« previous next »
Pages: 1 ... 4 5 [6] 7 8 ... 18   Go Down

Author Topic: cant remove all win32:dialer-1026 after boots time scan  (Read 131300 times)

0 Members and 1 Guest are viewing this topic.

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #75 on: September 15, 2007, 07:16:35 AM »
[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} ->  ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} ->  ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} ->  ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 9/6/2007 5:59:56 PM | Attr =    ]
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [Catalyst Context Menu extension] ->  [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr =    ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1807656 bytes | Modified Date = 6/22/2007 3:46:46 PM | Attr =    ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr =    ]
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [NeroCoverEd Live Icons] -> Nero AG [Ver = 2, 10, 1, 1 | Size = 1967400 bytes | Modified Date = 6/28/2007 1:58:24 PM | Attr =    ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1807656 bytes | Modified Date = 6/22/2007 3:46:46 PM | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTHandler] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
< BotCheck > ->  ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #76 on: September 15, 2007, 07:17:47 AM »
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 828 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #77 on: September 15, 2007, 07:18:55 AM »
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> ·1/›0vÿÀI™M?©r¼b9075105
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> Àr`½ÑD+Ñ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> p5õå¸ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> yLà#ÅP¬ÜzD1ì+ G ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> ¤Ë‰‹
‚ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 9095 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #78 on: September 15, 2007, 07:20:32 AM »
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #79 on: September 15, 2007, 07:21:01 AM »
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1807656 bytes | Modified Date = 6/22/2007 3:46:46 PM | Attr =    ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr =    ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 10, 3, 2 | Size = 99624 bytes | Modified Date = 6/29/2007 7:16:56 PM | Attr =    ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 9/6/2007 5:59:56 PM | Attr =    ]
{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Cover Designer] -> Nero AG [Ver = 2, 10, 1, 1 | Size = 1967400 bytes | Modified Date = 6/28/2007 1:58:24 PM | Attr =    ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTContMenu] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ ->
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTContMenu] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ ->
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [ACE] ->  [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 9/25/2006 9:13:12 AM | Attr =    ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 10, 3, 2 | Size = 99624 bytes | Modified Date = 6/29/2007 7:16:56 PM | Attr =    ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 9/6/2007 5:59:56 PM | Attr =    ]
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] -> %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTContMenu] -> Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 9/13/2007 11:50:44 PM | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 120832 bytes | Modified Date = 1/22/2004 6:36:28 PM | Attr =    ]
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #80 on: September 15, 2007, 07:21:25 AM »
< ControlSets > ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} -> 8194 - Reg Data - Value does not exist ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8195 ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #81 on: September 15, 2007, 07:21:51 AM »
< Security Settings > ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #82 on: September 15, 2007, 12:45:41 PM »
< Security Settings > ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #83 on: September 15, 2007, 12:46:05 PM »
rvices\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 9095 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #84 on: September 15, 2007, 12:46:32 PM »
um\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 ->  ->
%SystemRoot% ->  ->
%SystemRoot%\System32\Wbem ->  ->
C:\Program Files\ATI Technologies\ATI.ACE\ ->  ->
C:\Program Files\Storm Codec\QTSystem\ ->  ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM ->  ->
.EXE ->  ->
.BAT ->  ->
.CMD ->  ->
.VBS ->  ->
.VBE ->  ->
.JS ->  ->
.JSE ->  ->
.WSF ->  ->
.WSH ->  ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.1159 (dnsrv.040209-1620) | Size = 10752 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 8:56:46 AM | Attr =    ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr =    ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/4/2004 8:56:54 AM | Attr =    ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/15/2003 10:52:56 AM | Attr =    ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -%1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 3003392 bytes | Modified Date = 8/4/2004 8:56:44 AM | Attr =    ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #85 on: September 15, 2007, 12:47:30 PM »
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 8:56:46 AM | Attr =    ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 3003392 bytes | Modified Date = 8/4/2004 8:56:44 AM | Attr =    ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:56:56 AM | Attr =    ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:56:58 AM | Attr =    ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 8:56:46 AM | Attr =    ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:56:50 AM | Attr =    ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:56:52 AM | Attr =    ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #86 on: September 15, 2007, 12:48:21 PM »
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ ->  ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #87 on: September 15, 2007, 12:49:32 PM »
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Scripts\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableAutoUpdate -> 1 ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\ ->  ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{1865A76F-D5F8-415C-94C2-68CB91D1F843} -> Chinese Star 2006 ->
{20D4A895-748C-4D88-871C-FDB1695B0169} -> Platform ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer ->
{242FBF70-03A3-4317-931F-FA7798F39A13} -> Winflash ->
{2F143483-68D6-4234-9346-724056818193} -> ATI Catalyst Control Center ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{364319B3-BD10-48EB-A8DE-D667B43590B0} -> NBA LIVE 07 ->
{36CDA33B-909B-4719-97D1-C4B99309BDC7} -> ATI Parental Control & Encoder ->
{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66} -> ATI HydraVision ->
{417E7710-C77B-4CB9-839A-D586A12C64E2} -> Smart Guardian ->
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->
{80EAC1F5-3067-4E57-A09F-3AF728C59FE5} -> MapleStory ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{90170409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office FrontPage 2003 ->
{90A10409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office OneNote 2003 ->
