivirus - Warning - 8/18/2007 12:16:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x2000000A dwRes is 2000000A
Antivirus - Warning - 8/18/2007 12:16:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x2000000A dwRes is 2000000A
Antivirus - Warning - 8/18/2007 12:16:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x2000000A dwRes is 2000000A
Antivirus - Warning - 8/18/2007 12:16:03 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x2000000A dwRes is 2000000A
Antivirus - Warning - 8/18/2007 12:17:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:17:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:17:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:23:51 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:23:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:23:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:31:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:34:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function SuperCopyFile() has failed Return code is 00000020
Antivirus - Warning - 8/18/2007 1:34:43 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function SuperCopyFile() has failed Return code is 00000020
Antivirus - Warning - 8/18/2007 1:38:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:44:48 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:44:48 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:44:49 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:20:10 PM
Antivirus - Warning - 8/18/2007 1:49:10 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:49:10 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:49:10 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 1:56:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSSYSTEM32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 2:17:51 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 8/18/2007 2:17:51 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs
Antivirus - Warning - 8/18/2007 8:17:32 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 8/18/2007 8:17:33 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs
Antivirus - Warning - 8/18/2007 11:10:14 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5UF4RQ943jopen31exeUpack file
Antivirus - Warning - 8/18/2007 11:11:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/18/2007 11:11:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/18/2007 11:13:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE563MNUL67jopen21exe file
Antivirus - Warning - 8/18/2007 11:13:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/18/2007 11:13:21 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/18/2007 11:13:26 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/18/2007 11:13:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/18/2007 11:13:37 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5O501UFWHjopen41exe file
Antivirus - Warning - 8/18/2007 11:13:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/18/2007 11:13:44 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 11:13:51 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5WLK7S7OBjopen71exeUpack file
Antivirus - Warning - 8/18/2007 11:14:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/18/2007 11:14:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE523M3Q9QBjopen121exeUpack file
Antivirus - Warning - 8/18/2007 11:14:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/18/2007 12:30:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:31:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:31:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONexeEmbedded1c60Upack file
Antivirus - Warning - 8/18/2007 12:31:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/18/2007 12:31:59 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in cwindowssystem32ravwlmondatUpack file
Antivirus - Warning - 8/18/2007 12:32:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in cwindowssystem32ravwlmondatUpack file
Antivirus - Warning - 8/18/2007 12:34:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HHY Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE523M3Q9QBjopen121exeUpackEmbeddedMAIN file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:21:12 PM
Antivirus - Warning - 8/18/2007 12:35:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE52XW7Q5M5jopen51exeEmbedded1c60Upack file
Antivirus - Warning - 8/18/2007 12:35:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE563MNUL67jopen21exe file
Antivirus - Warning - 8/18/2007 12:35:23 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5UF4RQ943jopen31exeUpackEmbeddedMAIN file
Antivirus - Warning - 8/18/2007 12:36:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5WLK7S7OBjopen71exeUpack file
Antivirus - Warning - 8/18/2007 12:47:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 12:50:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 8/18/2007 12:50:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs
Antivirus - Warning - 8/18/2007 1:07:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CSystem Volume Informationrestore1E41D85E-4584-4A78-BC24-538BBC0D7034RP51A0024224exeEmbedded1c60Upack file
Antivirus - Warning - 8/18/2007 1:08:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CSystem Volume Informationrestore1E41D85E-4584-4A78-BC24-538BBC0D7034RP51A0024286exeUpackEmbeddedMAIN file
Antivirus - Warning - 8/18/2007 1:13:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CWINDOWSsystem32jzginsexeUpack file
Antivirus - Warning - 8/18/2007 1:15:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSTempavast4unp127129473tmpUpack file
Antivirus - Warning - 8/18/2007 1:16:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSTempavast4unp3290797tmpUpack file
Antivirus - Warning - 8/18/2007 1:18:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempavast4unp195650210tmpUpack file
Antivirus - Warning - 8/18/2007 1:56:23 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempavast4unp196953778tmpUpack file
Antivirus - Warning - 8/18/2007 1:58:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempavast4unp196953778tmpUpack file
Antivirus - Warning - 8/18/2007 1:59:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempavast4unp196953778tmpUpack file
Antivirus - Warning - 8/18/2007 1:59:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverDesktopunp196953778tmpUpack file
Antivirus - Warning - 8/18/2007 2:00:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempavast4lkUpack file
Antivirus - Warning - 8/18/2007 2:00:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempavast4lkUpack file
Antivirus - Warning - 8/18/2007 2:00:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempavast4lkUpack file
Antivirus - Warning - 8/18/2007 2:18:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 8/18/2007 2:18:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs
Antivirus - Warning - 8/18/2007 3:10:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/18/2007 6:19:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE54ZUNQTUDjopen31exeUpack file
Antivirus - Warning - 8/18/2007 6:19:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/18/2007 6:20:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5Q9KJAPG5jopen41exe file
Antivirus - Warning - 8/18/2007 6:20:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/18/2007 6:20:19 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 6:20:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE50NK1EBWBjopen71exeUpack file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:24:49 PM
Antivirus - Warning - 8/18/2007 6:20:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/18/2007 6:20:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE52XW7Q5M5jopen121exeUpack file
Antivirus - Warning - 8/18/2007 6:20:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/18/2007 6:24:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/18/2007 6:34:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONexeEmbedded1c60Upack file
Antivirus - Warning - 8/18/2007 7:57:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/18/2007 9:22:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/18/2007 9:40:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5Q14P65WNjopen21exe file
Antivirus - Warning - 8/18/2007 9:40:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/18/2007 9:40:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/18/2007 9:41:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE50NK1EBWBjopen31exeUpack file
Antivirus - Warning - 8/18/2007 9:41:04 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/18/2007 9:41:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/18/2007 9:41:09 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE58NYJS9IVjopen41exe file
Antivirus - Warning - 8/18/2007 9:41:11 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/18/2007 9:41:13 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/18/2007 9:41:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 9:41:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 9:41:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/18/2007 9:41:36 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE52XW7Q5M5jopen71exeUpack file
Antivirus - Warning - 8/18/2007 9:41:40 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/18/2007 9:41:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/18/2007 9:41:56 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5VJX22YNBjopen121exeUpack file
Antivirus - Warning - 8/18/2007 9:42:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/18/2007 9:42:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/18/2007 9:45:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 12:06:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 12:46:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE58NYJS9IVjopen21exe file
Antivirus - Warning - 8/19/2007 12:47:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 12:47:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 12:47:14 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE563MNUL67jopen31exeUpack file
Antivirus - Warning - 8/19/2007 12:47:17 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:29:43 PM
Antivirus - Warning - 8/19/2007 12:47:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 12:47:22 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5O501UFWHjopen41exe file
Antivirus - Warning - 8/19/2007 12:47:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 12:47:27 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 12:47:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 12:47:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 12:47:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 12:47:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5C1SPQZO9jopen71exeUpack file
Antivirus - Warning - 8/19/2007 12:49:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 12:49:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 12:49:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5YGGQQJ02jopen121exeUpack file
Antivirus - Warning - 8/19/2007 12:49:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 12:49:27 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 12:52:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 1:03:47 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE58NYJS9IVjopen21exe file
Antivirus - Warning - 8/19/2007 1:03:57 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 1:03:58 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 1:04:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE563MNUL67jopen31exeUpack file
Antivirus - Warning - 8/19/2007 1:04:03 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 1:04:07 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 1:04:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5O501UFWHjopen41exe file
Antivirus - Warning - 8/19/2007 1:04:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:30:19 PM
Antivirus - Warning - 8/19/2007 1:04:14 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 1:04:18 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:04:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:04:22 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:04:32 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5C1SPQZO9jopen71exeUpack file
Antivirus - Warning - 8/19/2007 1:04:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:04:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:04:50 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5YGGQQJ02jopen121exeUpack file
Antivirus - Warning - 8/19/2007 1:04:53 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 1:04:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 1:08:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 1:12:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5SDQ76NGDjopen31exeUpack file
Antivirus - Warning - 8/19/2007 1:13:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 1:13:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 1:13:07 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE50NK1EBWBjopen41exe file
Antivirus - Warning - 8/19/2007 1:13:10 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 1:13:12 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 1:13:17 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:13:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:13:21 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:13:32 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5Q9KJAPG5jopen71exeUpack file
Antivirus - Warning - 8/19/2007 1:13:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:13:37 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:13:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE58NYJS9IVjopen121exeUpack file
Antivirus - Warning - 8/19/2007 1:13:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 1:13:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 1:18:07 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 1:23:54 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5SDQ76NGDjopen71exeUpack file
Antivirus - Warning - 8/19/2007 1:23:57 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:24:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:24:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5SDQ76NGDjopen121exeUpack file
Antivirus - Warning - 8/19/2007 1:24:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 1:24:21 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:31:14 PM
Antivirus - Warning - 8/19/2007 1:27:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 1:36:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5SDQ76NGDjopen11exeUpack file
Antivirus - Warning - 8/19/2007 1:36:08 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files3exeUpack file
Antivirus - Warning - 8/19/2007 1:36:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files3exeUpack file
Antivirus - Warning - 8/19/2007 1:36:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE50NK1EBWBjopen21exe file
Antivirus - Warning - 8/19/2007 1:36:15 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 1:36:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 1:36:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5VJX22YNBjopen31exeUpack file
Antivirus - Warning - 8/19/2007 1:36:21 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 1:36:22 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 1:36:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5SDQ76NGDjopen41exe file
Antivirus - Warning - 8/19/2007 1:36:26 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 1:36:27 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 1:36:30 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:36:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:36:35 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 1:36:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE50NK1EBWBjopen71exeUpack file
Antivirus - Warning - 8/19/2007 1:36:41 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:36:42 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 1:36:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5SH270LAFjopen121exeUpack file
Antivirus - Warning - 8/19/2007 1:36:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 1:37:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 1:55:14 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 2:27:29 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE58DUV456Vjopen21exe file
Antivirus - Warning - 8/19/2007 2:27:35 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 2:27:37 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-HKX Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files4exe file
Antivirus - Warning - 8/19/2007 2:27:40 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE59K2X4X83jopen31exeUpack file
Antivirus - Warning - 8/19/2007 2:27:42 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 2:27:44 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files5exeUpack file
Antivirus - Warning - 8/19/2007 2:27:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5SDQ76NGDjopen41exe file
Antivirus - Warning - 8/19/2007 2:27:48 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 2:27:49 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32OnLineGames-SR Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files6exe file
Antivirus - Warning - 8/19/2007 2:27:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 2:27:55 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 2:27:57 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATD Trj has been found in CWINDOWSsystem32RAVWLMONDATUpack file
Antivirus - Warning - 8/19/2007 2:28:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE56B0BUJEHjopen71exeUpack file
Antivirus - Warning - 8/19/2007 2:28:09 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Antivirus - Warning - 8/19/2007 2:28:11 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files9exeUpack file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:34:55 PM
Antivirus - Warning - 8/19/2007 2:28:24 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet FilesContentIE5O501UFWHjopen121exeUpack file
Antivirus - Warning - 8/19/2007 2:28:26 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 2:28:28 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemporary Internet Files14exeUpack file
Antivirus - Warning - 8/19/2007 2:32:32 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/19/2007 10:45:59 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Delf-FNI Trj has been found in CDOCUME1CalciverLOCALS1Temp2exeUpack file
Antivirus - Warning - 8/20/2007 2:04:07 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERece3dir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:04:23 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERece3dir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 2:07:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERb5dfdir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:07:20 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERb5dfdir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 2:35:39 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER7afbdir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:35:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER7afbdir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 2:35:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER56b1dir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:35:56 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER56b1dir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 2:36:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER5915dir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:36:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER5915dir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 2:36:39 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERb5dfdir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:36:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERb5dfdir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 2:36:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERb5dfdir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:36:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERb5dfdir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 2:51:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERe91edir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 2:51:34 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWERe91edir00svchostexemdmp file
Antivirus - Warning - 8/20/2007 3:57:50 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER15fedir00svchostexehdmp file
Antivirus - Warning - 8/20/2007 3:57:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32SdBot-gen44 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTempWER15fedir00svchostexemdmp file
Antivirus - Warning - 8/23/2007 11:44:06 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Steal-H Trj has been found in CPROGRAM FILESINTERNET EXPLORERPLUGINSWINSYS64SYS file
Antivirus - Warning - 8/23/2007 11:44:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Steal-H Trj has been found in CProgram FilesInternet ExplorerPLUGINSWinSys64Sys file
Antivirus - Warning - 8/23/2007 11:44:28 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Steal-H Trj has been found in CProgram FilesInternet ExplorerPLUGINSWinSys64Sys file
Antivirus - Warning - 8/23/2007 11:45:44 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Steal-H Trj has been found in CProgram FilesInternet ExplorerPLUGINSWinSys64Sys file
Antivirus - Warning - 8/23/2007 11:45:51 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Steal-H Trj has been found in CProgram FilesInternet ExplorerPLUGINStrz2Etmp file
Antivirus - Warning - 8/23/2007 11:46:02 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Steal-H Trj has been found in CProgram FilesInternet ExplorerPLUGINStrz2Ftmp file
Antivirus - Warning - 8/25/2007 12:39:57 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATY Trj has been found in CPROGRAM FILESINTERNET EXPLORERRAVCHDMONDATUpack file
Antivirus - Warning - 8/25/2007 12:40:22 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATY Trj has been found in CProgram FilesInternet ExplorerRAVCHDMONDATUpack file
Antivirus - Warning - 8/25/2007 12:45:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATY Trj has been found in CPROGRAM FILESINTERNET EXPLORERRAVCHDMONDATUpack file
Antivirus - Warning - 8/25/2007 12:45:34 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATY Trj has been found in CPROGRAM FILESINTERNET EXPLORERRAVCHDMONDATUpack file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:37:04 PM
Antivirus - Warning - 8/25/2007 12:47:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATY Trj has been found in CProgram FilesInternet ExplorerRAVCHDMONDATUpack file
Antivirus - Warning - 8/25/2007 12:49:52 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATY Trj has been found in CProgram FilesInternet ExplorerRAVCHDMONDATUpack file
Antivirus - Warning - 8/25/2007 12:50:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-ATY Trj has been found in cprogram filesinternet explorerravchdmondatUpack file
Antivirus - Warning - 8/25/2007 12:51:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in cwindowssystem32winmdsexe file
Antivirus - Warning - 8/25/2007 5:08:04 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempoetX34Rrexe file
Antivirus - Warning - 8/26/2007 1:28:30 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Tempr3VAnSM3exe file
Antivirus - Warning - 8/26/2007 4:39:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Tempem0867kPexe file
Antivirus - Warning - 8/26/2007 11:56:34 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Temp33U0wUWCexe file
Antivirus - Warning - 8/27/2007 2:10:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempmxGwYy08exe file
Antivirus - Warning - 8/27/2007 10:15:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempXG8ox8Btexe file
Antivirus - Warning - 8/28/2007 11:29:26 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempIx40ymLrexe file
Antivirus - Warning - 8/28/2007 6:00:45 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Tempegs0jB33exe file
Antivirus - Error - 8/28/2007 8:00:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:00:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:00:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:00:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:01:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:01:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:01:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:01:55 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:02:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:02:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:02:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 8/28/2007 8:02:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Warning - 8/29/2007 12:45:45 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Tempdaxy848dexe file
Antivirus - Warning - 8/29/2007 1:11:07 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Temp88OR67atexe file
Antivirus - Warning - 8/29/2007 9:11:27 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempYCQ2eL2rexe file
Antivirus - Warning - 8/30/2007 3:28:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TemptcJRJFU1exe file
Antivirus - Warning - 8/30/2007 12:30:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Templ81LhHB1exe file
Antivirus - Warning - 9/1/2007 1:25:49 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempL3qe2PL2exe file
Antivirus - Warning - 9/2/2007 1:11:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempK2sfw5s2exe file
Antivirus - Warning - 9/2/2007 10:11:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempLr3425Dkexe file
Antivirus - Warning - 9/3/2007 8:56:47 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempA5Y78gq1exe file
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:37:29 PM
Antivirus - Warning - 9/4/2007 7:25:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Temp67XE52rqexe file
Antivirus - Warning - 9/5/2007 8:29:59 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempEt6FALlYexe file
Antivirus - Error - 9/5/2007 9:50:12 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:13 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:14 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:15 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/5/2007 9:50:16 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Warning - 9/5/2007 11:20:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Onlinegames-BBJ Trj has been found in CWINDOWSsystem32jzgpridll file
Antivirus - Warning - 9/6/2007 11:41:52 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempI4RfNMW5exe file
Antivirus - Warning - 9/7/2007 6:11:16 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Temp3h4MEFyoexe file
Antivirus - Error - 9/8/2007 2:24:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:01 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:02 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Antivirus - Error - 9/8/2007 2:24:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewOnFileEmailToAlwilSoftware() basNetAlert() failed 42011
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:37:54 PM
Antivirus - Warning - 9/8/2007 2:26:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1NETWOR1LOCALS1Tempu8GmH1JHexe file
Antivirus - Warning - 9/8/2007 10:56:12 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Temp3ddYhNebexe file
Antivirus - Warning - 9/9/2007 12:58:36 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1NETWOR1LOCALS1Temp6F8a5e82exe file
Antivirus - Warning - 9/9/2007 3:46:04 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Temp3o67DUecexe file
Antivirus - Warning - 9/9/2007 11:18:58 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempBVAUANOQexe file
Antivirus - Warning - 9/10/2007 12:11:18 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempGTGeqVpYexe file
Antivirus - Error - 9/10/2007 4:40:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Error in aswChestS chest sRestoreFile Error 32
Antivirus - Error - 9/10/2007 4:40:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Error in aswChestC chestRestoreFile Error 32
Antivirus - Error - 9/10/2007 4:40:06 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = aswChestInterface - Program error description CChestListViewExtractSelectedFiles() chestGetFile() failed 32
Antivirus - Warning - 9/10/2007 11:28:25 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempmExrV0WLexe file
Antivirus - Warning - 9/11/2007 9:20:19 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-ILR Trj has been found in EhostexeEmbedded08004 file
Antivirus - Warning - 9/11/2007 9:20:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-ILR Trj has been found in EhostexeEmbedded08004 file
Antivirus - Warning - 9/11/2007 10:28:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempD5N06A1cexe file
Antivirus - Warning - 9/12/2007 11:28:30 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemp3ddYhNebexeEmbedded0e00 file
Antivirus - Warning - 9/12/2007 11:28:54 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDocuments and SettingsCalciverLocal SettingsTemp3ddYhNebexe file
Antivirus - Warning - 9/12/2007 12:11:17 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1NETWOR1LOCALS1Temp6vrDrP0fexe file
Antivirus - Warning - 9/12/2007 10:11:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1TempA8B15DFFexe file
Antivirus - Warning - 9/13/2007 1:31:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dadobra-EY Trj has been found in CComboFixCfilescf file
Antivirus - Warning - 9/13/2007 2:29:39 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Tempu51hLuK7exe file
Antivirus - Warning - 9/13/2007 8:29:00 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Ardamax-B Tool has been found in CDOCUME1CalciverLOCALS1Temp44tmp file
Antivirus - Warning - 9/13/2007 8:29:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Ardamax-X Tool has been found in CDOCUME1CalciverLOCALS1Temp43tmp file
Antivirus - Warning - 9/13/2007 8:41:04 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dialer-1026 Trj has been found in CDOCUME1CalciverLOCALS1Temp0226DdLVexe file
Antivirus - Warning - 9/13/2007 8:57:49 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dadobra-EY Trj has been found in CComboFixCfilescf file
Antivirus - Warning - 9/14/2007 11:06:41 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Dadobra-EY Trj has been found in CComboFixCfilescf file

