Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unidentified problem with programs


  • Please log in to reply

#1
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi Miserey
Welcome to Geekstogo

Your log looks to be clean :blink: the items that were found by Panda active scan are left overs from old infections, they are harmless and almost impossible to find.

The only possible problem I can see is the fact you are using alot of antispyware programs, it's best to stick to just one On-Access Scanner
As the name implies, these are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.
AVG antispyware will expire after 1 month and will revert to an On Demand scanner, SuperAntispyware is also an On Demand scanner, these are scanners that only run when you ask them to.
Windows Defender will protect your system On-Access so unless you wish to purchase either of the other two I suggest you keep windows defender, keep one of the other two programs as an on-demand scanner (in my own opinion they are both better than Windows Defender).

Hope this helps

Andy :whistling:
  • 0

Advertisements


#2
Miserey

Miserey

    Member

  • Member
  • PipPip
  • 26 posts
Andy,
Thanks hun for your help.
I am real sorry it took so long to get back to this but I couldnt get back on the internet.
This computer has lots of Malicious script on it.
Long story short Mom and Dad both Have been running their Puters on just an administrative
account. I dont know whether I can get help here or I need to post to another topic for this help?
I could really use some help though. thought if I reformatted I could just start over then I read somewhere that that might not be a good idea.
I told my Dad to unplug Both puters and put them in a corner to be disected for the next year or so then
go out buy 2 new ones and set them up right :blink: He didnt think that was funny. I didnt think I was trying to be. sooooo :whistling:
Any suggestions??
Miserey
  • 0

#3
andydf

andydf

    Visiting Staff

  • Topic Starter
  • Visiting Consultant
  • 1,660 posts
Hi Miserey

I can definitely try to help you but I need as much info about errors, popups, warnings etc as you can provide. It's probably best to tackle one PC at a time, so give me as much info about the current PC above.
If you have all the data backed up to CD then a reformat is an option, but lets see if we can sort it before going down that road.

Andy :whistling:
  • 0

#4
Miserey

Miserey

    Member

  • Member
  • PipPip
  • 26 posts
Andy,
In Advance... :help: Thank you. This is driving me insane.
where to begin????
My Father is the original Grumpy Old Man (forgive me Dad) and has a marque message across
his puter saying not to touch. Long story short My brother set both puters up with Norton system
works and a seperate norton firewall and reconfigured security settings but did not set them up
with user accounts. This made playing Spades impossible for the Grumpy old man who got
grumpier and dumped the firewall. His complaints were:

1) mouse sticking, not being able to control it and feeling like he was fighting for control of it.
2) He plays yahoo spades and was having problems with having to restart the computer to just
be able to change rooms.
3) Tons of Pop ups

Then the Grumpie Old Mans world came crashing down when.....
4) Yahoo spades wouldnt load up :blink:

I was then allowed to fix his computer. (Thanks alot )
where I went to windows update ( via the internet, not startup ) and found that he needed a few
updates. This is where all [bleep] broke loose.
Options are set to automatically download and install updates but they hadnt been installing.
Same with Norton. Norton was showing liveupdate being expired, and it wasnt.
After I posted here I tried to clean up his puter while waiting for a reply and all I can say is
oooooops!
when I downloaded the updates
this file:


An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x75CAE748
Function=[Unknown.]
Library=c:\windows\system32\jscript.dll

NOTE: We are unable to locate the function name symbol for the error
just occurred. Please refer to release documentation for possible
reason and solutions.