{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} -> QuickTime ->
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable ->
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0 ->
{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6} -> AVIVO Codecs ->
{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} -> MSN Messenger 7.5 ->
{D5CD3E08-6B73-471A-93D1-63C7F32118C1} -> O2Jam (e-Games) v.3.50 ->
{DB4C031D-B2F8-47F1-A274-59A8F3B61033} -> Nero 7 Essentials ->
{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer ->
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio ->
Advanced WindowsCare V2 Personal_is1 -> Advanced WindowsCare 2.51 Personal ->
All ATI Software -> ATI - Software Uninstall Utility ->
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #88 on: September 15, 2007, 12:50:18 PM »
Any Video Converter_is1 -> Any Video Converter 1.3.2 ->
ATI Display Driver -> ATI Display Driver ->
avast! -> avast! Antivirus ->
BitComet -> BitComet 0.91 ->
COMODO Firewall Pro -> COMODO Firewall Pro ->
CToolbar_UNINSTALL -> Crawler Toolbar with Web Security Guard ->
Diagnostic Tool -> Diagnostic Tool ->
GoogleVideoPlayer -> Google Video Player ->
HijackThis -> HijackThis 2.0.2 ->
InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} -> VIA Platform Device Manager ->
Kate's Video Converter_is1 -> Kate's Video Converter 2.8.4 ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KLiteCodecPack_is1 -> K-Lite Mega Codec Pack 1.52 ->
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->
Pokemon Sapphire -> Pokemon Sapphire ->
Ragnarok Online -> Ragnarok Online ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spyware Terminator_is1 -> Spyware Terminator ->
Storm Codec 5 -> Storm Codec ->
Switch -> Switch ->
tmnet streamyx dialer -> tmnet streamyx dialer ->
VN_VUIns_Rhine_VIA -> VIA Rhine-Family Fast Ethernet Adapter ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
WinPatrol -> WinPatrol 2007 ->
WinPcapInst -> WinPcap 3.0 ->
WinRAR archiver -> WinRAR archiver ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW ->
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< EventViewer Logs > -> Errors and Warnings -> Description
Application - Error - 8/16/2007 7:57:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/16/2007 9:37:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/16/2007 10:58:21 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 12:22:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 9:57:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 10:58:07 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/17/2007 2:47:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error This operation returned because the timeout period expired
Application - Error - 8/17/2007 2:47:28 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = crypt32 -> Description = Failed auto update retrieval of third-party root list sequence number from <httpwwwdownloadwindowsupdatecommsdownloadupdatev3statictrustedrenauthrootseqtxt> with error The specified server cannot perform the requested operation
Application - Warning - 8/17/2007 4:16:10 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 10:21:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/17/2007 10:27:29 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:07:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:09:14 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:16:39 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:23:04 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:31:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 12:33:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 12:53:29 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/18/2007 12:53:39 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/18/2007 12:53:48 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application ashSimplexe version 479360 hang module hungapp version 0000 hang address 0x00000000
Application - Error - 8/18/2007 12:56:00 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application ashSimplexe version 479360 hang module hungapp version 0000 hang address 0x00000000
Application - Error - 8/18/2007 12:57:10 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Hang -> Description = Hanging application ashSimplexe version 479360 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 8/18/2007 12:59:01 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 1:36:39 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 1:43:46 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 1:47:52 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 11:11:23 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 1:02:33 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 2:12:08 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 3:03:48 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 6:16:44 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 7:11:23 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 7:16:42 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/18/2007 7:21:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Logged

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #89 on: September 15, 2007, 12:51:59 PM »
Application - Warning - 8/18/2007 7:57:37 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 9:32:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 9:33:03 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/18/2007 9:38:32 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/18/2007 10:41:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 12:39:31 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 12:45:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 12:57:19 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:02:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/19/2007 1:11:05 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 1:18:28 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:20:49 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 1:32:34 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:34:35 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 8/19/2007 1:42:25 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 2:08:13 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 2:25:16 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 10:34:56 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 11:37:20 AM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 12:16:35 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 12:17:54 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 1:24:05 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 1:29:30 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 2:12:51 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 2:13:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 8/19/2007 2:27:31 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 2:59:53 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 3:45:07 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 4:04:26 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 6:56:43 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 8:53:24 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 8/19/2007 10:19:38 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 8/19/2007 10:24:46 PM -> Computer Name = HOME-E8AEAB07C2 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Logged
Pages: 1 ... 4 5 [6] 7 8 ... 18   Go Up
« previous next »