[Files/Folders - Created Within 30 days]
boot.ini.comodofirewall -> %SystemDrive%\boot.ini.comodofirewall ->  [Ver =  | Size = 211 bytes | Created Date = 8/20/2007 6:11:37 PM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 9/8/2007 1:33:43 AM | Attr =  HS]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Created Date = 9/13/2007 1:31:25 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 9/14/2007 10:54:44 PM | Attr =    ]
1.ini -> %SystemRoot%\1.ini ->  [Ver =  | Size = 622 bytes | Created Date = 8/17/2007 11:03:53 PM | Attr =    ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 109056 bytes | Created Date = 9/13/2007 1:31:13 PM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 9/13/2007 1:32:28 PM | Attr =    ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 9/13/2007 1:31:13 PM | Attr =    ]
option.ini -> %SystemRoot%\option.ini ->  [Ver =  | Size = 187 bytes | Created Date = 9/14/2007 2:40:58 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 8/22/2007 1:42:18 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 8/22/2007 1:42:18 PM | Attr =  H ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:39:04 PM
At100.job -> %SystemRoot%\tasks\At100.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At101.job -> %SystemRoot%\tasks\At101.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At102.job -> %SystemRoot%\tasks\At102.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At103.job -> %SystemRoot%\tasks\At103.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At104.job -> %SystemRoot%\tasks\At104.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At105.job -> %SystemRoot%\tasks\At105.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At106.job -> %SystemRoot%\tasks\At106.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At107.job -> %SystemRoot%\tasks\At107.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At108.job -> %SystemRoot%\tasks\At108.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At109.job -> %SystemRoot%\tasks\At109.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At110.job -> %SystemRoot%\tasks\At110.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At111.job -> %SystemRoot%\tasks\At111.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At112.job -> %SystemRoot%\tasks\At112.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At113.job -> %SystemRoot%\tasks\At113.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At114.job -> %SystemRoot%\tasks\At114.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At115.job -> %SystemRoot%\tasks\At115.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At116.job -> %SystemRoot%\tasks\At116.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At117.job -> %SystemRoot%\tasks\At117.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At118.job -> %SystemRoot%\tasks\At118.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At119.job -> %SystemRoot%\tasks\At119.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At120.job -> %SystemRoot%\tasks\At120.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At97.job -> %SystemRoot%\tasks\At97.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At98.job -> %SystemRoot%\tasks\At98.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
At99.job -> %SystemRoot%\tasks\At99.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/30/2007 12:15:12 PM | Attr =    ]
actskin4.ocx -> %System32%\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 8/18/2007 7:18:26 PM | Attr =    ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 8/18/2007 7:18:26 PM | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 8/18/2007 7:18:31 PM | Attr =    ]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Created Date = 8/22/2007 1:40:18 PM | Attr =    ]
EGameEncrypt.dll -> %System32%\EGameEncrypt.dll ->  [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Created Date = 9/13/2007 9:04:28 PM | Attr =    ]
LogFiles -> %System32%\LogFiles ->  [Folder | Created Date = 8/29/2007 8:44:57 PM | Attr =    ]
moveex.exe -> %System32%\moveex.exe ->  [Ver =  | Size = 38400 bytes | Created Date = 9/13/2007 1:31:13 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 9/13/2007 1:31:13 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 9/13/2007 1:31:13 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 9/13/2007 1:31:13 PM | Attr =    ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:39:29 PM
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 9/13/2007 1:31:13 PM | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 8/18/2007 7:18:33 PM | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 8/18/2007 7:18:31 PM | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 8/18/2007 7:18:31 PM | Attr =    ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 8/18/2007 7:18:34 PM | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 8/18/2007 7:18:33 PM | Attr =    ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Created Date = 8/20/2007 6:10:57 PM | Attr =    ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 8/20/2007 6:10:57 PM | Attr =    ]
jkksfecqpirg.sys -> %System32%\drivers\jkksfecqpirg.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 9/15/2007 12:39:41 AM | Attr =    ]
lpklorhnpaql.sys -> %System32%\drivers\lpklorhnpaql.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 9/15/2007 12:54:38 AM | Attr =    ]
nsspjlkmgaee.sys -> %System32%\drivers\nsspjlkmgaee.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 9/15/2007 1:03:47 AM | Attr =    ]
sp_rsdrv2.sys -> %System32%\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 138624 bytes | Created Date = 9/13/2007 11:54:33 PM | Attr =    ]
hosts.msn -> %System32%\drivers\etc\hosts.msn ->  [Ver =  | Size = 734 bytes | Created Date = 8/26/2007 11:02:25 PM | Attr =    ]
Ahead -> %AllUsersAppData%\Ahead ->  [Folder | Created Date = 8/21/2007 12:43:03 AM | Attr =    ]
Comodo -> %AllUsersAppData%\Comodo ->  [Folder | Created Date = 8/20/2007 6:12:51 PM | Attr =    ]
Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Created Date = 9/12/2007 1:15:01 AM | Attr =    ]
Nero -> %AllUsersAppData%\Nero ->  [Folder | Created Date = 8/21/2007 12:37:26 AM | Attr =    ]
Spyware Terminator -> %AllUsersAppData%\Spyware Terminator ->  [Folder | Created Date = 9/13/2007 11:47:42 PM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/7/2007 10:30:58 PM | Attr =    ]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Created Date = 8/22/2007 1:42:19 PM | Attr =    ]
Comodo -> %UserAppData%\Comodo ->  [Folder | Created Date = 8/20/2007 6:12:52 PM | Attr =    ]
Spyware Terminator -> %UserAppData%\Spyware Terminator ->  [Folder | Created Date = 9/13/2007 11:47:42 PM | Attr =    ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/7/2007 10:30:53 PM | Attr =    ]
WinPatrol -> %UserAppData%\WinPatrol ->  [Folder | Created Date = 9/15/2007 12:50:57 PM | Attr =    ]
Apple -> %LocalAppData%\Apple ->  [Folder | Created Date = 8/22/2007 1:40:32 PM | Attr =    ]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Created Date = 8/22/2007 1:38:58 PM | Attr =    ]
Comodo -> %LocalAppData%\Comodo ->  [Folder | Created Date = 8/22/2007 12:08:50 AM | Attr =    ]
Identities -> %LocalAppData%\Identities ->  [Folder | Created Date = 8/18/2007 11:16:01 AM | Attr =    ]
My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Created Date = 8/26/2007 11:35:24 PM | Attr =    ]
Adobe Reader 7.0.lnk -> %AllUsersDesktop%\Adobe Reader 7.0.lnk ->  [Ver =  | Size = 1740 bytes | Created Date = 9/4/2007 1:20:39 PM | Attr =    ]
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk ->  [Ver =  | Size = 1709 bytes | Created Date = 8/18/2007 7:18:34 PM | Attr =    ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk ->  [Ver =  | Size = 1588 bytes | Created Date = 8/20/2007 6:11:37 PM | Attr =    ]
Nero StartSmart Essentials.lnk -> %AllUsersDesktop%\Nero StartSmart Essentials.lnk ->  [Ver =  | Size = 2361 bytes | Created Date = 8/21/2007 12:44:14 AM | Attr =    ]
O2Jam (e-Games).lnk -> %AllUsersDesktop%\O2Jam (e-Games).lnk ->  [Ver =  | Size = 1469 bytes | Created Date = 9/13/2007 9:04:27 PM | Attr =    ]
Spyware Terminator.lnk -> %AllUsersDesktop%\Spyware Terminator.lnk ->  [Ver =  | Size = 797 bytes | Created Date = 9/13/2007 11:50:40 PM | Attr =    ]
Advanced WindowsCare V2 Personal.lnk -> %UserDesktop%\Advanced WindowsCare V2 Personal.lnk ->  [Ver =  | Size = 753 bytes | Created Date = 9/12/2007 1:23:16 AM | Attr =    ]
ComelRO Patcher.lnk -> %UserDesktop%\ComelRO Patcher.lnk ->  [Ver =  | Size = 705 bytes | Created Date = 8/28/2007 12:12:06 AM | Attr =    ]
DevilRO Patcher.lnk -> %UserDesktop%\DevilRO Patcher.lnk ->  [Ver =  | Size = 1629 bytes | Created Date = 8/28/2007 12:06:10 AM | Attr =    ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 9/7/2007 10:16:32 PM | Attr =    ]
WinPFind3u -> %UserDesktop%\WinPFind3u ->  [Folder | Created Date = 9/15/2007 12:56:35 PM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe ->  [Ver =  | Size = 356045 bytes | Created Date = 9/15/2007 12:55:51 PM | Attr =    ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk ->  [Ver =  | Size = 1757 bytes | Created Date = 9/4/2007 1:20:39 PM | Attr =    ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:39:57 PM
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 8/20/2007 6:11:38 PM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 9/8/2007 1:33:48 AM | Attr =  HS]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 8/31/2007 12:40:32 AM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 9/15/2007 12:50:50 PM | Attr = R  ]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Modified Date = 9/13/2007 1:36:10 PM | Attr =    ]
Setup -> %SystemDrive%\Setup ->  [Folder | Modified Date = 9/13/2007 8:30:34 PM | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 9/14/2007 1:12:04 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 9/15/2007 1:02:30 AM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 9/14/2007 10:54:46 PM | Attr =    ]
1.ini -> %SystemRoot%\1.ini ->  [Ver =  | Size = 622 bytes | Modified Date = 8/19/2007 2:26:30 AM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/15/2007 12:40:32 PM | Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 1526 bytes | Modified Date = 9/12/2007 1:10:38 AM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 9/15/2007 12:58:16 AM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 9/13/2007 1:33:30 PM | Attr =    ]
IFinst27.exe -> %SystemRoot%\IFinst27.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 9/11/2007 9:23:44 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 4566 bytes | Modified Date = 8/19/2007 6:06:38 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 9/15/2007 12:46:54 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 9/8/2007 1:33:48 AM | Attr =  HS]
msettings.ini -> %SystemRoot%\msettings.ini ->  [Ver =  | Size = 22143 bytes | Modified Date = 9/13/2007 1:12:50 PM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 8/22/2007 7:11:36 PM | Attr =    ]
option.ini -> %SystemRoot%\option.ini ->  [Ver =  | Size = 187 bytes | Modified Date = 9/14/2007 10:50:00 PM | Attr =    ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat ->  [Ver =  | Size = 43 bytes | Modified Date = 8/20/2007 11:32:10 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 9/15/2007 12:56:38 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 8/22/2007 1:42:28 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/22/2007 1:42:28 PM | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 9/14/2007 10:54:48 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 9/14/2007 12:08:24 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 9/15/2007 12:42:24 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 706 bytes | Modified Date = 9/15/2007 12:42:22 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 8/22/2007 1:59:42 PM | Attr =    ]
At10.job -> %SystemRoot%\tasks\At10.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/8/2007 9:00:02 AM | Attr =    ]
At100.job -> %SystemRoot%\tasks\At100.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/1/2007 3:00:02 AM | Attr =    ]
At101.job -> %SystemRoot%\tasks\At101.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/1/2007 4:00:00 AM | Attr =    ]
At102.job -> %SystemRoot%\tasks\At102.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/30/2007 12:15:14 PM | Attr =    ]
At103.job -> %SystemRoot%\tasks\At103.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/30/2007 12:15:14 PM | Attr =    ]
At104.job -> %SystemRoot%\tasks\At104.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/30/2007 12:15:14 PM | Attr =    ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:40:29 PM
At105.job -> %SystemRoot%\tasks\At105.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/30/2007 12:15:14 PM | Attr =    ]
At106.job -> %SystemRoot%\tasks\At106.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/8/2007 9:00:02 AM | Attr =    ]
At107.job -> %SystemRoot%\tasks\At107.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/13/2007 10:00:02 AM | Attr =    ]
At108.job -> %SystemRoot%\tasks\At108.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 11:00:02 AM | Attr =    ]
At109.job -> %SystemRoot%\tasks\At109.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 12:00:02 PM | Attr =    ]
At11.job -> %SystemRoot%\tasks\At11.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/13/2007 10:00:02 AM | Attr =    ]
At110.job -> %SystemRoot%\tasks\At110.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 1:00:00 PM | Attr =    ]
At111.job -> %SystemRoot%\tasks\At111.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 2:00:02 PM | Attr =    ]
At112.job -> %SystemRoot%\tasks\At112.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 3:00:00 PM | Attr =    ]
At113.job -> %SystemRoot%\tasks\At113.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 4:00:02 PM | Attr =    ]
At114.job -> %SystemRoot%\tasks\At114.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 5:00:02 PM | Attr =    ]
At115.job -> %SystemRoot%\tasks\At115.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 6:00:02 PM | Attr =    ]
At116.job -> %SystemRoot%\tasks\At116.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 7:00:02 PM | Attr =    ]
At117.job -> %SystemRoot%\tasks\At117.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 8:00:02 PM | Attr =    ]
At118.job -> %SystemRoot%\tasks\At118.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 9:00:00 PM | Attr =    ]
At119.job -> %SystemRoot%\tasks\At119.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 10:00:00 PM | Attr =    ]
At12.job -> %SystemRoot%\tasks\At12.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 11:00:02 AM | Attr =    ]
At120.job -> %SystemRoot%\tasks\At120.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 11:00:02 PM | Attr =    ]
At13.job -> %SystemRoot%\tasks\At13.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 12:00:02 PM | Attr =    ]