Current Java thread:
at sun.awt.windows.WToolkit.eventLoop(Native Method)
at sun.awt.windows.WToolkit.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe
0x7C900000 - 0x7C9B0000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F4000 C:\WINDOWS\system32\kernel32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77D40000 - 0x77DD0000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F57000 C:\WINDOWS\system32\GDI32.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778D0000 C:\WINDOWS\system32\SHDOCVW.dll
0x77A80000 - 0x77B14000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x754D0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771AC000 C:\WINDOWS\system32\OLEAUT32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x5B860000 - 0x5B8B4000 C:\WINDOWS\system32\NETAPI32.dll
0x771B0000 - 0x77259000 C:\WINDOWS\system32\WININET.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x773D0000 - 0x774D3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x7C9C0000 - 0x7D1D5000 C:\WINDOWS\system32\SHELL32.dll
0x5D090000 - 0x5D12A000 C:\WINDOWS\system32\comctl32.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x75F80000 - 0x7607D000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x7E1E0000 - 0x7E282000 C:\WINDOWS\system32\urlmon.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x77A20000 - 0x77A74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661D000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x10000000 - 0x1000C000 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x6A1F0000 - 0x6A212000 C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
0x7C3A0000 - 0x7C41B000 C:\WINDOWS\system32\MSVCP71.dll
0x7C340000 - 0x7C396000 C:\WINDOWS\system32\MSVCR71.dll
0x75E90000 - 0x75F40000 C:\WINDOWS\system32\SXS.DLL
0x01650000 - 0x016D8000 C:\WINDOWS\system32\shdoclc.dll
0x016E0000 - 0x019A5000 C:\WINDOWS\system32\xpsp2res.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\mlang.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\wsock32.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\WS2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\system32\mswsock.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.DLL
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x5CD70000 - 0x5CD77000 C:\WINDOWS\system32\serwvdrv.dll
0x5B0A0000 - 0x5B0A7000 C:\WINDOWS\system32\umdmxfrm.dll
0x77C70000 - 0x77C93000 C:\WINDOWS\system32\msv1_0.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x745E0000 - 0x748A6000 C:\WINDOWS\system32\msi.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x769C0000 - 0x76A73000 C:\WINDOWS\system32\USERENV.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x7DC30000 - 0x7DF21000 C:\WINDOWS\system32\mshtml.dll
0x019F0000 - 0x01A17000 C:\WINDOWS\system32\msls31.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL
0x02650000 - 0x0267A000 C:\WINDOWS\system32\msimtf.dll
0x02680000 - 0x026CB000 C:\WINDOWS\system32\MSCTF.dll
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.DLL
0x75C50000 - 0x75CBE000 c:\windows\system32\jscript.dll
0x66E50000 - 0x66E90000 C:\WINDOWS\system32\iepeers.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x73300000 - 0x73367000 c:\windows\system32\vbscript.dll
0x73DD0000 - 0x73ECE000 c:\windows\system32\MFC42.DLL
0x30000000 - 0x302DE000 C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
0x763B0000 - 0x763F9000 C:\WINDOWS\system32\comdlg32.dll
0x72D20000 - 0x72D29000 C:\WINDOWS\system32\wdmaud.drv
0x72D10000 - 0x72D18000 C:\WINDOWS\system32\msacm32.drv
0x77BE0000 - 0x77BF5000 C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD7000 C:\WINDOWS\system32\midimap.dll
0x66880000 - 0x6688C000 C:\WINDOWS\system32\ImgUtil.dll
0x5E310000 - 0x5E31C000 C:\WINDOWS\system32\pngfilt.dll
0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll
0x6BDD0000 - 0x6BE06000 C:\WINDOWS\system32\dxtrans.dll
0x76B20000 - 0x76B31000 C:\WINDOWS\system32\ATL.DLL
0x6D430000 - 0x6D43A000 C:\WINDOWS\system32\ddrawex.dll
0x73760000 - 0x737A9000 C:\WINDOWS\system32\DDRAW.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\system32\DCIMAN32.dll
0x6BE10000 - 0x6BE6A000 C:\WINDOWS\system32\dxtmsft.dll
0x767F0000 - 0x76817000 C:\WINDOWS\system32\schannel.dll
0x0FFD0000 - 0x0FFF8000 C:\WINDOWS\system32\rsaenh.dll
0x68100000 - 0x68124000 C:\WINDOWS\system32\dssenh.dll
0x6D460000 - 0x6D470000 C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6D330000 - 0x6D348000 C:\Program Files\Java\j2re1.4.2_06\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D3A0000 - 0x6D3B8000 C:\Program Files\Java\j2re1.4.2_06\bin\jpishare.dll
0x08000000 - 0x08139000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\client\jvm.dll
0x054E0000 - 0x054E7000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\hpi.dll
0x05AB0000 - 0x05ABE000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\verify.dll
0x05AC0000 - 0x05AD9000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\java.dll
0x05AE0000 - 0x05AED000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\zip.dll
0x06600000 - 0x06712000 C:\Program Files\Java\j2re1.4.2_06\bin\awt.dll
0x06720000 - 0x06771000 C:\Program Files\Java\j2re1.4.2_06\bin\fontmanager.dll
0x73940000 - 0x73A10000 C:\WINDOWS\system32\D3DIM700.DLL
0x6D310000 - 0x6D324000 C:\Program Files\Java\j2re1.4.2_06\bin\jpicom32.dll
0x6D480000 - 0x6D49D000 C:\Program Files\Java\j2re1.4.2_06\bin\RegUtils.dll
0x06F90000 - 0x06FCE000 C:\WINDOWS\system32\xpsp3res.dll
0x073F0000 - 0x073FF000 C:\Program Files\Java\j2re1.4.2_06\bin\net.dll
0x74980000 - 0x74A8E000 C:\WINDOWS\system32\msxml3.dll
0x07640000 - 0x07662000 C:\Program Files\Java\j2re1.4.2_06\bin\dcpr.dll
0x71D40000 - 0x71D5C000 C:\WINDOWS\system32\actxprxy.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\DBGHELP.dll

Heap at VM Abort:
Heap
def new generation total 1152K, used 449K [0x10010000, 0x10150000, 0x10770000)
eden space 1024K, 39% used [0x10010000, 0x100743b8, 0x10110000)
from space 128K, 38% used [0x10130000, 0x1013c440, 0x10150000)
to space 128K, 0% used [0x10110000, 0x10110000, 0x10130000)
tenured generation total 14124K, used 9464K [0x10770000, 0x1153b000, 0x16010000)
the space 14124K, 67% used [0x10770000, 0x110ae128, 0x110ae200, 0x1153b000)
compacting perm gen total 5632K, used 5556K [0x16010000, 0x16590000, 0x1a010000)
the space 5632K, 98% used [0x16010000, 0x1657d2b0, 0x1657d400, 0x16590000)

Local Time = Sun Nov 19 07:34:55 2006
Elapsed Time = 142
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot™ Client VM (1.4.2_06-b03 mixed mode)
#
was dumped on his desktop.
I couldnt get back to microsoft site. Kept getting the could not connect to the internet page and
yet I was on the internet.
Windows defender was running from the recycle bin.
Got a message from windows update from there too.
I disconected from the internet and just started looking through files. I swear I didnt change
anything :whistling:
I shut down and when I turned the puter on again half the programs where in the recycle bin.
They wernt running from there though :) ie7 included
I have error logs in lots of places now.
Are you sure you want to help me still? :rofl:
Miserey

Edited by Miserey, 12 December 2006 - 05:59 PM.

  • 0

#5
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Split from this thread.

http://www.geekstogo...howtopic=141194
  • 0

#6
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Hi Misery...

Let's look at the java you have installed...it appears to be an old version. Open Control Panel and double click "Add or Remove Programs". Locate and uninstall the Java applications (coffee cup icons). Reboot.

Go HERE and download the latest Java version and install it. Reboot.

Try the websites again.

wannabe1
  • 0

#7
Miserey

Miserey

    Member

  • Member
  • PipPip
  • 26 posts
Hi Wannabe,
Thanks for your help. I will be more serious and try to stick to the point.

As there were 2 java's in add/remove prog's I knew one would have to be deleted and
yes that was causing the applet not to load. I didnt want to start deleting anything though as
there seemed to be other problems that didnt make sense to me. I did remove old and installed
new.