At14.job -> %SystemRoot%\tasks\At14.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 1:00:00 PM | Attr =    ]
At15.job -> %SystemRoot%\tasks\At15.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 2:00:02 PM | Attr =    ]
At16.job -> %SystemRoot%\tasks\At16.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 3:00:00 PM | Attr =    ]
At17.job -> %SystemRoot%\tasks\At17.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 4:00:02 PM | Attr =    ]
At18.job -> %SystemRoot%\tasks\At18.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 5:00:02 PM | Attr =    ]
At19.job -> %SystemRoot%\tasks\At19.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 6:00:02 PM | Attr =    ]
At2.job -> %SystemRoot%\tasks\At2.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 1:00:02 AM | Attr =    ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:45:11 PM
At20.job -> %SystemRoot%\tasks\At20.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 7:00:02 PM | Attr =    ]
At21.job -> %SystemRoot%\tasks\At21.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 8:00:02 PM | Attr =    ]
At22.job -> %SystemRoot%\tasks\At22.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 9:00:00 PM | Attr =    ]
At23.job -> %SystemRoot%\tasks\At23.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 10:00:02 PM | Attr =    ]
At24.job -> %SystemRoot%\tasks\At24.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 11:00:02 PM | Attr =    ]
At3.job -> %SystemRoot%\tasks\At3.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 2:00:02 AM | Attr =    ]
At4.job -> %SystemRoot%\tasks\At4.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/1/2007 3:00:02 AM | Attr =    ]
At5.job -> %SystemRoot%\tasks\At5.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/1/2007 4:00:02 AM | Attr =    ]
At73.job -> %SystemRoot%\tasks\At73.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 | Attr =    ]
At74.job -> %SystemRoot%\tasks\At74.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 1:00:02 AM | Attr =    ]
At75.job -> %SystemRoot%\tasks\At75.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 2:00:02 AM | Attr =    ]
At76.job -> %SystemRoot%\tasks\At76.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/1/2007 3:01:02 AM | Attr =    ]
At77.job -> %SystemRoot%\tasks\At77.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/1/2007 4:01:02 AM | Attr =    ]
At82.job -> %SystemRoot%\tasks\At82.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/8/2007 9:02:04 AM | Attr =    ]
At83.job -> %SystemRoot%\tasks\At83.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/13/2007 10:02:12 AM | Attr =    ]
At84.job -> %SystemRoot%\tasks\At84.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 11:00:02 AM | Attr =    ]
At85.job -> %SystemRoot%\tasks\At85.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 12:00:02 PM | Attr =    ]
At86.job -> %SystemRoot%\tasks\At86.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 1:00:02 PM | Attr =    ]
At87.job -> %SystemRoot%\tasks\At87.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 2:00:02 PM | Attr =    ]
At88.job -> %SystemRoot%\tasks\At88.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 3:00:02 PM | Attr =    ]
At89.job -> %SystemRoot%\tasks\At89.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 4:00:02 PM | Attr =    ]
At90.job -> %SystemRoot%\tasks\At90.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 5:00:02 PM | Attr =    ]
At91.job -> %SystemRoot%\tasks\At91.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 6:00:02 PM | Attr =    ]
At92.job -> %SystemRoot%\tasks\At92.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 7:00:02 PM | Attr =    ]
At93.job -> %SystemRoot%\tasks\At93.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 8:00:02 PM | Attr =    ]
At94.job -> %SystemRoot%\tasks\At94.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 9:00:02 PM | Attr =    ]
At95.job -> %SystemRoot%\tasks\At95.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 10:00:02 PM | Attr =    ]
At96.job -> %SystemRoot%\tasks\At96.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 11:00:02 PM | Attr =    ]
At97.job -> %SystemRoot%\tasks\At97.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 | Attr =    ]
At98.job -> %SystemRoot%\tasks\At98.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/15/2007 1:00:02 AM | Attr =    ]
At99.job -> %SystemRoot%\tasks\At99.job ->  [Ver =  | Size = 350 bytes | Modified Date = 9/14/2007 2:00:02 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/15/2007 12:40:36 PM | Attr =  H ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 6:09:50 PM | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Modified Date = 9/6/2007 6:00:08 PM | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 9/15/2007 12:43:28 AM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 9/13/2007 1:33:38 PM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 9/8/2007 1:30:30 AM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 9/7/2007 9:37:36 PM | Attr = RHS]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:46:56 PM
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 8/22/2007 1:59:14 PM | Attr =    ]
LogFiles -> %System32%\LogFiles ->  [Folder | Modified Date = 8/29/2007 8:44:58 PM | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 59644 bytes | Modified Date = 8/19/2007 6:06:38 PM | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 395530 bytes | Modified Date = 8/19/2007 6:06:38 PM | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 461860 bytes | Modified Date = 8/19/2007 6:06:38 PM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 9/14/2007 1:12:04 PM | Attr =    ]
winmds.ex_ -> %System32%\winmds.ex_ ->  [Ver =  | Size = 0 bytes | Modified Date = 8/22/2007 12:00:02 AM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 9/7/2007 10:22:50 PM | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 9/6/2007 6:00:54 PM | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Modified Date = 9/6/2007 6:05:26 PM | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 9/6/2007 6:05:10 PM | Attr =    ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 9/6/2007 6:03:02 PM | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 9/6/2007 6:02:20 PM | Attr =    ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 8/20/2007 6:10:58 PM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 9/13/2007 1:35:02 PM | Attr =    ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 8/20/2007 6:10:58 PM | Attr =    ]
jkksfecqpirg.sys -> %System32%\drivers\jkksfecqpirg.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 9/15/2007 12:39:02 AM | Attr =    ]
lpklorhnpaql.sys -> %System32%\drivers\lpklorhnpaql.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 9/15/2007 12:48:14 AM | Attr =    ]
nsspjlkmgaee.sys -> %System32%\drivers\nsspjlkmgaee.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 9/15/2007 1:01:52 AM | Attr =    ]
sp_rsdrv2.sys -> %System32%\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 138624 bytes | Modified Date = 9/13/2007 11:54:34 PM | Attr =    ]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 9/4/2007 1:20:18 PM | Attr =    ]
Ahead -> %AllUsersAppData%\Ahead ->  [Folder | Modified Date = 8/21/2007 12:43:04 AM | Attr =    ]
Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Modified Date = 8/22/2007 1:41:50 PM | Attr =    ]
Comodo -> %AllUsersAppData%\Comodo ->  [Folder | Modified Date = 8/20/2007 6:12:52 PM | Attr =    ]
Google -> %AllUsersAppData%\Google ->  [Folder | Modified Date = 8/31/2007 1:49:00 AM | Attr =    ]
Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Modified Date = 9/12/2007 1:15:02 AM | Attr =    ]
Nero -> %AllUsersAppData%\Nero ->  [Folder | Modified Date = 8/21/2007 12:37:28 AM | Attr =    ]
Spyware Terminator -> %AllUsersAppData%\Spyware Terminator ->  [Folder | Modified Date = 9/14/2007 1:56:14 AM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 9/7/2007 10:31:00 PM | Attr =    ]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 9/4/2007 1:21:02 PM | Attr =    ]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Modified Date = 8/22/2007 1:42:20 PM | Attr =    ]
Comodo -> %UserAppData%\Comodo ->  [Folder | Modified Date = 8/20/2007 6:12:54 PM | Attr =    ]
Real -> %UserAppData%\Real ->  [Folder | Modified Date = 8/17/2007 2:46:42 PM | Attr =    ]
Spyware Terminator -> %UserAppData%\Spyware Terminator ->  [Folder | Modified Date = 9/15/2007 12:43:48 AM | Attr =    ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 9/8/2007 1:33:50 AM | Attr =    ]
WinPatrol -> %UserAppData%\WinPatrol ->  [Folder | Modified Date = 9/15/2007 12:50:58 PM | Attr =    ]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 9/4/2007 1:21:16 PM | Attr =    ]
Apple -> %LocalAppData%\Apple ->  [Folder | Modified Date = 8/22/2007 1:40:34 PM | Attr =    ]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Modified Date = 8/22/2007 1:42:20 PM | Attr =    ]
Comodo -> %LocalAppData%\Comodo ->  [Folder | Modified Date = 8/22/2007 12:08:52 AM | Attr =    ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 59904 bytes | Modified Date = 8/17/2007 10:18:22 AM | Attr =    ]
Google -> %LocalAppData%\Google ->  [Folder | Modified Date = 8/29/2007 8:52:36 PM | Attr =    ]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 11731794 bytes | Modified Date = 9/15/2007 1:00:28 AM | Attr =  H ]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:47:27 PM
Identities -> %LocalAppData%\Identities ->  [Folder | Modified Date = 8/18/2007 11:16:02 AM | Attr =    ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 8/19/2007 1:07:26 AM | Attr =    ]
My eBooks -> %UserDocuments%\My eBooks ->  [Folder | Modified Date = 9/11/2007 7:52:56 PM | Attr =    ]
My Games -> %UserDocuments%\My Games ->  [Folder | Modified Date = 9/11/2007 12:19:44 AM | Attr =    ]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 8/30/2007 12:21:12 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 9/13/2007 10:27:00 PM | Attr = R  ]
My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 8/26/2007 11:35:26 PM | Attr =    ]
My Videos -> %UserDocuments%\My Videos ->  [Folder | Modified Date = 9/11/2007 9:24:50 PM | Attr =    ]
NBA LIVE 07 -> %UserDocuments%\NBA LIVE 07 ->  [Folder | Modified Date = 9/4/2007 5:03:18 PM | Attr =    ]
Adobe Reader 7.0.lnk -> %AllUsersDesktop%\Adobe Reader 7.0.lnk ->  [Ver =  | Size = 1740 bytes | Modified Date = 9/4/2007 1:20:40 PM | Attr =    ]
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk ->  [Ver =  | Size = 1709 bytes | Modified Date = 9/8/2007 1:30:30 AM | Attr =    ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk ->  [Ver =  | Size = 1588 bytes | Modified Date = 8/20/2007 6:11:38 PM | Attr =    ]
Nero StartSmart Essentials.lnk -> %AllUsersDesktop%\Nero StartSmart Essentials.lnk ->  [Ver =  | Size = 2361 bytes | Modified Date = 8/21/2007 12:44:16 AM | Attr =    ]
O2Jam (e-Games).lnk -> %AllUsersDesktop%\O2Jam (e-Games).lnk ->  [Ver =  | Size = 1469 bytes | Modified Date = 9/13/2007 9:04:28 PM | Attr =    ]
Spyware Terminator.lnk -> %AllUsersDesktop%\Spyware Terminator.lnk ->  [Ver =  | Size = 797 bytes | Modified Date = 9/13/2007 11:50:42 PM | Attr =    ]
Advanced WindowsCare V2 Personal.lnk -> %UserDesktop%\Advanced WindowsCare V2 Personal.lnk ->  [Ver =  | Size = 753 bytes | Modified Date = 9/12/2007 1:23:18 AM | Attr =    ]
ComelRO Patcher.lnk -> %UserDesktop%\ComelRO Patcher.lnk ->  [Ver =  | Size = 705 bytes | Modified Date = 8/28/2007 12:12:08 AM | Attr =    ]
DevilRO Patcher.lnk -> %UserDesktop%\DevilRO Patcher.lnk ->  [Ver =  | Size = 1629 bytes | Modified Date = 8/28/2007 12:06:12 AM | Attr =    ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 9/7/2007 10:16:34 PM | Attr =    ]
WinPFind3u -> %UserDesktop%\WinPFind3u ->  [Folder | Modified Date = 9/15/2007 12:56:36 PM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe ->  [Ver =  | Size = 356045 bytes | Modified Date = 9/15/2007 12:56:00 PM | Attr =    ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk ->  [Ver =  | Size = 1757 bytes | Modified Date = 9/4/2007 1:20:40 PM | Attr =    ]
Ahead -> %CommonProgramFiles%\Ahead ->  [Folder | Modified Date = 8/21/2007 12:41:40 AM | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %SystemRoot%\IFinst27.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 9/11/2007 9:23:44 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\ac3DX.ax ->  [Ver = 1.01a | Size = 227328 bytes | Modified Date = 9/12/2006 6:46:24 PM | Attr = RHS]
WSUD ,  -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 70 | Size = 18804736 bytes | Modified Date = 9/26/2006 5:26:48 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 6:09:50 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Modified Date = 1/13/2006 6:23:26 AM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 8, 0 | Size = 318976 bytes | Modified Date = 5/17/2007 5:30:48 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\CoreAAC.ax ->  [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 8/16/2006 9:53:32 PM | Attr = RHS]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 1/18/2005 6:26:36 AM | Attr = RHS]
PEC2 , PECompact2 ,  -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 1/18/2006 8:47:36 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Modified Date = 5/3/2006 5:06:54 PM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/25/2004 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Modified Date = 3/11/2006 4:48:48 AM | Attr = RHS]
PEC2 , PECompact2 ,  -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Modified Date = 2/21/2007 6:47:16 PM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Modified Date = 11/26/2005 3:46:34 AM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Modified Date = 11/21/2003 6:00:00 AM | Attr = RHS]
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 01:47:49 PM
UPX! , UPX0 ,  -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Modified Date = 4/27/2004 6:00:00 AM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 2/13/2005 6:00:00 AM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\RLSpeexDec.ax ->  [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 2/13/2005 6:00:00 AM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 2/13/2005 6:00:00 AM | Attr = RHS]
UPX! , UPX0 ,  -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 2/6/2005 6:00:00 AM | Attr = RHS]
Thawte Consulting ,  -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/18/2006 11:05:24 PM | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\Smab.dll ->  [Ver =  | Size = 394240 bytes | Modified Date = 5/14/2007 3:24:30 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\x.264.exe ->  [Ver =  | Size = 240128 bytes | Modified Date = 2/28/2005 1:16:22 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/25/2004 | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr =    ]