So what about windows update and defender running from recycle bin? and upon booting
up computer ie7, windows defender, Norton, etc... being in my recycle bin?
When I did get back online I typed in microsoft url and got part of microsoft page then an
error page saying couldnt connect to the internet. I hit back button and was back on yahoo page
where I did a search for microsoft, clicked on the link and notepad came up, it quickly filled up
with this:
1 47.01702499 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dialupass.exe NOT FOUND
2 47.01823425 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Access: 0x20019
3 47.01826096 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
4 47.01828766 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
5 47.01968384 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option NOT FOUND
6 47.01971817 dialupass.exe:2012 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers SUCCESS Access: 0x1
7 47.01974487 dialupass.exe:2012 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled SUCCESS 0x1
8 47.01982498 dialupass.exe:2012 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers SUCCESS
9 47.01989746 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers NOT FOUND
10 47.02132797 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Access: 0x20019
11 47.02135468 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
12 47.02143860 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
13 47.02164841 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll NOT FOUND
14 47.02168655 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll NOT FOUND
15 47.02172852 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Access: 0x20019
16 47.02177048 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
17 47.02183151 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled SUCCESS 0x0
18 47.02185822 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
19 47.02215576 dialupass.exe:2012 OpenKey HKLM SUCCESS Access: 0x2000000
20 47.02219391 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NOT FOUND
21 47.02222443 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll NOT FOUND
22 47.02230453 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument\ NOT FOUND
23 47.02244949 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Access: 0x20019
24 47.02248001 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32\dialupass NOT FOUND
25 47.02251053 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS
26 47.02254486 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS Access: 0x20019
27 47.02257156 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility\dialupass NOT FOUND
28 47.02259827 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS
29 47.02273178 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Access: 0x20019
30 47.02276993 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SUCCESS ""
31 47.02279663 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS
32 47.02291870 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll NOT FOUND
33 47.02295303 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COMCTL32.dll NOT FOUND
34 47.02315903 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
35 47.02318192 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
36 47.02322769 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
37 47.02326965 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
38 47.02328873 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
39 47.02331924 dialupass.exe:2012 CloseKey HKCU SUCCESS
40 47.02351761 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
41 47.02354050 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
42 47.02358627 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
43 47.02361679 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
44 47.02363968 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
45 47.02366638 dialupass.exe:2012 CloseKey HKCU SUCCESS
46 47.02473450 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x1
47 47.02476120 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NOT FOUND
48 47.02480316 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
49 47.02488708 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x20019
50 47.02492142 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x20019
51 47.02495575 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\SmoothScroll NOT FOUND
52 47.02499390 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
53 47.02502060 dialupass.exe:2012 CloseKey HKCU SUCCESS
54 47.02520752 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll NOT FOUND
55 47.02537155 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.dll NOT FOUND
56 47.02547073 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHELL32.dll NOT FOUND
57 47.02559662 dialupass.exe:2012 OpenKey HKLM\SYSTEM\Setup SUCCESS Access: 0x1
58 47.02561951 dialupass.exe:2012 QueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS 0x0
59 47.02565384 dialupass.exe:2012 CloseKey HKLM\SYSTEM\Setup SUCCESS
60 47.02569580 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
61 47.02573395 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
62 47.02577591 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
63 47.02579498 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
64 47.02582932 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
65 47.02585602 dialupass.exe:2012 CloseKey HKCU SUCCESS
66 47.03015900 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NOT FOUND
67 47.03077698 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll NOT FOUND
68 47.03088379 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
69 47.03091812 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
70 47.03095245 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
71 47.03098679 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
72 47.03101730 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
73 47.03103638 dialupass.exe:2012 CloseKey HKCU SUCCESS
74 47.03564072 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x20019
75 47.03569794 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x20019
76 47.03572083 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\SmoothScroll NOT FOUND
77 47.03575897 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
78 47.03589249 dialupass.exe:2012 CloseKey HKCU SUCCESS
79 47.03595734 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack SUCCESS Access: 0x1
80 47.03598022 dialupass.exe:2012 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack NO MORE ENTRIES
81 47.03602219 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack SUCCESS
82 47.03628922 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll NOT FOUND
83 47.03631973 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll NOT FOUND
84 47.03636551 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comdlg32.dll NOT FOUND
85 47.03639984 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll NOT FOUND
86 47.03642654 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll NOT FOUND
87 47.03647614 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETAPI32.dll NOT FOUND
88 47.03650284 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll NOT FOUND
89 47.03653336 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtutils.dll NOT FOUND
90 47.03657532 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINMM.dll NOT FOUND
91 47.03660965 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TAPI32.dll NOT FOUND
92 47.03664017 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RASAPI32.dll NOT FOUND
93 47.03680801 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32 SUCCESS Access: 0x80000000
94 47.03685379 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave SUCCESS "wdmaud.drv"
95 47.03689194 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave SUCCESS "wdmaud.drv"
96 47.03695679 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave1 NOT FOUND
97 47.03697968 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave2 NOT FOUND
98 47.03701782 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave3 NOT FOUND
99 47.03704071 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave4 NOT FOUND
100 47.03707886 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave5 NOT FOUND
101 47.03710175 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave6 NOT FOUND
102 47.03713989 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave7 NOT FOUND
103 47.03716278 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave8 NOT FOUND
104 47.03720093 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave9 NOT FOUND
105 47.03723145 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi SUCCESS "wdmaud.drv"
106 47.03727341 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi SUCCESS "wdmaud.drv"
107 47.03730011 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi1 NOT FOUND
108 47.03733444 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi2 NOT FOUND
109 47.03736115 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi3 NOT FOUND
110 47.03739548 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi4 NOT FOUND
111 47.03742218 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi5 NOT FOUND
112 47.03745651 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi6 NOT FOUND
113 47.03748322 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi7 NOT FOUND
114 47.03752136 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi8 NOT FOUND
115 47.03754425 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi9 NOT FOUND
116 47.03758240 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux NOT FOUND
117 47.03760529 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux1 NOT FOUND
118 47.03763962 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux2 NOT FOUND
119 47.03766251 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux3 NOT FOUND
120 47.03770065 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux4 NOT FOUND
121 47.03772354 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux5 NOT FOUND
122 47.03775787 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux6 NOT FOUND
123 47.03778076 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux7 NOT FOUND
124 47.03781891 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux8 NOT FOUND
125 47.03784180 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\aux9 NOT FOUND
126 47.03791428 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm SUCCESS Access: 0xF003F
127 47.03794098 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel SUCCESS 0x1
128 47.03798676 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm SUCCESS
129 47.03804016 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer SUCCESS "wdmaud.drv"
130 47.03806686 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer SUCCESS "wdmaud.drv"
131 47.03810501 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer1 NOT FOUND
132 47.03813171 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer2 NOT FOUND
133 47.03816605 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer3 NOT FOUND
134 47.03819275 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer4 NOT FOUND
135 47.03823090 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer5 NOT FOUND
136 47.03825760 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer6 NOT FOUND
137 47.03829575 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer7 NOT FOUND
138 47.03831863 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer8 NOT FOUND
139 47.03835678 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer9 NOT FOUND
140 47.03839874 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
141 47.03843307 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
142 47.03875351 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
143 47.03878784 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
144 47.03881073 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
145 47.03883743 dialupass.exe:2012 CloseKey HKCU SUCCESS
146 47.04306412 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NOT FOUND
147 47.04329300 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Telephony SUCCESS Access: 0x20019
148 47.04333496 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\Telephony\Tapi32MaxNumRequestRetries NOT FOUND
149 47.04335785 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\Telephony\Tapi32RequestRetryTimeout NOT FOUND
150 47.04339981 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows\CurrentVersion\Telephony SUCCESS
151 47.05090714 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll NOT FOUND
152 47.05110931 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Rpc\PagedBuffers NOT FOUND
153 47.05115509 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Rpc SUCCESS Access: 0x20019
154 47.05117798 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Rpc\MaxRpcSize NOT FOUND
155 47.05121613 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Rpc SUCCESS
156 47.05125046 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dialupass.exe\RpcThreadPoolThrottle NOT FOUND
157 47.05131531 dialupass.exe:2012 OpenKey HKLM\Software\Policies\Microsoft\Windows NT\Rpc NOT FOUND
158 47.05140305 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS Access: 0x20019
159 47.05145645 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS Access: 0x20019
160 47.05149460 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName SUCCESS "PUPPETXPS"
161 47.05152512 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS
162 47.05156326 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS
163 47.05318451 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCTF.dll NOT FOUND
164 47.05353546 dialupass.exe:2012 OpenKey HKLM\SOFTWARE\Microsoft\CTF\Compatibility\dialupass.exe NOT FOUND
165 47.05357361 dialupass.exe:2012 OpenKey HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ SUCCESS Access: 0x20019
166 47.05360794 dialupass.exe:2012 QueryValue HKLM\SOFTWARE\Microsoft\CTF\SystemShared\CUAS SUCCESS 0x0
167 47.05364609 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ SUCCESS
168 47.05371857 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
169 47.05376434 dialupass.exe:2012 OpenKey HKCU\Keyboard Layout\Toggle SUCCESS Access: 0x20019
170 47.05380630 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS "1"
171 47.05382538 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS "1"
172 47.05385971 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey SUCCESS "2"
173 47.05387878 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey SUCCESS "2"
174 47.05391693 dialupass.exe:2012 CloseKey HKCU\Keyboard Layout\Toggle SUCCESS
175 47.05400467 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
176 47.05404282 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
177 47.05411911 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
178 47.05414581 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
179 47.05422592 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
180 47.05425644 dialupass.exe:2012 CloseKey HKCU SUCCESS
181 47.05432129 dialupass.exe:2012 OpenKey HKLM\SOFTWARE\Microsoft\CTF\ SUCCESS Access: 0x20019
182 47.05435562 dialupass.exe:2012 QueryValue HKLM\SOFTWARE\Microsoft\CTF\EnableAnchorContext NOT FOUND
183 47.05438995 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\CTF\ SUCCESS
184 47.05456924 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-854245398-1085031214-725345543-1003 SUCCESS Access: 0x20019
185 47.05460739 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-854245398-1085031214-725345543-1003\ProfileImagePath SUCCESS "%SystemDrive%\Dokumente und Einstellungen\Puppet Master"
186 47.05465698 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-854245398-1085031214-725345543-1003\ProfileImagePath SUCCESS "%SystemDrive%\Dokumente und Einstellungen\Puppet Master"
187 47.05470276 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-854245398-1085031214-725345543-1003\Sid SUCCESS 01 05 00 00 00 00 00 05 ...
188 47.05521393 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-854245398-1085031214-725345543-1003 SUCCESS
189 47.05546188 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x20019
190 47.05558395 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x20019
191 47.05561829 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\SmoothScroll NOT FOUND
192 47.05564499 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
193 47.05568314 dialupass.exe:2012 CloseKey HKCU SUCCESS
194 47.05648041 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Access: 0x20019
195 47.05651093 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma NOT FOUND
196 47.05655289 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
197 47.05664825 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Access: 0x20019
198 47.05667496 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma NOT FOUND
199 47.05671692 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
200 47.05688477 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Access: 0x20019
201 47.05691147 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma NOT FOUND
202 47.05695343 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
203 47.05701447 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Access: 0x20019
204 47.05704498 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma NOT FOUND
205 47.05708694 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
206 47.05838013 dialupass.exe:2012 CreateKey HKCU\Software\NirSoft\Dialupass SUCCESS Access: 0xF003F
207 47.05840683 dialupass.exe:2012 QueryValue HKCU\Software\NirSoft\Dialupass\WinPos SUCCESS 2C 00 00 00 00 00 00 00 ...
208 47.05844498 dialupass.exe:2012 QueryValue HKCU\Software\NirSoft\Dialupass\Columns SUCCESS 96 00 00 00 78 00 01 00 ...
209 47.05846405 dialupass.exe:2012 QueryValue HKCU\Software\NirSoft\Dialupass\Sort1 SUCCESS 0x0
210 47.05850220 dialupass.exe:2012 CloseKey HKCU\Software\NirSoft\Dialupass SUCCESS
211 47.06277466 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
212 47.06280136 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
213 47.06283951 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
214 47.06288528 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
215 47.06290817 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
216 47.06296158 dialupass.exe:2012 CloseKey HKCU SUCCESS
217 47.06302261 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
218 47.06304550 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
219 47.06309128 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
220 47.06311417 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
221 47.21046066 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