< End of report >
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 15, 2007, 04:07:03 PM
Quote
And i find a very strange folder, name catroot and catroot2.
Location is at C:\WINDOWS\system32\CatRoot2 and C:\WINDOWS\system32\CatRoot.
I think those are OK but I'll check further.  For now let's go after the known malware.


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote
[Files/Folders - Created Within 30 days]
NY -> At100.job -> %SystemRoot%\tasks\At100.job
NY -> At101.job -> %SystemRoot%\tasks\At101.job
NY -> At102.job -> %SystemRoot%\tasks\At102.job
NY -> At103.job -> %SystemRoot%\tasks\At103.job
NY -> At104.job -> %SystemRoot%\tasks\At104.job
NY -> At105.job -> %SystemRoot%\tasks\At105.job
NY -> At106.job -> %SystemRoot%\tasks\At106.job
NY -> At107.job -> %SystemRoot%\tasks\At107.job
NY -> At108.job -> %SystemRoot%\tasks\At108.job
NY -> At109.job -> %SystemRoot%\tasks\At109.job
NY -> At110.job -> %SystemRoot%\tasks\At110.job
NY -> At111.job -> %SystemRoot%\tasks\At111.job
NY -> At112.job -> %SystemRoot%\tasks\At112.job
NY -> At113.job -> %SystemRoot%\tasks\At113.job
NY -> At114.job -> %SystemRoot%\tasks\At114.job
NY -> At115.job -> %SystemRoot%\tasks\At115.job
NY -> At116.job -> %SystemRoot%\tasks\At116.job
NY -> At117.job -> %SystemRoot%\tasks\At117.job
NY -> At118.job -> %SystemRoot%\tasks\At118.job
NY -> At119.job -> %SystemRoot%\tasks\At119.job
NY -> At120.job -> %SystemRoot%\tasks\At120.job
NY -> At97.job -> %SystemRoot%\tasks\At97.job
NY -> At98.job -> %SystemRoot%\tasks\At98.job
NY -> At99.job -> %SystemRoot%\tasks\At99.job
[Files/Folders - Modified Within 30 days]
NY -> 1.ini -> %SystemRoot%\1.ini
NY -> IFinst27.exe -> %SystemRoot%\IFinst27.exe
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> popcinfo.dat -> %SystemRoot%\popcinfo.dat
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At73.job -> %SystemRoot%\tasks\At73.job
NY -> At74.job -> %SystemRoot%\tasks\At74.job
NY -> At75.job -> %SystemRoot%\tasks\At75.job
NY -> At76.job -> %SystemRoot%\tasks\At76.job
NY -> At77.job -> %SystemRoot%\tasks\At77.job
NY -> At82.job -> %SystemRoot%\tasks\At82.job
NY -> At83.job -> %SystemRoot%\tasks\At83.job
NY -> At84.job -> %SystemRoot%\tasks\At84.job
NY -> At85.job -> %SystemRoot%\tasks\At85.job
NY -> At86.job -> %SystemRoot%\tasks\At86.job
NY -> At87.job -> %SystemRoot%\tasks\At87.job
NY -> At88.job -> %SystemRoot%\tasks\At88.job
NY -> At89.job -> %SystemRoot%\tasks\At89.job
NY -> At90.job -> %SystemRoot%\tasks\At90.job
NY -> At91.job -> %SystemRoot%\tasks\At91.job
NY -> At92.job -> %SystemRoot%\tasks\At92.job
NY -> At93.job -> %SystemRoot%\tasks\At93.job
NY -> At94.job -> %SystemRoot%\tasks\At94.job
NY -> At95.job -> %SystemRoot%\tasks\At95.job
NY -> At96.job -> %SystemRoot%\tasks\At96.job
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %SystemRoot%\IFinst27.exe

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information in your next response.

Also let me know of any problems you encounter performing these steps or any continuing problems you are having with the computer.



-----------------------------------------

Next, open OTMovIt and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\WINDOWS\system32\010M3X7k.exe
C:\WINDOWS\system32\p1gkLQOH.exe
C:\WINDOWS\system32\056205C6.exe
C:\WINDOWS\system32\msavpw1.dll
C:\WINDOWS\system32\msavpw0.dll



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


-----------------------------------------



Now download ERUNT from here and back up your entire registry

http://www.snapfiles.com/get/erunt.html

Having done that we will create a registry fix.  Copy and paste ALL of the information below in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop

Quote
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{86AAC8D7-BA19-48AC-9269-3C76A52642EC}"=-

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

-----------------------------------------


After doing all of the above please post a new WinPFind3U log and a new ComboFix log.

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 05:05:16 PM
File/Folder C:\WINDOWS\system32\010M3X7k.exe not found.
File/Folder C:\WINDOWS\system32\p1gkLQOH.exe not found.
File/Folder C:\WINDOWS\system32\056205C6.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\msavpw1.dll
C:\WINDOWS\system32\msavpw1.dll NOT unregistered.
C:\WINDOWS\system32\msavpw1.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\msavpw0.dll
C:\WINDOWS\system32\msavpw0.dll NOT unregistered.
C:\WINDOWS\system32\msavpw0.dll moved successfully.

C:\WINDOWS\system32\010M3X7k.exe, this i delete alrdy b4 post at avast.
C:\WINDOWS\system32\p1gkLQOH.exe, this i dont know y it not found.
C:\WINDOWS\system32\056205C6.exe , this i quarentine to spyware terminator when i detect it
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 05:08:21 PM
The task i use Tech™ introduce that winpatrol delete alrdy. This is result

Files/Folders - Created Within 30 days]
File C:\WINDOWS\tasks\At100.job not found!
File C:\WINDOWS\tasks\At101.job not found!
File C:\WINDOWS\tasks\At102.job not found!
File C:\WINDOWS\tasks\At103.job not found!
File C:\WINDOWS\tasks\At104.job not found!
File C:\WINDOWS\tasks\At105.job not found!
File C:\WINDOWS\tasks\At106.job not found!
File C:\WINDOWS\tasks\At107.job not found!
File C:\WINDOWS\tasks\At108.job not found!
File C:\WINDOWS\tasks\At109.job not found!
File C:\WINDOWS\tasks\At110.job not found!
File C:\WINDOWS\tasks\At111.job not found!
File C:\WINDOWS\tasks\At112.job not found!
File C:\WINDOWS\tasks\At113.job not found!
File C:\WINDOWS\tasks\At114.job not found!
File C:\WINDOWS\tasks\At115.job not found!
File C:\WINDOWS\tasks\At116.job not found!
File C:\WINDOWS\tasks\At117.job not found!
File C:\WINDOWS\tasks\At118.job not found!
File C:\WINDOWS\tasks\At119.job not found!
File C:\WINDOWS\tasks\At120.job not found!
File C:\WINDOWS\tasks\At97.job not found!
File C:\WINDOWS\tasks\At98.job not found!
File C:\WINDOWS\tasks\At99.job not found!
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\1.ini moved successfully.
C:\WINDOWS\IFinst27.exe moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\popcinfo.dat moved successfully.
File C:\WINDOWS\tasks\At10.job not found!
File C:\WINDOWS\tasks\At11.job not found!
File C:\WINDOWS\tasks\At12.job not found!
File C:\WINDOWS\tasks\At13.job not found!
File C:\WINDOWS\tasks\At14.job not found!
File C:\WINDOWS\tasks\At15.job not found!
File C:\WINDOWS\tasks\At16.job not found!
File C:\WINDOWS\tasks\At17.job not found!
File C:\WINDOWS\tasks\At18.job not found!
File C:\WINDOWS\tasks\At19.job not found!
File C:\WINDOWS\tasks\At2.job not found!
File C:\WINDOWS\tasks\At20.job not found!
File C:\WINDOWS\tasks\At21.job not found!
File C:\WINDOWS\tasks\At22.job not found!
File C:\WINDOWS\tasks\At23.job not found!
File C:\WINDOWS\tasks\At24.job not found!
File C:\WINDOWS\tasks\At3.job not found!
File C:\WINDOWS\tasks\At4.job not found!
File C:\WINDOWS\tasks\At5.job not found!
File C:\WINDOWS\tasks\At73.job not found!
File C:\WINDOWS\tasks\At74.job not found!
File C:\WINDOWS\tasks\At75.job not found!
File C:\WINDOWS\tasks\At76.job not found!
File C:\WINDOWS\tasks\At77.job not found!
File C:\WINDOWS\tasks\At82.job not found!
File C:\WINDOWS\tasks\At83.job not found!
File C:\WINDOWS\tasks\At84.job not found!
File C:\WINDOWS\tasks\At85.job not found!
File C:\WINDOWS\tasks\At86.job not found!
File C:\WINDOWS\tasks\At87.job not found!
File C:\WINDOWS\tasks\At88.job not found!
File C:\WINDOWS\tasks\At89.job not found!
File C:\WINDOWS\tasks\At90.job not found!
File C:\WINDOWS\tasks\At91.job not found!
File C:\WINDOWS\tasks\At92.job not found!
File C:\WINDOWS\tasks\At93.job not found!
File C:\WINDOWS\tasks\At94.job not found!
File C:\WINDOWS\tasks\At95.job not found!
File C:\WINDOWS\tasks\At96.job not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\IFinst27.exe not found!
File  not found!
< End of log >
Created on 09/15/2007 22:56:45
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 05:52:07 PM
the moved files for OTmoveit should i delete or just leave it??
Because the log too long so i post as attachment
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 06:00:29 PM
this is winpfind3 log, i make it 3 part. this is 1st part
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 06:01:00 PM
this is winpfind3 log, i make it 3 part. this is 2nd part
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 06:01:28 PM
this is winpfind3 log, i make it 3 part. this is 3rd part
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 15, 2007, 06:04:48 PM
Quote
the moved files for OTmoveit should i delete or just leave it??
You can leave it for now - we wll clean things up later on.

Please open OTMiveIt again and paste these lines in


C:\WINDOWS\system32\msavpw1.dll
C:\WINDOWS\system32\drivers\nsspjlkmgaee.sys
C:\WINDOWS\system32\drivers\lpklorhnpaql.sys
C:\WINDOWS\system32\drivers\jkksfecqpirg.sys


Then move them as you did before and post the results.

The registry fix we did before did not work.  Let's try it a slightly different way.

In notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop

Quote
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{86AAC8D7-BA19-48AC-9269-3C76A52642EC}=-

Merge this into the registry, again accepting the warning if it appears.


I'll have a look at the WinPFind log and post again later.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: swico on September 15, 2007, 06:25:31 PM
Hi, calciver,
If you provide a sreng log, maybe I can help you.
You can google the word sreng to find it. It is a freeware.

Rgds,
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:04:10 PM
DllUnregisterServer procedure not found in C:\WINDOWS\system32\msavpw1.dll
C:\WINDOWS\system32\msavpw1.dll NOT unregistered.
C:\WINDOWS\system32\msavpw1.dll moved successfully.
C:\WINDOWS\system32\drivers\nsspjlkmgaee.sys moved successfully.
C:\WINDOWS\system32\drivers\lpklorhnpaql.sys moved successfully.
C:\WINDOWS\system32\drivers\jkksfecqpirg.sys moved successfully.
 
Created on 09/16/2007 01:02:28
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:15:27 PM
Ok, registry fix and delete those files u ask already. This is the WinPFind log, i make it 3 part also
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:16:05 PM
part 2
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 15, 2007, 07:16:29 PM
part 3
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 16, 2007, 05:37:37 AM
Is your E: drive a usb stick?  I missed this before (there really has been quite a lot going on in your logs) but there is a trojan running from E: when it's mounted.  This may be what keeps bringing C:\WINDOWS\system32\msavpw1.dll back.


Copy and paste ALL of the information below in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg

Quote
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed513d0-4c67-11dc-9f0a-5050506f4531}]

When complete merge this into your registry.



Now open WinPFin3U and copy the line into the "Paste Fix Here" pane.

Quote
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {86AAC8D7-BA19-48AC-9269-3C76A52642EC} [HKLM] -> %System32%\msavpw1.dll [Extr rising hook MS]
[Files/Folders - Modified Within 30 days]
NY -> msavpw1.dll -> %System32%\msavpw1.dll

Click the "Run Fix"button and post the results.


Then please give me a new ComboFix log.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 01:11:47 PM
Yeah, my E: is usb stick. If my usb stick bring it, wat should i do?? Format usb??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 01:14:43 PM
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{86AAC8D7-BA19-48AC-9269-3C76A52642EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AAC8D7-BA19-48AC-9269-3C76A52642EC} deleted successfully.
C:\WINDOWS\SYSTEM32\msavpw1.dll moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\SYSTEM32\msavpw1.dll not found!
< End of log >
Created on 09/16/2007 19:14:07
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 01:23:03 PM
I wan to ask, everytime run combofix, avast must detect a malware name dabora[trj]. What is that?? This is new log
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 16, 2007, 03:12:25 PM
Yeah, my E: is usb stick. If my usb stick bring it, wat should i do?? Format usb??
If there is nothing you need to keep on that drive reformatting it would be easiest.  Otherwise we can clean it.

I wan to ask, everytime run combofix, avast must detect a malware name dabora[trj]. What is that?? This is new log
ComboFix is safe - its a false positive.  As far as I know avast! is the only AV detecting this.