222 47.21048355 dialupass.exe:2012 CloseKey HKCU SUCCESS
223 47.21533585 dialupass.exe:2012 CreateKey HKLM\Software\Microsoft\Tracing SUCCESS Access: 0xF003F
224 47.21535873 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\EnableConsoleTracing SUCCESS 0x0
225 47.21538162 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Tracing SUCCESS
226 47.21543503 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Tracing\RASAPI32 SUCCESS Access: 0x20019
227 47.21545792 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\EnableFileTracing SUCCESS 0x0
228 47.21548080 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\FileTracingMask SUCCESS 0xFFFF0000
229 47.21550369 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\EnableConsoleTracing SUCCESS 0x0
230 47.21552658 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\ConsoleTracingMask SUCCESS 0xFFFF0000
231 47.21554947 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\MaxFileSize SUCCESS 0x100000
232 47.21557617 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\FileDirectory SUCCESS "%windir%\tracing"
233 47.21559906 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\FileDirectory SUCCESS "%windir%\tracing"
234 47.21566010 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\EnableFileTracing SUCCESS 0x0
235 47.21568298 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\FileTracingMask SUCCESS 0xFFFF0000
236 47.21570587 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\EnableConsoleTracing SUCCESS 0x0
237 47.21572876 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\ConsoleTracingMask SUCCESS 0xFFFF0000
238 47.21575165 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\MaxFileSize SUCCESS 0x100000
239 47.21577454 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\FileDirectory SUCCESS "%windir%\tracing"
240 47.21579742 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Tracing\RASAPI32\FileDirectory SUCCESS "%windir%\tracing"
241 47.22040939 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
242 47.22045135 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 69 83 46 B9 C7 90 9F 42 ...
243 47.22047424 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
244 47.22076416 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS Access: 0x20019
245 47.22080231 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS Access: 0x20019
246 47.22082901 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName SUCCESS "PUPPETXPS"
247 47.22085953 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS
248 47.22088623 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS
249 47.22114563 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Rpc\SecurityService SUCCESS Access: 0x20019
250 47.22117233 dialupass.exe:2012 QueryKey HKLM\Software\Microsoft\Rpc\SecurityService SUCCESS Subkeys = 0
251 47.22119904 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Rpc\SecurityService\10 SUCCESS "secur32.dll"
252 47.22122192 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Rpc\SecurityService SUCCESS
253 47.22150040 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\SecurityProviders SUCCESS Access: 0x20019
254 47.22153473 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders SUCCESS "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
255 47.22156906 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders SUCCESS "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
256 47.22159958 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\SecurityProviders SUCCESS
257 47.22206879 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache SUCCESS Access: 0x20019
258 47.22210312 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll SUCCESS Access: 0x20019
259 47.22212982 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Name SUCCESS "DPA"
260 47.22215271 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Name SUCCESS "DPA"
261 47.22217941 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Comment SUCCESS "DPA Security Package"
262 47.22220993 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Comment SUCCESS "DPA Security Package"
263 47.22223282 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Capabilities SUCCESS 0x37
264 47.22225952 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\RpcId SUCCESS 0x11
265 47.22228241 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Version SUCCESS 0x1
266 47.22230911 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Type SUCCESS 0x31
267 47.22233200 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\TokenSize SUCCESS 0x300
268 47.22236252 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache SUCCESS
269 47.22238922 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll SUCCESS
270 47.22243118 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache SUCCESS Access: 0x20019
271 47.22246552 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll SUCCESS Access: 0x20019
272 47.22249222 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Name SUCCESS "Digest"
273 47.22251511 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Name SUCCESS "Digest"
274 47.22254562 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Comment SUCCESS "Digest SSPI Authentication Package"
275 47.22257233 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Comment SUCCESS "Digest SSPI Authentication Package"
276 47.22259903 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Capabilities SUCCESS 0x4050
277 47.22262573 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\RpcId SUCCESS 0xFFFF
278 47.22264862 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Version SUCCESS 0x1
279 47.22267151 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Type SUCCESS 0x31
280 47.22269821 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\TokenSize SUCCESS 0xFFFF
281 47.22272491 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache SUCCESS
282 47.22275543 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll SUCCESS
283 47.22279358 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache SUCCESS Access: 0x20019
284 47.22282791 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll SUCCESS Access: 0x20019
285 47.22285461 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Name SUCCESS "MSN"
286 47.22288132 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Name SUCCESS "MSN"
287 47.22290802 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Comment SUCCESS "MSN Security Package"
288 47.22293472 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Comment SUCCESS "MSN Security Package"
289 47.22296143 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Capabilities SUCCESS 0x37
290 47.22298431 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\RpcId SUCCESS 0x12
291 47.22300720 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Version SUCCESS 0x1
292 47.22303391 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Type SUCCESS 0x31
293 47.22305679 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\TokenSize SUCCESS 0x300
294 47.22309113 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache SUCCESS
295 47.22311783 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll SUCCESS
296 47.22316360 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles SUCCESS Access: 0x20019
297 47.22319412 dialupass.exe:2012 EnumerateValue HKLM\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles\GSSAPI SUCCESS "Kerberos"
298 47.22321701 dialupass.exe:2012 EnumerateValue HKLM\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles NO MORE ENTRIES
299 47.22324753 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles SUCCESS
300 47.22388077 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iphlpapi.dll NOT FOUND
301 47.22438049 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msv1_0.dll NOT FOUND
302 47.22599792 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
303 47.22605133 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS D0 53 08 92 AC 2B 9B C4 ...
304 47.22607422 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
305 47.22615814 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
306 47.22618866 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 34 FD 04 4F 29 97 55 5E ...
307 47.22620773 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
308 47.22629166 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
309 47.22632217 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS EA 83 50 DD E0 30 67 1B ...
310 47.22634125 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
311 47.22642136 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
312 47.22645187 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 73 49 83 53 84 AA 87 D8 ...
313 47.22647095 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
314 47.22655487 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
315 47.22658539 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 73 98 90 10 3E 6C 1C 10 ...
316 47.22660446 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
317 47.22669220 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
318 47.22672272 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 10 A3 03 9E 72 57 EF 31 ...
319 47.22674179 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
320 47.22682571 dialupass.exe:2012 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
321 47.22685242 dialupass.exe:2012 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS A7 DA E4 9A 27 0C DD 6B ...
322 47.22687531 dialupass.exe:2012 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
323 47.22827911 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS Access: 0x20019
324 47.22832108 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS Access: 0x20019
325 47.22834778 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName SUCCESS "PUPPETXPS"
326 47.22837830 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS
327 47.22840500 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS
328 47.23012543 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS Access: 0x20019
329 47.23015976 dialupass.exe:2012 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS Access: 0x20019
330 47.23019028 dialupass.exe:2012 QueryValue HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName SUCCESS "PUPPETXPS"
331 47.23022079 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS
332 47.23024750 dialupass.exe:2012 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS
333 47.23352432 dialupass.exe:2012 OpenKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\RemoteAccess NOT FOUND
334 47.23356247 dialupass.exe:2012 OpenKey HKCU\Software\Microsoft\RAS Phonebook SUCCESS Access: 0x20019
335 47.23360062 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\PhonebookMode NOT FOUND
336 47.23366165 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\OperatorDial NOT FOUND
337 47.23368073 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\PreviewPhoneNumber NOT FOUND
338 47.23369980 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\UseLocation NOT FOUND
339 47.23372269 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\ShowLights NOT FOUND
340 47.23374176 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\ShowConnectStatus NOT FOUND
341 47.23376083 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\NewEntryWizard NOT FOUND
342 47.23377991 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\CloseOnDial NOT FOUND
343 47.23380280 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\AllowLogonPhonebookEdits NOT FOUND
344 47.23382568 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\AllowLogonLocationEdits NOT FOUND
345 47.23384476 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\SkipConnectComplete NOT FOUND
346 47.23386383 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\RedialAttempts NOT FOUND
347 47.23388290 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\RedialSeconds NOT FOUND
348 47.23390579 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\IdleHangUpSeconds NOT FOUND
349 47.23392487 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\RedialOnLinkFailure NOT FOUND
350 47.23394775 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\PopupOnTopWhenRedialing NOT FOUND
351 47.23397064 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\ExpandAutoDialQuery NOT FOUND
352 47.23399353 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\CallbackMode NOT FOUND
353 47.23401260 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\UseAreaAndCountry NOT FOUND
354 47.23403168 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\WindowX NOT FOUND
355 47.23405075 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\WindowY NOT FOUND
356 47.23407364 dialupass.exe:2012 OpenKey HKCU\Software\Microsoft\RAS Phonebook\Callback NOT FOUND
357 47.23409271 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\Phonebooks NOT FOUND
358 47.23411179 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\AreaCodes NOT FOUND
359 47.23413086 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\Prefixes NOT FOUND
360 47.23414993 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\Suffixes NOT FOUND
361 47.23416901 dialupass.exe:2012 OpenKey HKCU\Software\Microsoft\RAS Phonebook\Location NOT FOUND
362 47.23419189 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\LastCallbackByCaller NOT FOUND
363 47.23421097 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\LastCallbackByCaller NOT FOUND
364 47.23423386 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\PersonalPhonebookPath NOT FOUND
365 47.23425293 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\PersonalPhonebookPath NOT FOUND
366 47.23427582 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\PersonalPhonebookFile NOT FOUND
367 47.23429489 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\PersonalPhonebookFile NOT FOUND
368 47.23431778 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\AlternatePhonebookPath NOT FOUND
369 47.23433685 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\AlternatePhonebookPath NOT FOUND
370 47.23435593 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\DefaultEntry NOT FOUND
371 47.23437881 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\DefaultEntry NOT FOUND
372 47.23439789 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\UsePersonalPhonebook NOT FOUND
373 47.23441696 dialupass.exe:2012 QueryValue HKCU\Software\Microsoft\RAS Phonebook\UsePersonalPhonebook NOT FOUND
374 47.23444366 dialupass.exe:2012 CloseKey HKCU\Software\Microsoft\RAS Phonebook SUCCESS
375 47.24462509 dialupass.exe:2012 OpenKey HKCU\Keyboard Layout\Toggle SUCCESS Access: 0x20019
376 47.24464798 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS "1"
377 47.24466705 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS "1"
378 47.24468994 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey SUCCESS "2"
379 47.24470901 dialupass.exe:2012 QueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey SUCCESS "2"
380 47.24474335 dialupass.exe:2012 CloseKey HKCU\Keyboard Layout\Toggle SUCCESS
381 47.24522400 dialupass.exe:2012 OpenKey HKCU SUCCESS Access: 0x2000000
382 47.24525070 dialupass.exe:2012 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOT FOUND
383 47.24528122 dialupass.exe:2012 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
384 47.24530792 dialupass.exe:2012 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
385 47.24533081 dialupass.exe:2012 CloseKey HKCU\Control Panel\Desktop SUCCESS
386 47.24534607 dialupass.exe:2012 CloseKey HKCU SUCCESS
387 47.24537277 dialupass.exe:2012 OpenKey HKCU\SOFTWARE\Microsoft\CTF\LangBarAddIn\ NOT FOUND
388 47.24539948 dialupass.exe:2012 OpenKey HKLM\SOFTWARE\Microsoft\CTF\LangBarAddIn\ NOT FOUND
389 47.24633408 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll NOT FOUND
390 47.24640656 dialupass.exe:2012 OpenKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x20019
391 47.24643326 dialupass.exe:2012 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout SUCCESS 0x278D00
392 47.24646759 dialupass.exe:2012 CloseKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS
393 47.24650192 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Ole SUCCESS Access: 0x20019
394 47.24652100 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Ole\RWLockResourceTimeOut NOT FOUND
395 47.24654388 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Ole SUCCESS
396 47.24657822 dialupass.exe:2012 OpenKey HKCR\Interface SUCCESS Access: 0x20019
397 47.24659729 dialupass.exe:2012 QueryValue HKCR\Interface\InterfaceHelperDisableAll NOT FOUND
398 47.24661636 dialupass.exe:2012 QueryValue HKCR\Interface\InterfaceHelperDisableAllForOle32 NOT FOUND
399 47.24663544 dialupass.exe:2012 QueryValue HKCR\Interface\InterfaceHelperDisableTypeLib NOT FOUND
400 47.24665833 dialupass.exe:2012 CloseKey HKCR\Interface SUCCESS
401 47.24668884 dialupass.exe:2012 OpenKey HKCR\Interface\{00020400-0000-0000-C000-000000000046} SUCCESS Access: 0x20019
402 47.24670792 dialupass.exe:2012 QueryValue HKCR\Interface\{00020400-0000-0000-C000-000000000046}\InterfaceHelperDisableAll NOT FOUND
403 47.24673080 dialupass.exe:2012 QueryValue HKCR\Interface\{00020400-0000-0000-C000-000000000046}\InterfaceHelperDisableAllForOle32 NOT FOUND
404 47.24675751 dialupass.exe:2012 CloseKey HKCR\Interface\{00020400-0000-0000-C000-000000000046} SUCCESS
405 47.24679565 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLEAUT32.DLL NOT FOUND
406 47.24683380 dialupass.exe:2012 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NOT FOUND
407 47.24686432 dialupass.exe:2012 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra NOT FOUND
408 47.24687958 dialupass.exe:2012 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NOT FOUND
409 47.79972839 dialupass.exe:2012 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Access: 0x20019
410 47.79976273 dialupass.exe:2012 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma NOT FOUND
411 47.79979706 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
412 49.45589447 dialupass.exe:2012 CreateKey HKCU\Software\NirSoft\Dialupass SUCCESS Access: 0xF003F
413 49.45592117 dialupass.exe:2012 SetValue HKCU\Software\NirSoft\Dialupass\WinPos SUCCESS 2C 00 00 00 00 00 00 00 ...
414 49.45594406 dialupass.exe:2012 SetValue HKCU\Software\NirSoft\Dialupass\Columns SUCCESS 96 00 00 00 78 00 01 00 ...
415 49.45596313 dialupass.exe:2012 SetValue HKCU\Software\NirSoft\Dialupass\Sort1 SUCCESS 0x0
416 49.45795059 dialupass.exe:2012 CloseKey HKCU\Software\NirSoft\Dialupass SUCCESS
417 49.46037292 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Tracing\RASAPI32 SUCCESS
418 49.46059418 dialupass.exe:2012 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32 SUCCESS