Let's look at this with a different tool.

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, double click SDFix.exe and install to the default location by clicking Install.  The SDFix Folder will be extracted to %systemdrive% \ (Drive that contains the Windows directory - typically 'C:\SDFix') Open the SDFix folder in Safe Mode then double click the RunThis.bat file to start the fixtool.  Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.  Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.  When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


After posting that log please also run F_Secure Black light and post it's results

http://www.f-secure.com/blacklight/try_blacklight.html


By the way, I keep seeing a lot of hard drive errors in your WinPFind log which might mean the drive is on its way out. 
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 06:07:35 PM
SDFix: Version 1.104

Run by Calciver on Sun 09/16/2007 at 11:55 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"="C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\msfDX.dll
C:\Program Files\BillP Studios\WinPatrol\Setup.exe
C:\Program Files\Internet Explorer\RAVDTHXMON.exe
C:\Program Files\Internet Explorer\RAVGJMON.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Calciver\NTUSER.tmp.LOG
C:\Documents and Settings\Calciver\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
C:\Documents and Settings\LocalService\NTUSER.tmp.LOG
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG

Finished!
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 06:08:36 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:06 AM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8454 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 06:13:42 PM
F secure black light scan is no item found. Oh ny god.. how can it b.. It on its way out. I just buy for 4 month only. Oh my god
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 06:29:21 PM
C:\WINDOWS\system32\msavpw1.dll, dun care how many time we fix it, it still root at the same place. I scan at virustotal and this this the result:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 TR/Spy.Gen
Authentium 4.93.8 2007.09.16 -
Avast 4.7.1043.0 2007.09.15 -
AVG 7.5.0.485 2007.09.15 PSW.OnlineGames.FLV
BitDefender 7.2 2007.09.16 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 2007.09.15 -
ClamAV 0.91.2 2007.09.16 -
DrWeb 4.33 2007.09.16 BACKDOOR.Trojan
eSafe 7.0.15.0 2007.09.16 -
eTrust-Vet 31.1.5136 2007.09.14 Win32/Inhoo!generic
Ewido 4.0 2007.09.16 -
FileAdvisor 1 2007.09.16 -
Fortinet 3.11.0.0 2007.09.16 W32/Small.CD48!tr
F-Prot 4.3.2.48 2007.09.16 -
F-Secure 6.70.13030.0 2007.09.16 W32/Malware.AFEA
Ikarus T3.1.1.12 2007.09.16 BehavesLikeWin32.ExplorerHijack
Kaspersky 4.0.2.24 2007.09.16 -
McAfee 5120 2007.09.14 -
Microsoft 1.2803 2007.09.16 Trojan:Win32/AgentBypass.gen!G
NOD32v2 2533 2007.09.16 probably a variant of Win32/Genetik
Norman 5.80.02 2007.09.14 W32/Malware.AFEA
Panda 9.0.0.4 2007.09.16 Generic Trojan
Prevx1 V2 2007.09.16 -
Rising 19.40.62.00 2007.09.16 Trojan.PSW.Win32.OnlineGames.xuf
Sophos 4.21.0 2007.09.16 Mal/Behav-010
Sunbelt 2.2.907.0 2007.09.15 Win32.ExplorerHijack
Symantec 10 2007.09.16 Infostealer.Gampass
TheHacker 6.2.5.060 2007.09.14 -
VBA32 3.12.2.4 2007.09.16 suspected of Trojan-PSW.Game.58 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.16 -
Webwasher-Gateway 6.0.1 2007.09.14 Trojan.Spy.Gen
Additional information
File size: 27136 bytes
MD5: df2b99ae949759f752b89191fc5244ba
SHA1: 20d01f5f661b54062c81f4cba1d617e2a464d3ad
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: essexboy on September 16, 2007, 06:40:45 PM
Have you tried the nuclear option ?

1. Please download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 to your Desktop.2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote
Files to delete:
C:\WINDOWS\system32\msavpw1.dll

Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.4. The Avenger will automatically do the following:5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log   by using Add/Reply
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 16, 2007, 06:49:07 PM
C:\WINDOWS\system32\msavpw1.dll, dun care how many time we fix it, it still root at the same place.
I know, but its not that it won't delete.  The file creation time stamps indicate it is being recreated each time we delete it.  But I think we finally found the rootkits.

Open OTMoveIt and paste these lines in

C:\Program Files\Internet Explorer\RAVDTHXMON.exe
C:\Program Files\Internet Explorer\RAVGJMON.exe
C:\WINDOWS\system32\msavpw1.dll

Move them as before and post the results.  Then post a fresh ComboFix log



@ Essexboy - please stick around.  I could certainly use another perspective on this.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 06:51:44 PM
essexboy, thx for your help ;D. But after fixing and moving file with OTMoveit and WinpFind, it gone already. Now only keep looking it hv back or not. By the way, did anyone know how to check the error on the hdd drive?? I dun wan it too fast to gone. :'( :'(
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 06:57:10 PM
OTMoveit result:

C:\Program Files\Internet Explorer\RAVDTHXMON.exe moved successfully.
C:\Program Files\Internet Explorer\RAVGJMON.exe moved successfully.
 
Created on 09/17/2007 00:53:48

This 2 application so ugly, i already remove it and stop it with different software but it still there. I think it started show at my folder last month
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: essexboy on September 16, 2007, 07:02:39 PM
No probs I just jumped in halfway as the thread is too big to read  ;D  I see them now about 3 or 4 posts previously
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 16, 2007, 07:08:42 PM
Eh~~ Really thx to all help me here ;D. This is new combofix log.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 16, 2007, 07:57:23 PM
What about

C:\WINDOWS\system32\msavpw1.dll

It doesn't look like you moved that.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 17, 2007, 06:05:24 AM
C:\WINDOWS\system32\msavpw1.dll:

DllUnregisterServer procedure not found in C:\WINDOWS\system32\msavpw1.dll
C:\WINDOWS\system32\msavpw1.dll NOT unregistered.
C:\WINDOWS\system32\msavpw1.dll moved successfully.
 
Created on 09/17/2007 12:00:09

Erm... Actually i move it already before u post that 3. And this is i do 1 more time result. It already gone. I think i bring it from my school pc. Coz i nid usb stick to bring school work come back but it infected my pc. Anyway, i need to repair my windows after that. Should i do that??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: FreewheelinFrank on September 17, 2007, 08:08:26 AM
RAVDTHXMON.exe
msavpw1.dll

Quote
I think i bring it from my school pc. Coz i nid usb stick to bring school work come back but it infected my pc

Yep, all these files are just variations on names used previously in autorun infections transferring by USB stick:

Quote
RavMonE.exe,AUTORUN.INF,msvcr71.dll

http://forum.avast.com/index.php?topic=29434.0 (http://forum.avast.com/index.php?topic=29434.0)

Search for Ravmon.exe or Rav*mon*.exe on the forum or Google and a lot of solutions come up.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 17, 2007, 02:17:26 PM
Nice post, now i learn 1 more thing again. But i not really good at command interface, need to take some time understand it. Thx ;D
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 17, 2007, 02:46:16 PM
Well, i read the FreewheelinFrank link, and i got this msvcr71.dll in the system32 and i send to virustotal and the result is nothing found. What is this dll work as??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 17, 2007, 06:13:59 PM
Thx to all help me at here, the dialer nvr come again and i think malwares are clean now. Only left delete those malwares had been detected ;D
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 17, 2007, 07:21:03 PM
It doesn't seem clean yet ...

If you don't mind trying one more thing, I would like to know the contents of the autorun.inf file if you find it in the root of your E: drive.  It should be a plain text file - safe to open in notepad - but you could scan it at Virus Total first to play it safe.  Assuming it scans clean just post the contents of the file in your next response.  It could point us right to the problem.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 17, 2007, 09:08:49 PM
I look at E:, it not contain any autorun.inf file. I set view files to show all hide files also never see anything. FreewheelinFrank link have say that 3 files root in usb stick and teach the way to delete it. Those 3 files, 1 is our move it with OTMoveit already, autorun.inf i cant find and the last msvcr71.dll, i got it at system32 folder. And try how many times i also dont care it ;D, if u find any problem i can follow your step to fix it ;D
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 18, 2007, 12:22:10 PM
mauserme, did we clean those malwares away already?? Did u suggest me repair my own windows?? ;D
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 18, 2007, 01:18:03 PM
We removed these

C:\Program Files\Internet Explorer\RAVDTHXMON.exe
C:\Program Files\Internet Explorer\RAVGJMON.exe
C:\WINDOWS\system32\msavpw1.dll

but msavpw1.exe is likely already recreated.  It seems to happen about 3 minutes after we delete it.

I don't know if the first two are ravmone or not.  They are bad and there are obvious similarities in the file names, but that's not a guarantee. 

And msvcr.exe - well, it scanned clean and there is a valid file by this name, sometimes but not always found in c:\windows\systems32, so I'm reluctant to delete it. 

Let's try this - locate and rename C:\WINDOWS\system32\msvcr71.dll  to C:\WINDOWS\system32\msvcr71.old   but do not delete the file.  If you cannot rename it in normal mode try it in safe mode.

Reboot.

Open OTMoveIt and move the following


C:\Program Files\Internet Explorer\RAVDTHXMON.exe
C:\Program Files\Internet Explorer\RAVGJMON.exe
C:\WINDOWS\system32\msavpw1.dll

Post the results (the first 2 may not be found - that's OK, its a test).

Then post a new ComboFix log.



Also, if you find  Flash.10.Setup.exe on your E: drive scan it at Virus Total.

How long has his problem been on your computer?

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 18, 2007, 01:20:06 PM
mauserme, did we clean those malwares away already?? Did u suggest me repair my own windows?? ;D
Do you mean a repair install?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 18, 2007, 02:16:43 PM
File/Folder C:\Program Files\Internet Explorer\RAVDTHXMON.exe not found.
File/Folder C:\Program Files\Internet Explorer\RAVGJMON.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\msavpw1.dll
C:\WINDOWS\system32\msavpw1.dll NOT unregistered.
C:\WINDOWS\system32\msavpw1.dll moved successfully.
 
Created on 09/18/2007 20:16:17
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 18, 2007, 02:28:54 PM
well, i cant find this msavpw1.dll in folder C:\WINDOWS\system32\msavpw1.dll. And the flash.10.exe also dun hv. And then the file name alrdy change. I dont know about it but most badly harm is at last month then i fix it with install comodo firewall because my firewall broken already and keep attack by hacker. Now scanning some suspicious log, later post u a combofix log.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 18, 2007, 03:48:04 PM
combofix log. Yes, i wan repair windows install. Should i do it?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 19, 2007, 06:08:38 AM
I don't really know if a repair install would help.  Keep in mind that the idea behind a Windows repair is to keep data.  Unfortunately this can include keeping malware.

But, since this particular malware is hooking your explorer there is at least a chance repairing Windows would work.  In any event I don't think it would harm anything.

I am going to look through this entire thread again because I have the feeling the answer I'm looking for is here.  If you want to, give me a little time with this - the thread is pretty long.  If you do repair Windows don't forget to get your Service Packs and all the updates as these will be wiped out.


EDIT:  If you open the task manager (ctrl-alt-del) and click the Processes Tab, do you see a running process named WIN32.EXE ?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 19, 2007, 01:07:27 PM
EDIT:  If you open the task manager (ctrl-alt-del) and click the Processes Tab, do you see a running process named WIN32.EXE ?
[/quote]

I dun think repair it again, i feel good for now. WIN32.EXE i dun hv see it in the windows task manager
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 19, 2007, 02:04:17 PM
Please upload these to Virus Total and post the results

C:\Program Files\Storm Codec\StormSet.exe
C:\Program Files\Storm Codec\QTTask.exe
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 19, 2007, 04:12:01 PM
C:\Program Files\Storm Codec\StormSet.exe result:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.19.0 2007.09.19 -
AntiVir 7.6.0.15 2007.09.19 -
Authentium 4.93.8 2007.09.19 -
Avast 4.7.1043.0 2007.09.18 -
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.19 -
CAT-QuickHeal 9.00 2007.09.19 -
ClamAV 0.91.2 2007.09.19 -
DrWeb 4.33 2007.09.19 -
eSafe 7.0.15.0 2007.09.17 -
eTrust-Vet 31.2.5147 2007.09.19 -
Ewido 4.0 2007.09.19 -
FileAdvisor 1 2007.09.19 -
Fortinet 3.11.0.0 2007.09.19 -
F-Prot 4.3.2.48 2007.09.19 -
F-Secure 6.70.13030.0 2007.09.19 -
Ikarus T3.1.1.12 2007.09.19 -
Kaspersky 4.0.2.24 2007.09.19 -
McAfee 5122 2007.09.18 -
Microsoft 1.2803 2007.09.19 -
NOD32v2 2540 2007.09.19 -
Norman 5.80.02 2007.09.19 -
Panda 9.0.0.4 2007.09.19 -
Prevx1 V2 2007.09.19 -
Rising 19.41.20.00 2007.09.19 -
Sophos 4.21.0 2007.09.19 -
Sunbelt 2.2.907.0 2007.09.19 -
Symantec 10 2007.09.19 -
TheHacker 6.2.5.062 2007.09.19 -
VBA32 3.12.2.4 2007.09.19 -
VirusBuster 4.3.26:9 2007.09.19 -
Webwasher-Gateway 6.0.1 2007.09.19 -
Additional information
File size: 97357 bytes
MD5: f29efbeb45e4b95ae94cc08f44b7ae47
SHA1: 77de91ec05f030292719d5c0f4e37c3521488425
packers: BINARYRES, UPX
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 19, 2007, 04:19:39 PM
C:\Program Files\Storm Codec\QTTask.exe result:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.19.0 2007.09.19 -
AntiVir 7.6.0.15 2007.09.19 -
Authentium 4.93.8 2007.09.19 -
Avast 4.7.1043.0 2007.09.18 -
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.19 -
CAT-QuickHeal 9.00 2007.09.19 -
ClamAV 0.91.2 2007.09.19 -
DrWeb 4.33 2007.09.19 -
eSafe 7.0.15.0 2007.09.17 -
eTrust-Vet 31.2.5147 2007.09.19 -
Ewido 4.0 2007.09.19 -
FileAdvisor 1 2007.09.19 -
Fortinet 3.11.0.0 2007.09.19 -
F-Prot 4.3.2.48 2007.09.19 -
F-Secure 6.70.13030.0 2007.09.19 -
Ikarus T3.1.1.12 2007.09.19 -
Kaspersky 4.0.2.24 2007.09.19 -
McAfee 5122 2007.09.18 -
Microsoft 1.2803 2007.09.19 -
NOD32v2 2540 2007.09.19 -
Norman 5.80.02 2007.09.19 -
Panda 9.0.0.4 2007.09.19 -
Prevx1 V2 2007.09.19 -
Rising 19.41.20.00 2007.09.19 -
Sophos 4.21.0 2007.09.19 -
Sunbelt 2.2.907.0 2007.09.19 -
Symantec 10 2007.09.19 -
TheHacker 6.2.5.062 2007.09.19 -
VBA32 3.12.2.4 2007.09.19 -
VirusBuster 4.3.26:9 2007.09.19 -
Webwasher-Gateway 6.0.1 2007.09.19 -
Additional information
File size: 286720 bytes
MD5: 49ccfbe5d5225b9d3cc78c09dee147d0
SHA1: b2eeeb76ca40b27cf28e6f77d8a246936e5d78a3
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 19, 2007, 04:22:44 PM
Dont know y, my usb stick system volume had been change then cannot use and formatted after i come back from school. Its file system had change to NTFS and no space inside it. Can it repair again or already out of its way??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 20, 2007, 05:07:35 AM
If it was fat32 before you could try reformatting again with this option instead of ntfs.  Can you see what files are on it?


Quote
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
There is a vulnerability in WinPCap versions prior to 4.0.1.  I looks like you have Beta v0.  The vulnerability allows attackers to execute code  on your computer

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550

Is WinPCap something you installed?  Do you need it?   I suggest you either remove it or update to the current version.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 20, 2007, 05:45:48 AM
It was fat and ntfs only, so i cant format it. And i cannot open that usb stick now. Ok, i remove WinPCap already. And i using spybot search and destroy scan my pc, the result is my pc clean, did it really clean now??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 20, 2007, 05:46:27 AM
The software i using now is spybot, spyware termonator and avast
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 20, 2007, 07:53:45 PM
It was fat and ntfs only, so i cant format it. And i cannot open that usb stick now.
I don't think this is related to the repair install.  Do you have a format utility from the USB stick manufacturer or are you using Windows'?

And i using spybot search and destroy scan my pc, the result is my pc clean, did it really clean now??
The only thing left, that I was aware of, was C:\WINDOWS\system32\msavpw1.dll and whatever was bring it back.  If that's gone for good now I would say you are clean.

Normally I would suggest celaning temp files and deleteing old restore points now but, after a repair install, I don't think it s necessary.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 21, 2007, 04:55:49 AM
I using windows and the msavpw1.dll i cant find in the system32 folder. OTMoveit result should be file not found but i still can delete it and remove success. Quite weird
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 21, 2007, 07:46:25 PM
Well, i hv a memory card that using at home only. That day we scan out dont hv anything, and i using it also show safely. But today suddenly contain flash.10.setup.exe in the autorun.inf then avast detect win32:VB-EHR[trj] in that memory card when i double click on that memory card. All 3 files that detect name flash.10.setup.exe, scanner.exe and love calculator.exe. I dun hv this 3 files before.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: essexboy on September 21, 2007, 08:05:55 PM
Flash.10.exe virus is  B to remove.  I am currently working one on Geeks to Go.  If you have let the virus run then you will lose the option to look at folders, run task manager and use the command prompt

You will need to run this registry fix

REGISTRY FIX
Quote
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFind"=-
"NoFolderOptions"=-
"DisableCMD"=-
"DisableTaskMgr"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt" =0
"ShowSuperHidden" =1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop (http://img127.imageshack.us/img127/433/regtg8.jpg)

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.
 
______________________

Then reset the permissions and try to delete the main infectors

FILE DELETION
Quote
@Echo off
attrib -s -r -h "C:\Windows\SYSTEM32\Flash.10.exe"
del /q "C:\Windows\SYSTEM32\Flash.10.exe"
attrib -s -r -h "C:\Windows\SYSTEM32\JambanMu.com"
del /q "C:\Windows\SYSTEM32\JambanMu.com"
quit


I will need you to create the delete.bat to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type delete.bat
This will create a delete.bat file on your desktop
To use this file you will need to left click the icon a black box may briefly appear and you are done

_______________________________________

Then Locate the following files/folders on your system and delete them (first I would recommend copying and zipping to Avast for analysis)

C:\Windows\System32\CMD.COM
C:\Windows\System32\DXDIAG.COM
C:\Windows\System32\FLASH.10.EXE
C:\Windows\System32\JAMBANMU.COM
C:\Windows\System32\MSCONFIG.COM
C:\Windows\System32\PING.COM
C:\Windows\System32\REGEDIT.COM
C:\Documents and Settings\%User%\My Documents\MY SECRET.FOLD
C:\Documents and Settings\%User%\My Documents\My Music\NEW SONG.LAGU
C:\Documents and Settings\%User%\My Documents\My Music\NEW VIDEO.VIDZ
C:\Documents and Settings\%Use%r\My Documents\My Pictures\AWEKS.PIKZ
C:\Documents and Settings\%User%\My Documents\My Pictures\SERAM.PIKZ
C:\Program Files\Common Files\Microsoft Shared\MACROMEDIA.10.EXE
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.MSN
C:\Documents and Settings\%User%\Start Menu\Programs\Startup\(EMPTY).EMPTY


This is a new variant from the far east
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 21, 2007, 08:37:46 PM
Ok, i cant merge the fix.reg after doing what u ask. It show a error that say that is not a win32 application. Then files u ask me to found i cant found it but under this 2 i found .exe.

C:\Windows\System32\CMD.COM
C:\Windows\System32\DXDIAG.COM
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 21, 2007, 08:48:37 PM
mauserme, we find the C:\WINDOWS\system32\msavpw1.dll already. It really not clean up from system32, and i know where it locate already. Should we delete through from windows?? This is after virustotal scan result.


Antivirus Version Last Update Result
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.21 TR/Spy.Gen
Authentium 4.93.8 2007.09.21 -
Avast 4.7.1043.0 2007.09.21 -
AVG 7.5.0.485 2007.09.21 PSW.OnlineGames.FLV
BitDefender 7.2 2007.09.21 BehavesLike:Trojan.ShellHook
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.21 -
DrWeb 4.33 2007.09.21 BACKDOOR.Trojan
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5153 2007.09.21 Win32/Inhoo!generic
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.21 High threat detected
Fortinet 3.11.0.0 2007.09.21 W32/Small.CD48!tr
F-Prot 4.3.2.48 2007.09.21 -
F-Secure 6.70.13030.0 2007.09.21 W32/Malware.AFEA
Ikarus T3.1.1.12 2007.09.21 BehavesLikeWin32.ExplorerHijack
Kaspersky 4.0.2.24 2007.09.21 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.21 Trojan:Win32/AgentBypass.gen!G
NOD32v2 2544 2007.09.21 probably a variant of Win32/Genetik
Norman 5.80.02 2007.09.21 W32/Malware.AFEA
Panda 9.0.0.4 2007.09.21 Generic Trojan
Prevx1 V2 2007.09.21 -
Rising 19.41.42.00 2007.09.21 Trojan.PSW.Win32.OnlineGames.xuf
Sophos 4.21.0 2007.09.21 Mal/Behav-010
Sunbelt 2.2.907.0 2007.09.20 Win32.ExplorerHijack
Symantec 10 2007.09.21 Infostealer.Gampass
TheHacker 6.2.5.064 2007.09.21 -
VBA32 3.12.2.4 2007.09.20 suspected of Trojan-PSW.Game.58 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.21 -
Webwasher-Gateway 6.0.1 2007.09.21 Trojan.Spy.Gen
Additional information
File size: 27136 bytes
MD5: df2b99ae949759f752b89191fc5244ba
SHA1: 20d01f5f661b54062c81f4cba1d617e2a464d3ad
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=df2b99ae949759f752b89191fc5244ba
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 21, 2007, 09:00:52 PM
Hi calciver.  I'm not ignoring you - I want to go through your logs again and figure out a way to make this file disappear once and for all.  My time has not been my own this week but I should be able to delve in deeper this weekend.

In regard to the USB stick, have you checked the manufacturere's web site to see if they have a format utility?  It may work better than Windows if they have one available.


EDIT:
  I didn't see Essexboy's response until just now.  Do everything he says ...

@ Essexboy

Ta  :)

We deleted a mountpoints2 reg entry for the E: drive several pages back but when we looked for  flash.10.setup.exe on E: it coulnd't be found. 
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 21, 2007, 09:31:28 PM
Thx, I already format the memory card and work normally already. I think that may be infected when i take my memory card check at the shop, it going some problem in my handphone. I make the fix.reg as Essexboy tell me but it cant be merge.

Edit: Its ok, everyone got work also, good luck for your own things
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: essexboy on September 21, 2007, 11:41:32 PM
No probs if it couldn't merge then you had not run the virus on your main system Good luck
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 22, 2007, 03:40:32 AM
Holly fricken cow.  ::) :'(
You all have worked so hard for him!
I only read the first page and 13, 14, but holly cow. This guy needs to buy you all beer or something. ;D
Good work.

To keep up with the spirit of giving and to test my stuff against this one, Caciver, if you get reinfected, and I think you will because of the damage and holes left by the monster, log in for a free est, www.virusSWAT.com Services, Free Estimate. When asked for info about your issues, ask for Dean, say you are from this forum, I will hook ya up with our PC Barricade, (I will keep the Avast and not use Trend though).
Please do it on Monday if you do.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 22, 2007, 08:51:19 AM
Hoho~ If i can i will do for it ;D. Sake for all at here. But dewild1, the site u gv me i really not very understand how to use it.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 22, 2007, 04:23:20 PM
Is C:\WINDOWS\system32\msavpw1.dll still on your computer?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 22, 2007, 07:36:21 PM
Yup, it still on C:\WINDOWS\system32 but at other location. Spend long time and eyes almost spoilt to get it out. I hv try remove with OTMoveit, result same. After delete then come back.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 23, 2007, 02:59:29 AM
Hoho~ If i can i will do for it ;D. Sake for all at here. But dewild1, the site u gv me i really not very understand how to use it.
LOL. The guy who did our web site it too smart. Does not know how to do things simple! We are working on it.
Here is a direct link, please do not do it till monday cuz I am playing with my kids. http://www.virusswat.com/help/default.asp?2339
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 23, 2007, 06:06:51 AM
I've had some conversation with Essexboy about this and I think we should try the deletion method he posted several pages back (ta to Essexboy for sharing with me once again):

1. Please download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 to your Desktop.2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote
Files to delete:
C:\WINDOWS\system32\msavpw1.dll

Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.4. The Avenger will automatically do the following:5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log   by using Add/Reply



@dewild1

Is there something you can do within the avast! forum.  I think we would all like to learn from your abilities.

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 23, 2007, 09:08:00 AM
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cefnpyis

*******************

Script file located at: \??\C:\Program Files\hcokkltw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\msavpw1.dll deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 23, 2007, 09:12:29 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:20 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinClamAVShield\sp_clamsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [cnbfayqp] C:\xuwffoua.bat
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9197 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 23, 2007, 09:15:37 AM
Very thanks for this. It gone and could not found, but i still will watch for it.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 23, 2007, 10:35:12 AM
Yup, it still on C:\WINDOWS\system32 but at other location. Spend long time and eyes almost spoilt to get it out. I hv try remove with OTMoveit, result same. After delete then come back.
Monday, dang, I feel for ya, you could have built a new computer and, rebuilt the NY twin towers by now.... Monday, let me give it a try.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 23, 2007, 04:47:06 PM
Scan this file at Virus Total

C:\xuwffoua.bat


If it scans clean open it in notepad and post the contents.

If its not clean don't open it, but post the Virus Total results.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 23, 2007, 07:16:15 PM
Ok, after use avenger and pc boot, this file try to change registry and i deny the change when the spybot warn me. Then i try to look at this file but i cant find it on the C drive. Even unhide all files include protecting windows system files also cant find it. What should we do?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 23, 2007, 07:37:56 PM
Fix this line in HJT

O4 - HKLM\..\Run: [cnbfayqp] C:\xuwffoua.bat


Reboot to safemode and look for the file.  If found rename it xuwffoua.old, then reboot to normal mode and see if you can do the Virus Total scan.  Then post the results of the scan or the contents of the file as appropriate.


EDIT:  While your looking at the root of C: in safemode, see if there are any other unusual file.

TeaTimer may hinder your ability to fix that line in HJT but I don't want to disable it right now since it seems to be preventing some unwanted registry changes.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 24, 2007, 03:03:44 AM


@dewild1

Is there something you can do within the avast! forum.  I think we would all like to learn from your abilities.



Sorry, did not see that.

My experience tells me that the damage and holes caused by the infection are going to be big and wide and HKLM\soft\MS\winnt\CV\winlogon\notify and all the other places that viruses and spyware try to write to, need to be "read only".
To many holes, even from an OS that has not been infected yet. After they have had their way with the OS, it is even worse.
All viruses, spyware, malware have one thing in common, they all want to "live" everytime the computer starts up.
Making parts of the reg and folders and other places, "read only", well, obviously, this is hard to do and Windows Updates and good - new software that he may wish to install would have a problem with "read only", right?
I made a cure.. Kind of like Vista's UAC but safer and less restrictive and NOT annoying.. Safer because you need a password to unlock, he gets the password, and I made mine before Vista was even a wet dream  :D
It works on XP too.
I will do a clean and manually look at the reg, services, other areas like plug ins, start up folders, do some tricks to make his computer boot up twice as fast, run a little faster than it does now everywhere else, then lock it down with my program. Just get r done ;D
Now saying all these things, having him try to do them, just adds more frustration and waisted time.. The remote software we use made by http://www.gidsoftware.com/remotehelpdesk.htm and I can end this guys frustration, 14 pages of it, I feel sorry for him. I also have not run across some of these infections and I want to make sure my stuff protects him and my other clients from them. The remote helpdesk is easy, just a few clicks from him and it goes through the internet to me.

Oh ya, because I am doing this one pro bono, and it is a real bad case, if he does get reinfected, I am not going to count him as a re-infect case. I have had 9 in the last few years and I want to keep my stats down.  :P
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 24, 2007, 03:14:14 AM
Hey, my kids are at the circus so if you wanted me to fix it now, http://www.virusswat.com/help/default.asp?2339 and follow instructions.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 24, 2007, 03:32:36 AM
Yes, TeaTimer warn me then i deny the change of registry. WinPatrol also do the same work but keep warn then i force to make the change or i cant do my work whole day. After school time i will search for this files.

dewild1, i cant extract file to pc and it get error. Sorry about that.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 24, 2007, 03:47:53 AM
Oh my god. Is your program got sign of trojan?? I got this as result:

AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.23 -
Authentium 4.93.8 2007.09.23 -
Avast 4.7.1043.0 2007.09.24 -
AVG 7.5.0.485 2007.09.23 -
BitDefender 7.2 2007.09.24 -
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.24 -
DrWeb 4.33 2007.09.23 -
eSafe 7.0.15.0 2007.09.23 suspicious Trojan/Worm
eTrust-Vet 31.2.5154 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.24 -
Fortinet 3.11.0.0 2007.09.23 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.24 -
Ikarus T3.1.1.12 2007.09.24 -
Kaspersky 4.0.2.24 2007.09.24 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.24 -
NOD32v2 2545 2007.09.23 -
Norman 5.80.02 2007.09.21 -
Panda 9.0.0.4 2007.09.23 -
Prevx1 V2 2007.09.24 -
Rising 19.42.00.00 2007.09.24 -
Sophos 4.21.0 2007.09.23 -
Sunbelt 2.2.907.0 2007.09.22 -
Symantec 10 2007.09.24 -
TheHacker 6.2.5.066 2007.09.22 -
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.23 -
Webwasher-Gateway 6.0.1 2007.09.23 -
Additional information
File size: 640687 bytes
MD5: fb38eca86920ebe5329bfacbfb9606a0
SHA1: ce63d05e0eb91c77aab6583f7387c5edb1fcd66f
packers: UPX
packers: UPX
packers: UPX
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on September 24, 2007, 03:51:29 AM
I somehow doubt it with only one hit on virustotal and that one (suspicious Trojan/Worm) is most likely from a heuristics detection.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 24, 2007, 03:53:59 AM
dewild1, i cant extract file to pc and it get error. Sorry about that.
That only happeneds if you run it twice. Try running help.exe just once, wait 5 sec then you should get a box that says "Connect"
Dont worry, I am a nice, honest, good guy, normally it is not good to run things off the internet, but if you are worried, watch these TV spots about me.
http://cbs13.com/video/?id=6560@kovr.dayport.com

http://www.cbs13.com/video/?id=15413@kovr.dayport.com

http://www.cbs13.com/video/?id=15410@kovr.dayport.com
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 24, 2007, 04:02:36 AM
I just read your posts about "trojan".. Oh heck no.. No, but it is packed with UPX. That is whay Autohotkey.com uses
Here is the scrip that is compiled with UPX. It just helpes reconnect and connect people that do not click on connect, (Old people,  ::)you can spend hours trying to help them do the very simplest thing!)

SetTitleMatchMode, 2
#WinActivateForce
#NoTrayIcon

;Prep
FileCreateDir, %A_ProgramFiles%\911 pc fix . com\utils1\
FileCreateDir, %A_ProgramFiles%\911 pc fix . com\utils\

;remhelp
FileInstall, remhelp.exe, %A_ProgramFiles%\911 pc fix . com\utils1\remhelp.exe, 1  
;remhelp
run, %A_ProgramFiles%\911 pc fix . com\utils1\remhelp.exe
sleep, 1000
WinWait, Remote Helpdesk,, 5
Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
; recon


Sleep, 320000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Loop
{
Ifwinexist, Remote Helpdesk
{
Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000


Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Sleep, 1200000

Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Disconnect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
sleep, 10000
Ifwinexist, Remote Helpdesk
IfWinNotActive, Remote Helpdesk, WinActivate, Remote Helpdesk
WinRestore, Remote Helpdesk
WinWait, Remote Helpdesk,, 5
ControlClick, &Connect, Remote Helpdesk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
Sleep, 1500
Ifwinexist, Windows - No Disk, There is no disk in
IfWinNotActive, Windows - No Disk, There is no disk in , WinActivate, Windows - No Disk, There is no disk in
Sleep, 1500
ControlClick, Cancel, Windows - No Disk
PostMessage, 0x112, 0xF020,,, Remote Helpdesk ; 0x112 = WM_SYSCOMMAND, 0xF020 = SC_MINIMIZE

}
else
{
   WinKill, remhelp.exe
   FileDelete, %A_ProgramFiles%\911 pc fix . com\utils1\remhelp.exe
   exit   
}

}
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 24, 2007, 04:15:19 AM
The remote software we use made by http://www.gidsoftware.com/remotehelpdesk.htm and I can end this guys frustration, 14 pages of it, I feel sorry for him.
Well "hands on" is always better than trying to fix by proxy, so if you can safely tunnel in maybe it would be better.  I can't say for sure.  But 14 pages to produce only a 99% cure is frustrating.

I will say this.  I have had a feeling for many pages now that there might be a hacker controlling this box.  Its just a guess and I obviously haven't identified the vulnerability, but the dissappearing batch file seems to indicate it too.  If it or a similar file is found we might see some ftp commands ...

But again, its just a feeling right now.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 24, 2007, 04:39:09 AM
The remote software we use made by http://www.gidsoftware.com/remotehelpdesk.htm and I can end this guys frustration, 14 pages of it, I feel sorry for him.
Well "hands on" is always better than trying to fix by proxy, so if you can safely tunnel in maybe it would be better.  I can't say for sure.  But 14 pages to produce only a 99% cure is frustrating.

I will say this.  I have had a feeling for many pages now that there might be a hacker controlling this box.  Its just a guess and I obviously haven't identified the vulnerability, but the dissappearing batch file seems to indicate it too.  If it or a similar file is found we might see some ftp commands ...

But again, its just a feeling right now.
Confirmed! Spammers, if they can get a hold of good hi speed or a non blacklisted IP, they will fight like hell to keep them. They love computers that are on all the time and will fight to keep it. I have dealt with it before and trust me, I may know my stuff and most are a breeze, but as a business who has a flat rate and a guarantee, I have lost days for just one client and a determaned hacker.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 24, 2007, 04:51:08 AM
I don't see any indication of a spambot at work - the avast! email heuristics would give some warnings.  But something is still afoot.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 24, 2007, 03:33:35 PM
Well, run once only also cant run it. and that xuwffoua.bat i cant find it in C:\ and other place also with search function in windows. But i change its format to old already with spybot also cant find it out. This is new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:03 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\WinClamAVShield\sp_clamsrv.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9205 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 24, 2007, 04:04:12 PM
dewild1, i cant extract file to pc and it get error. Sorry about that.
That only happeneds if you run it twice. Try running help.exe just once, wait 5 sec then you should get a box that says "Connect"
Dont worry, I am a nice, honest, good guy, normally it is not good to run things off the internet, but if you are worried, watch these TV spots about me.
http://cbs13.com/video/?id=6560@kovr.dayport.com

http://www.cbs13.com/video/?id=15413@kovr.dayport.com

http://www.cbs13.com/video/?id=15410@kovr.dayport.com


I hv try it, just follow the step teach at website. Then after run, and wait 5 second, it give a a error "files cannot extracting". After that blah blah blah extract error and extract error. Sorry guys>< :'(
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 25, 2007, 01:07:20 AM
It is the virus.. Try Safe Mode with Networking.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 25, 2007, 02:51:13 AM
It is the virus.. Try Safe Mode with Networking.

Virus?? What did u means?? Not really understand... virus block it or??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on September 25, 2007, 02:38:42 PM
Not really understand... virus block it or??
I think he refers to scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting). You can choose Safe Mode with Networking option.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 25, 2007, 04:01:28 PM
It is the virus.. Try Safe Mode with Networking.

dewild1, would u let me try 1 more time?? I make some setting on the pc setting, i think this time can run it. 1 more time we do it. I cant download the help.exe at now, it say the invoise expired. And it will took how long the time for your check??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 25, 2007, 08:35:03 PM
calciver, what type of network(s) does this computer connect to?  Any unsecure wireless - non-password protected private lan or public wifi?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 25, 2007, 11:45:40 PM
It is the virus.. Try Safe Mode with Networking.

dewild1, would u let me try 1 more time?? I make some setting on the pc setting, i think this time can run it. 1 more time we do it. I cant download the help.exe at now, it say the invoise expired. And it will took how long the time for your check??

http://www.virusswat.com/help/default.asp?2346
Sorry, yesterday I was in a meeting from 7am till 8pm.  ??? :'(
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 26, 2007, 12:09:15 AM
If I do most work in Safe Mode With Networking, 15 - 40 min.
If you reboot, then start pressing F8 Start up every one second, before windows loads,  then use the arrow keys to select Safe Mode With Networking, press Enter twice. Log in, go to the link above through IE, (not firefox), run help.exe, I will be right there with you.

If it is half way clean, like I think it is, I could do it all in regulure mode, but sometimes the really bad ones need to be cleaned with safemode with networking.  Even worse, some are such a B%$@& that we send them an www.UBCD4WIN.com with our remote software on it and fix it that way.

I do not think you are that bad. But if I can not end the process with pskill or other utils we use, nor delete the B^$#* from the reg, then, ya, I will send you a cd with the XP OS and our utils on it.
I know how valuable all the settings and data are, etc, etc.. We will not loose anything. It's what we do. 8)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 26, 2007, 01:18:15 AM
My tech said someone logged n yesterday but had no Technition window open. The technition window is the one at the end where you download help.exe. Make sure you do not close it so I know you you are and that web page also emails and sends me a txt every 5 min when a new person logs in.

I am the only tech logged in right now and I only have 4 other computers I am working on right now so I will be able to help you right away.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 26, 2007, 06:33:52 AM
calciver, what type of network(s) does this computer connect to?  Any unsecure wireless - non-password protected private lan or public wifi?

Is non password protected private lan.

i still cant find out C:\xuwffoua.bat
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 26, 2007, 06:54:04 AM
If I do most work in Safe Mode With Networking, 15 - 40 min.
If you reboot, then start pressing F8 Start up every one second, before windows loads,  then use the arrow keys to select Safe Mode With Networking, press Enter twice. Log in, go to the link above through IE, (not firefox), run help.exe, I will be right there with you.

If it is half way clean, like I think it is, I could do it all in regulure mode, but sometimes the really bad ones need to be cleaned with safemode with networking.  Even worse, some are such a B%$@& that we send them an www.UBCD4WIN.com with our remote software on it and fix it that way.

I do not think you are that bad. But if I can not end the process with pskill or other utils we use, nor delete the B^$#* from the reg, then, ya, I will send you a cd with the XP OS and our utils on it.
I know how valuable all the settings and data are, etc, etc.. We will not loose anything. It's what we do. 8)

Well, i had a bad news for you. That is my safe mode with networking cannot detect my dialing device. Even reinstall modem setting also can not connect to the internet.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 26, 2007, 08:13:27 AM
No problem, just to reg mode..
You have dial up? WTF, ouch, don't you have a wifi next door you can "borrow" from or something? ;D
It is going to take forever to help you now. Please tell me it is some strang PPOE or something.. :-\ :'( ???
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on September 26, 2007, 08:42:33 AM
Don't log in tonight, I am going to bed now. :(
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 26, 2007, 03:44:47 PM
No problem, just to reg mode..
You have dial up? WTF, ouch, don't you have a wifi next door you can "borrow" from or something? ;D
It is going to take forever to help you now. Please tell me it is some strang PPOE or something.. :-\ :'( ???

Well, here still not very much wifi user. Very sorry about that
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on September 27, 2007, 04:15:38 AM
Is non password protected private lan.
If its wireless you should secure it with a password.  An open wireless lan could easily be the source of infection if an unknown user is using your connection.  This could happen if the unknown has malicious intent or even just an infected computer.  The same as dewild1 mentions about "borrowing" a connection ...


i still cant find out C:\xuwffoua.bat
If my feeling about that batch file downloading files by ftp is correct (its still a guess) then its likely self-deleting.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on September 29, 2007, 07:31:31 PM
Is non password protected private lan.
If its wireless you should secure it with a password.  An open wireless lan could easily be the source of infection if an unknown user is using your connection.  This could happen if the unknown has malicious intent or even just an infected computer.  The same as dewild1 mentions about "borrowing" a connection ...


i still cant find out C:\xuwffoua.bat
If my feeling about that batch file downloading files by ftp is correct (its still a guess) then its likely self-deleting.

then what should i do??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 01, 2007, 04:39:05 AM
Sorry for the delay,  I was out of town.

If you want to, post new JT and ComboFix logs and we'll see if anything needs to be cleaned.  Then we can check again a couple days.  Hopefully the computer will remain clean.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: NewTaMax on October 01, 2007, 06:37:06 AM
我想,楼主一定是中国人,我看了个大概,下面是我给你的建议:
检查这几项:
O4 - HKLM\..\Run: [commomds] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [RAVGJMON] C:\Program Files\Internet Explorer\RAVGJMON.exe
O4 - HKLM\..\Run: [RAVDTHXMON] C:\Program Files\Internet Explorer\RAVDTHXMON.exe
O4 - HKLM\..\Run: [RAVCHDMON] C:\Program Files\Internet Explorer\RAVCHDMON.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
从你这个文件我看出了,你几乎装了所有最垃圾的国产软件,暴风,YAHOO上网助手,NERO,建议你全删了,用别的,启动项里能不加载的就别加载,这样你的电脑会清静很多。你的电脑应该还有ROOTKIT,比较麻烦,AVAST不一定能解决,如果你懂autoruns的使用方法可以试试。有什么问题再问。
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 01, 2007, 07:27:10 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:29 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8795 bytes


Can you give me a combofix link?? It was expired already.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 01, 2007, 07:37:59 AM
我想,楼主一定是中国人,我看了个大概,下面是我给你的建议:
检查这几项:
O4 - HKLM\..\Run: [commomds] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [RAVGJMON] C:\Program Files\Internet Explorer\RAVGJMON.exe
O4 - HKLM\..\Run: [RAVDTHXMON] C:\Program Files\Internet Explorer\RAVDTHXMON.exe
O4 - HKLM\..\Run: [RAVCHDMON] C:\Program Files\Internet Explorer\RAVCHDMON.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
从你这个文件我看出了,你几乎装了所有最垃圾的国产软件,暴风,YAHOO上网助手,NERO,建议你全删了,用别的,启动项里能不加载的就别加载,这样你的电脑会清静很多。你的电脑应该还有ROOTKIT,比较麻烦,AVAST不一定能解决,如果你懂autoruns的使用方法可以试试。有什么问题再问。

谢谢您的建议,但是我不是中国人而是马来西亚人。 如果您有看回,我已经清了那几样东西。
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 02, 2007, 05:40:24 AM
I'm 99+% sure this is legitimate

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

It first shows up in your logs at the same time as  Spyware Terminator which is a Crawler product (see HJT log top of page 5).  But some sites identify the file as wareout masquerading as Spyware Terminator.  I don't see any real signs of wareout but lets end the debate running through my mind and upload the file to Virus Total.


Heres a link to ComboFix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

These don't expire but maybe the site was down when you tried before.

Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 02, 2007, 07:44:48 AM
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Also this 1, show be fix or not??
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 02, 2007, 01:19:43 PM
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

Antivirus Version Last Update Result
AhnLab-V3 2007.10.2.1 2007.10.02 -
AntiVir 7.6.0.18 2007.10.02 -
Authentium 4.93.8 2007.10.02 -
Avast 4.7.1043.0 2007.10.02 -
AVG 7.5.0.488 2007.10.01 -
BitDefender 7.2 2007.10.02 -
CAT-QuickHeal 9.00 2007.10.02 -
ClamAV 0.91.2 2007.10.02 -
DrWeb 4.44.0.09170 2007.10.02 -
eSafe 7.0.15.0 2007.10.01 -
eTrust-Vet 31.2.5178 2007.10.01 -
Ewido 4.0 2007.10.02 -
FileAdvisor 1 2007.10.02 -
Fortinet 3.11.0.0 2007.10.02 -
F-Prot 4.3.2.48 2007.10.01 -
F-Secure 6.70.13030.0 2007.10.02 -
Ikarus T3.1.1.12 2007.10.02 -
Kaspersky 7.0.0.125 2007.10.02 -
McAfee 5131 2007.10.01 -
Microsoft 1.2803 2007.10.02 -
NOD32v2 2565 2007.10.02 -
Norman 5.80.02 2007.10.01 -
Panda 9.0.0.4 2007.10.02 Suspicious file
Prevx1 V2 2007.10.02 Heuristic: Suspicious Self Modifying File
Rising 19.43.10.00 2007.10.02 -
Sophos 4.22.0 2007.10.02 -
Sunbelt 2.2.907.0 2007.10.02 -
Symantec 10 2007.10.02 -
TheHacker 6.2.6.075 2007.10.01 -
VBA32 3.12.2.4 2007.10.02 -
VirusBuster 4.3.26:9 2007.10.01 -
Webwasher-Gateway 6.0.1 2007.10.02 -
Additional information
File size: 1131008 bytes
MD5: 69b850a3232997514f0f395d970bcebf
SHA1: 4acee4580a0d0d594587e3ca4fa5d03c8a6d0e15
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=123463AF00353CB14282114D70A75A001426310E
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 02, 2007, 01:35:35 PM
HJT log and ComboFix log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:12 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9168 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 03, 2007, 06:32:00 AM
There is a Silly worm infection showing in the ComboFix log now.

Open OTMovit and move these files


C:\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
C:\Windows\System32\cologsver.exe 
C:\Windows\System32\google.dll
C:\Windows\System32\xbox.dll


As in the past, some may not be found but post the entire log.


Then back up your registry with ERUNT again.  Paste the following into a notepad file making sure there is no space above REGEDIT4

Quote
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16b74252-6b65-11dc-a035-5050506f4531}]

Go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES.  Then in the FILE NAME box type fix.reg - this will create a fix.reg file on your desktop.

To use this file you will need to right click the icon and select merge, accept the warning if one appears.

Let me know if you had any problems with then and post a new ComboFix log.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: MeDIeVaL on October 03, 2007, 07:49:36 AM
When the dialer infect, comodo firewall did'nt bumping the warning as new suspect entry. That web assist i hv fix it, i think it come back already. And that 1 O17 i dont know wat is that. fts.exe it show at C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe only.

Well the O2 BHO Web Assist doesn't appear in your latest log so hopefully that is gone.

The O17 entry normally would be associated with your ISP now if your ISP isn't in Malaysia then this is more likely to be malicious and possibly a wareout infection. What is your ISP ?

The question about fts.exe was not so much is it in another location, but did you install it (I can only assume it is something to do with your connection ?

This 017 thing is tmnet streamyx associated file. It appeared to be in that folder when user subscribe with streamyx services then installed it with "Self Installation Cd". The steamyx dialer itself seem fishy so I've never installed it in my pc. It best to manually set up your internet connection rather than using this automated connection. The connection speed will still be the same even you don't use that application.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 03, 2007, 08:21:09 AM
Ahhh crap, I had you logged in, saw many problems still active, then I was doing some things to improve his PPPOE connection, and then I lost connection.
 ??? >:(
It should have reconnected me if you ran the hep.exe..
Did you run that or the remhelp.exe?

Darn it, I set up the log in to my server so I have no contact info! So, if you for some reason can not connect, then the PPPOE connection you are using needs to have the MS client enabled on netbios. (Malaysia PPPOE is strange, installs a protocol)
do this
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 03, 2007, 08:26:12 AM
I think I saw you in, as soon as i wrote the post above. Make sure you do the help.exe so it will keep reconnecting me if we loose connection.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 03, 2007, 08:28:11 AM
Ya, so Just click connect or do the help.exe so I can finish. BTW, PPPOE is DSL and it is not dial up.. You scared me before. :P
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 03, 2007, 08:40:02 AM
I know, I know, my "saying" says "you can sleep when your dead" but it is 11:30pm and I am a morning person.  I am getting OLD OK >:( ;D

Log in tomorrow, I do not have any contact info for you because I set up his account to save you some steps, but I posted here and sent a personal message.... Goodnight :-[
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: MeDIeVaL on October 03, 2007, 09:05:03 AM
If it was fat32 before you could try reformatting again with this option instead of ntfs.  Can you see what files are on it?


Quote
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
There is a vulnerability in WinPCap versions prior to 4.0.1.  I looks like you have Beta v0.  The vulnerability allows attackers to execute code  on your computer

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550

Is WinPCap something you installed?  Do you need it?   I suggest you either remove it or update to the current version.

Once again, this also come from streamyx "Self Installation Cd". As I told before, the program itself seem fishy. Got lots of problem whilst installing them so I've remove it and manually set up my internet connection.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: MeDIeVaL on October 03, 2007, 09:29:32 AM
Guys, can I suggest s'thing...? I can't find a'one asking calciver to "Turn off system restore". Why not try this once then do a boot scan once again. What I can see here is the infection recurring. I would like to suggest calciver to...

1) Turn off system restore
2) Show hidden files and folders
3) Uncheck "Hide extensions for known file types" box
4) Uncheck "Hide protecting operating system files" box
5) Schedule Boot-Time Scan

Do this 1st than give me the result... I'll assist you for the next step.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 03, 2007, 02:01:05 PM
I know, I know, my "saying" says "you can sleep when your dead" but it is 11:30pm and I am a morning person.  I am getting OLD OK >:( ;D

Log in tomorrow, I do not have any contact info for you because I set up his account to save you some steps, but I posted here and sent a personal message.... Goodnight :-[

Oh sorry guy, i have try to connect and i try connect u with the help.exe but cant online. This is my msn, blitzandaegis@yahoo.com. I think tomorrow i cant stay at home, i will go to school. Saturday, i will run the help.exe again
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 03, 2007, 02:07:53 PM
This is OTMoveit result:

File/Folder C:\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe not found.
File/Folder C:\Windows\System32\cologsver.exe not found.
File/Folder C:\Windows\System32\google.dll not found.
File/Folder C:\Windows\System32\xbox.dll not found.
 
Created on 10/03/2007 20:03:27


The fix registry had been merge in. I will post a combofix in the next post
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 03, 2007, 02:13:35 PM
combofix log
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 03, 2007, 04:55:16 PM
Good - the registry key is gone.  Since the files weren't found I'm guessing some other cleaning has happened and got rid of everthing but that stray line.  Let's take another look in a couple days.




... I had you logged in, saw many problems still active ...

What did you see?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 04, 2007, 05:04:17 AM
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Also this 1, show be fix or not??
I just noticed I hadn't answered this question.  That's just a stray  line referring to a browser helper object for Windows Live Messenger.  You don't need to worry about it right now, but we'll probably fix it when we're ready to finish up.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 04, 2007, 01:08:41 PM
Thx,  i will post another combo fix log and HJT log at saturday if i remember
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 05, 2007, 04:11:10 PM
HJT log and ComboFix log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:39 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\WINDOWS\System32\svchost.exe
C:\Setup\Antivirus\help.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 8554 bytes
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 05, 2007, 08:24:31 PM
I don't recognize this nor do i recall seeing it running on your computer in any prior logs

C:\Setup\Antivirus\help.exe

I'm assuming its something to do with dewild1's program.  If that's accurate then I see nothing of concern in either of your most recent logs.

How is the computer running?  Symptom free or still with problems?
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 06, 2007, 07:55:23 PM
I don't recognize this nor do i recall seeing it running on your computer in any prior logs

C:\Setup\Antivirus\help.exe

I'm assuming its something to do with dewild1's program.  If that's accurate then I see nothing of concern in either of your most recent logs.

How is the computer running?  Symptom free or still with problems?

Yea, that is dewild1's program. Now is symptom free and i will keep trying the protection for my pc and after i get mine hdd then i will format the pc. Half years or 1 years format 1 time, friend suggestion :P
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 06, 2007, 09:58:51 PM
Now is symptom free ...
Clean after only 18 short, fun-filled pages  ;D


... i will format the pc. Half years or 1 years format 1 time, friend suggestion :P
Please, there's no need for that now.

It's probably impossible to say with 100%  certainty but I'm very confident the most frustrating part of the problem was caused by the open network.  Frustrating in that we spent days looking for the source of reinfection on your hard drive when it wasn't on the drive at all.  Now that you've secured the network I think you'll be fine.


There is a little clean up we should do before we call this finished.

Double click OTMoveIt once again and you should see a CleanUp! button.  Click that button.  You may get prompted by your firewall that OTMoveIt wants to contact the internet.  Allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.


Download and install CleanUp (http://www.stevengould.org/index.php?option=com_content&task=view&id=29&Itemid=72), rebooting the computer if requested during installation.  Open the program and click the Clean Up button in order to remove temporary files, browsing history, etc.  It's a good practice to use this program from time to time as malware can lurk in some of these locations.  I usually run this program after every browsing session.


Now to get you off to a good start we will reset your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done


Also, let me know what you and dewild1 determine.  I'll be interested to see his results.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 07, 2007, 09:30:39 AM
I don't recognize this nor do i recall seeing it running on your computer in any prior logs

C:\Setup\Antivirus\help.exe

I'm assuming its something to do with dewild1's program.  If that's accurate then I see nothing of concern in either of your most recent logs.

How is the computer running?  Symptom free or still with problems?
yep, the SC is here, http://forum.avast.com/index.php?topic=30139.msg253114#msg253114
I just keeps this guys program, http://www.gidsoftware.com/remotehelpdesk.htm , connected.
Man, I am sorry,  ???, the different time zones, him logging in both times right before i am going to bed, one time getting a svchost error, going to run tasklist /FI "IMAGENAME eq svchost.exe" /SVC in CMD and finish up. I just got things uninstalled then for one reason or the other, grrrrrrrrrrr.. Sorry, please try again! ;D
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 07, 2007, 06:26:51 PM
dewild1, i connect at your time zone i think is near 11am but didn't happen any then same time connect u(your time zone 10pm like that) also didn't connect. I think will only get time at wednesday
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 09, 2007, 07:24:12 AM
Comodo firewall compair with the ZoneAlarm, which 1 better??

And what are they pros and cons
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on October 09, 2007, 02:11:03 PM
I would say comodo even though I don't use it, ZA free has become bloated with lots of trialware and its outbound protection is crippled to promote ZA Pro upgrade.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: Lisandro on October 09, 2007, 10:47:12 PM
Comodo firewall compair with the ZoneAlarm, which 1 better??

And what are they pros and cons
Well... there are tons of reviews available.
I'd rather Comodo. I do not use ZoneLabs products anymore.
Personal Firewall Tests & Results. Firewall rating:
http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php
About the leak tests limitations: http://forum.avast.com/index.php?topic=29259.msg247460#msg247460

Freeware firewalls:
http://www.firewallleaktester.com/tests_overview.php
http://www.thefreecountry.com/security/firewalls.shtml

Reviews:
XP: http://forum.avast.com/index.php?topic=27646.0
Vista: http://forum.avast.com/index.php?topic=27647.0
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 10, 2007, 10:01:08 AM
Earlier today, I had no mouse, tonight, no keyboard so I could not tell you what to do after I came back from the store!
Grrrrrrrrrr. Dam Keyboard, Mouse, Video switch is on the blink!
I hope IE 7 went ok and installed ok.
If you leave your computer on, it will lock and update to the latest version of my software. After that, it will be OK.
HOWEVER, I am truly worried about Avast blocking my programs because they are compiled with UPX. I saw it blocking several of them, the older ones, if it blocks the ones that are needed to lock things down and protect you, I fear the worst, for, I do not want you to get reinfected. :-)
Even though the guys and gals on the forum got you very clean, once you are infected, it is easy to become re-infected, that is unless you got my stuff.
I tried to exclude the actual directory and files from being scanned in Avast as well as the folder higher up.

I saw your posts on the firewall, please trust my experience; if malware can not run, NOR install, you do not need an OUTGOING firewall, only one for INCOMING. "Experts" may disagree, but with my CPULOCK an outgoing firewall is just an annoyance.
I will paste this email to give an update on the forum.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 10, 2007, 10:09:31 AM
The above was the email I just sent him.
It was a pain in the butt for both of us. He was logging in through the file that he downloaded, directly. All my clients go through my web site. My web site emails and sends me txt every 5 min until me or one of my techs gets it. My tech worked on him today but he was sick so he really did not do much! >:( >:( >:( >:( :-[ :-[
By going directly, no one even knew he was there... :'(
He has Avast, and all the other stuff we do, but the exclusion thing is something I need to figure out. Having Avast block my programs is bad.
I want to uninstall superantispyware after a week as well to help his system speed up and do some checks.
But as long as my stuff can update, and the scans run as scheduled, he will be fine. 8)
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: dewild1 on October 10, 2007, 10:25:00 AM
Also, time zones, that made it hard to :P
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: mauserme on October 10, 2007, 01:41:31 PM
Even though the guys and gals on the forum got you very clean, once you are infected, it is easy to become re-infected, that is unless you got my stuff.
So at this point you're just trying to install your software as a replacement (?) for other security soft?



I saw your posts on the firewall, please trust my experience; if malware can not run, NOR install, you do not need an OUTGOING firewall, only one for INCOMING. "Experts" may disagree, but with my CPULOCK an outgoing firewall is just an annoyance.
I will paste this email to give an update on the forum.
I am happier with outbound protection as well as inbound.  I have Zone Alarm on a single computer and PC Tools Firewall on another just to keep up to date on them. 

I have Comodo on several computers and that's my preferred firewall.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 10, 2007, 03:49:56 PM
Earlier today, I had no mouse, tonight, no keyboard so I could not tell you what to do after I came back from the store!
Grrrrrrrrrr. Dam Keyboard, Mouse, Video switch is on the blink!
I hope IE 7 went ok and installed ok.
If you leave your computer on, it will lock and update to the latest version of my software. After that, it will be OK.
HOWEVER, I am truly worried about Avast blocking my programs because they are compiled with UPX. I saw it blocking several of them, the older ones, if it blocks the ones that are needed to lock things down and protect you, I fear the worst, for, I do not want you to get reinfected. :-)
Even though the guys and gals on the forum got you very clean, once you are infected, it is easy to become re-infected, that is unless you got my stuff.
I tried to exclude the actual directory and files from being scanned in Avast as well as the folder higher up.

I saw your posts on the firewall, please trust my experience; if malware can not run, NOR install, you do not need an OUTGOING firewall, only one for INCOMING. "Experts" may disagree, but with my CPULOCK an outgoing firewall is just an annoyance.
I will paste this email to give an update on the forum.


My incoming that 1 already broke when last 3 month virus attack and i install comodo and those virus didn't coming again
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: calciver on October 10, 2007, 04:01:21 PM
I would say comodo even though I don't use it, ZA free has become bloated with lots of trialware and its outbound protection is crippled to promote ZA Pro upgrade.

I have try ZA at another pc and it look like will cut all connection to the internet, and if i wrong click to block software connection to the internet or running, next time running again that software then cannot run because it block then i cant release it.
Title: Re: cant remove all win32:dialer-1026 after boots time scan
Post by: DavidR on October 10, 2007, 04:20:52 PM
If you can't release it, delete the entry for it in program control and that will force ZA to ask permission again when you next use it, then allow the software application.