I have new folders in windows now, F80114c71e6e44572d.. & Fefe8c195a370281fd... both have Mrt and mrtstub application in them.
So.... what happened? what is wrong with this puter? and could you please help me?
Thank you.
Miserey
  • 0

#8
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Do a search on your machine for dialupass.exe being sure to include hidden files and folders. This file is almost always associated with a password cracker...and a fairly unusual one.

Is this file on your machine? If it is...where is it located?
  • 0

#9
Miserey

Miserey

    Member

  • Member
  • PipPip
  • 26 posts
came up with nothing.

Miserey
  • 0

#10
Miserey

Miserey

    Member

  • Member
  • PipPip
  • 26 posts
Is it normal to have a local hard drive c: and a local drive c: ? just noticed that in the search engine.
  • 0

Advertisements


#11
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Have you ever installed a password recovery application on your machine?
  • 0

#12
Miserey

Miserey

    Member

  • Member
  • PipPip
  • 26 posts
This is my Fathers machine. He has had one user identity on it, administrator rights, till a week ago. Grandchildren and others have been on it numerous times so there is no telling.
  • 0

#13
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Try a System Restore to a date before the "grandchildren and others" became a factor. If you don't get the desired results, it can be undone.
  • 0

#14
Miserey

Miserey

    Member

  • Member
  • PipPip
  • 26 posts
I went to malware removal first and followed those instructions where I created a system restore and flushed the old.

I did try a system restore though from that point when I found half the programs in the recycle bin and It didnt do anything.
  • 0

#15
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
If you right click the recycle bin, click explore, will it let you restore any to their original location
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP