• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1952
  • Last Modified:

virus generic host 32

do you know how to fix this problem?
i have symantec antivirus 10.2 but always get this virus.
Snap5.png
Snap6.png
Snap7.png
0
Hiroyuki Tamura
Asked:
Hiroyuki Tamura
  • 6
  • 6
6 Solutions
 
warturtleCommented:
Hmm.. I didn't understand much of that, because it was in another language, but from what I understood the windows were displaying an error message informing the user that 'Generic Host Process for Win32 has encountered a problem and needs to close'. I suggest that you download MalwareBytes Anti-Malware from www.malwarebytes.org and then reboot your PC in safe mode and do a full scan with that. Let me know, what infections you find on this PC.

Hope it helps.
0
 
rpggamergirlCommented:
If the problem persists, run Combofix and show us the log.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File"
window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into
difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
0
 
Hiroyuki TamuraAuthor Commented:
thank you, all.
i use win xp and symantec antivirus 10.2.
should i upgrade to current version of symantec or any other recommendation?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
warturtleCommented:
My recommendation is the same - continue using Symantec antivirus for protection and use MalwareBytes Anti-Malware for treating spyware. Do a scan with that and let us know, what you get (preferably in safe mode without networking).
0
 
Hiroyuki TamuraAuthor Commented:
thank you.
here is the result from combofix;
ComboFix 09-04-29.01 - Kobayashin 2009/04/29  9:26.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.932.81.1041.18.1014.822 [GMT -7:00]
Running from: c:\documents and settings\xxx\ǹ¯ÈÃ×\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((   Files Created from 2009-05-28 to 2009-4-29  )))))))))))))))))))))))))))))))
.
 
2009-04-29 16:23 . 2009-04-29 16:23 -------- d-----w c:\documents and settings\Kobayashin\Application Data\Malwarebytes
2009-04-29 16:22 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 16:22 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 16:22 . 2009-04-29 16:22 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 16:22 . 2009-04-29 16:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 03:34 . 2009-04-29 03:37 -------- d--h--w C:\$AVG8.VAULT$
2009-04-29 03:26 . 2009-04-29 03:26 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-29 03:26 . 2009-04-29 03:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-29 03:26 . 2009-04-29 03:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-29 03:26 . 2009-04-29 16:02 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-29 03:26 . 2009-04-29 16:00 -------- d-----w c:\documents and settings\Kobayashin\Application Data\AVGTOOLBAR
2009-04-29 03:26 . 2009-04-29 03:26 -------- d-----w c:\program files\AVG
2009-04-29 03:26 . 2009-04-29 03:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-27 20:23 . 2009-04-27 20:23 86736 ----a-w c:\documents and settings\Kobayashin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 16:31 . 2009-04-27 16:31 -------- d-----w c:\documents and settings\Kobayashin\Application Data\pdf995
2009-04-22 19:01 . 2006-10-20 17:28 26368 ----a-r c:\windows\system32\drivers\RimSerial.sys
2009-04-22 19:01 . 2009-04-22 19:01 -------- d-----w c:\documents and settings\Kobayashin\Application Data\Blackberry Desktop
2009-04-22 19:00 . 2009-04-22 19:01 -------- d-----w c:\program files\Common Files\Research In Motion
2009-04-22 19:00 . 2009-04-22 19:00 -------- d-----w c:\program files\Research In Motion
2009-04-19 06:56 . 2009-04-19 06:56 -------- d-----w c:\program files\MSXML 4.0
2009-04-19 06:46 . 2009-04-27 15:56 -------- d-----w c:\program files\Kabe3
2009-04-19 06:40 . 2009-04-19 06:40 0 ----a-w c:\windows\nsreg.dat
2009-04-19 06:40 . 2009-04-19 06:40 -------- d-----w c:\documents and settings\Kobayashin\Local Settings\Application Data\Mozilla
2009-04-17 23:09 . 2009-04-17 23:09 -------- d-----w c:\documents and settings\Kobayashin\Local Settings\Application Data\Adobe
2009-04-17 22:09 . 2009-04-17 22:09 -------- d-----w c:\program files\Common Files\MediaDrive
2009-04-17 22:09 . 2009-04-17 22:09 -------- d-----w c:\program files\ymfp8view
2009-04-17 22:01 . 2006-10-21 00:23 82432 ----a-w c:\windows\system32\msxml4r.dll
2009-04-17 22:01 . 2006-10-21 00:23 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-17 22:00 . 2009-04-17 22:00 -------- d-----w c:\documents and settings\Kobayashin\Application Data\Roxio
2009-04-17 21:55 . 2009-04-17 21:55 -------- d-----w c:\program files\Toshiba
2009-04-17 21:49 . 2009-04-17 21:49 -------- d--h--r c:\documents and settings\Kobayashin\Application Data\SecuROM
2009-04-17 21:49 . 2009-04-17 21:49 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-17 21:46 . 2009-04-17 21:48 -------- d-----w c:\program files\PDIC_U_for_EIJIRO_IV
2009-04-17 21:21 . 2009-04-17 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-17 21:18 . 2009-04-17 21:18 -------- d-----w C:\HP LJ 4x50 Series
2009-04-17 20:59 . 2009-04-17 20:59 -------- d-----w c:\documents and settings\Kobayashin\Local Settings\Application Data\Citrix
2009-04-17 20:38 . 2009-04-27 22:36 -------- d-----w c:\documents and settings\Kobayashin\Application Data\ICAClient
2009-04-17 18:15 . 2008-04-14 14:34 14592 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-17 18:15 . 2008-04-14 14:34 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-17 18:10 . 2001-08-24 19:10 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-04-17 18:10 . 2001-08-24 19:10 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-17 18:09 . 2008-04-14 07:15 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-17 18:09 . 2008-04-14 07:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-17 18:09 . 2009-04-17 18:09 -------- d-----w c:\documents and settings\Kobayashin\Application Data\CyberLink
2009-04-17 18:01 . 2009-04-17 18:01 -------- d-----w c:\documents and settings\Kobayashin\Local Settings\Application Data\PowerDVD DX
2009-04-17 18:01 . 2009-04-17 18:01 -------- d-----w c:\documents and settings\Kobayashin\Local Settings\Application Data\Symantec
2009-04-17 18:00 . 2008-11-18 01:07 -------- d-----r c:\documents and settings\Kobayashin\¹¿üÈ áËåü
2009-04-17 18:00 . 2009-04-29 16:12 -------- d-----w c:\documents and settings\Kobayashin\ǹ¯ÈÃ×
2009-04-17 18:00 . 2009-04-17 18:00 -------- d-----w c:\documents and settings\Kobayashin
2009-04-16 15:29 . 2008-04-14 04:15 17152 -c--a-w c:\windows\system32\dllcache\usbohci.sys
2009-04-16 15:29 . 2008-04-14 04:15 17152 ----a-w c:\windows\system32\drivers\usbohci.sys
2009-04-16 15:23 . 2009-04-16 15:23 -------- d-----w c:\program files\Novatel Wireless
2009-04-16 15:12 . 2009-04-28 00:57 -------- d-----w C:\Notes
2009-04-16 14:04 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-16 12:49 . 2009-04-16 13:07 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-16 12:12 . 2009-04-16 12:12 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 12:11 . 2009-04-16 12:11 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-16 12:09 . 2006-06-29 17:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-16 12:05 . 2009-04-16 12:05 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-04-16 12:05 . 2009-04-16 12:05 -------- d-----w c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-04-16 12:05 . 2009-04-16 12:05 -------- d-----w c:\program files\Windows Desktop Search
2009-04-16 12:05 . 2009-04-16 12:05 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-16 11:58 . 2009-04-16 11:58 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-16 11:56 . 2009-04-16 11:57 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-16 11:56 . 2009-04-16 11:56 -------- d-----w c:\windows\system32\LogFiles
2009-04-16 11:49 . 2009-04-16 11:49 -------- d-----w c:\windows\system32\URTTEMP
2009-04-16 11:38 . 2008-06-20 14:33 2756608 ----a-w c:\windows\system32\NETw5r32.dll
2009-04-16 11:38 . 2008-08-29 03:34 3632384 ----a-w c:\windows\system32\drivers\NETw5x32.sys
2009-04-16 11:38 . 2008-06-20 14:32 663552 ----a-w c:\windows\system32\NETw5c32.dll
2009-04-16 11:36 . 2009-04-16 11:36 -------- d-----w c:\program files\Common Files\Intel
2009-04-16 11:29 . 2007-05-10 14:23 94208 ----a-w c:\windows\system32\stacsv.exe
2009-04-16 11:29 . 2007-05-10 14:22 405504 ----a-w c:\windows\stsystra.exe
2009-04-16 11:29 . 2007-04-10 21:02 1601536 ----a-w c:\windows\system32\stlang.dll
2009-04-16 11:29 . 2007-05-10 14:23 270336 ----a-w c:\windows\system32\stacapi.dll
2009-04-16 11:29 . 2007-08-21 13:58 146944 ----a-w c:\windows\system32\st325602.dll
2009-04-16 11:28 . 2009-04-16 11:28 -------- d-----w c:\program files\SigmaTel
2009-04-15 19:11 . 2000-07-15 04:00 434252 ----a-w c:\windows\system32\msvcrtd.dll
2009-04-15 19:08 . 2009-04-15 19:13 -------- d-----w c:\program files\CE-Infosys
2009-04-15 19:08 . 2009-04-15 19:08 -------- d-----w C:\log data
2009-04-15 18:55 . 2009-04-15 18:55 -------- d-----w c:\program files\IDT
2009-04-15 18:01 . 2009-04-16 12:09 -------- d-----w c:\windows\system32\XPSViewer
2009-04-15 18:01 . 2009-04-15 18:01 -------- d-----w c:\program files\MSBuild
2009-04-15 18:00 . 2009-04-15 18:00 -------- d-----w c:\program files\Reference Assemblies
2009-04-15 18:00 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-15 18:00 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-15 18:00 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-15 18:00 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-15 18:00 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-15 18:00 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-15 18:00 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-15 18:00 . 2009-04-15 18:53 -------- d-----w c:\windows\SxsCaPendDel
2009-04-15 17:43 . 2009-04-15 17:43 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-15 17:41 . 2009-02-09 11:21 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-15 17:41 . 2009-02-09 11:21 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-15 17:41 . 2009-02-09 11:21 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-15 17:35 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-15 17:26 . 2008-06-14 17:32 270464 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-15 17:26 . 2008-06-14 17:32 270464 ------w c:\windows\system32\drivers\bthport.sys
2009-04-15 17:10 . 2007-07-24 19:08 217088 ----a-r c:\windows\system32\UCI32M21.dll
2009-04-15 17:10 . 2009-04-15 17:10 -------- d-----w c:\program files\CONEXANT
2009-04-15 17:10 . 2006-06-19 18:26 94208 ----a-r c:\windows\system32\mdmxsdk.dll
2009-04-15 17:10 . 2006-06-19 18:26 12672 ----a-r c:\windows\system32\drivers\mdmxsdk.sys
2009-04-15 17:10 . 2007-08-02 21:35 989952 ----a-r c:\windows\system32\drivers\HSF_DPV.sys
2009-04-15 17:10 . 2007-08-02 21:34 211200 ----a-r c:\windows\system32\drivers\HSFHWAZL.sys
2009-04-15 17:10 . 2007-08-02 21:34 731136 ----a-r c:\windows\system32\drivers\HSF_CNXT.sys
2009-04-15 17:06 . 2007-03-31 00:08 131072 ----a-w c:\windows\system32\igfxres.dll
2009-04-15 17:04 . 2009-04-15 17:04 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2009-04-15 17:03 . 2009-04-16 11:39 -------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-04-15 17:03 . 2009-04-16 11:39 -------- d-----w c:\documents and settings\default\Application Data\Intel
2009-04-15 17:03 . 2009-04-16 11:39 -------- d-----w c:\documents and settings\Administrator\Application Data\Intel
2009-04-15 17:01 . 2007-03-30 23:59 170776 ----a-w c:\windows\system32\igfxzoom.exe
2009-04-15 17:01 . 2007-03-31 02:12 204800 ----a-w c:\windows\system32\igfxCoIn_v4814.dll
2009-04-15 17:01 . 2007-03-31 00:33 450560 ----a-w c:\windows\system32\igldev32.dll
2009-04-15 17:01 . 2007-03-31 00:31 2334720 ----a-w c:\windows\system32\iglicd32.dll
2009-04-15 17:00 . 2009-04-16 11:36 -------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-04-15 16:55 . 2009-04-15 16:55 -------- d-s---w c:\documents and settings\Administrator\UserData
2009-04-15 16:54 . 2007-02-16 19:46 160256 -c--a-w c:\windows\system32\dllcache\b57xp32.sys
2009-04-15 16:54 . 2007-02-16 19:46 160256 ----a-r c:\windows\system32\drivers\b57xp32.sys
2009-04-15 16:49 . 2009-04-15 16:54 -------- d-----w c:\program files\Broadcom
2009-04-15 16:49 . 2009-04-15 16:49 -------- d-----w C:\dell
2009-04-15 16:43 . 2009-04-15 16:43 -------- d-----w c:\windows\system32\vmm32
2009-04-15 16:39 . 2009-04-16 15:11 -------- d--h--w c:\windows\$hf_mig$
2009-04-15 16:36 . 2009-04-15 16:36 664 ----a-w c:\windows\system32\d3d9caps.dat
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 16:14 . 2008-11-18 18:29 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-17 22:08 . 2008-11-18 17:34 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-17 22:01 . 2008-11-18 17:34 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 18:11 . 2004-08-05 11:00 78384 ----a-w c:\windows\system32\perfc011.dat
2009-04-17 18:11 . 2004-08-05 11:00 238480 ----a-w c:\windows\system32\perfh011.dat
2009-04-16 12:12 . 2008-11-19 15:26 86736 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 11:36 . 2008-11-18 17:27 -------- d-----w c:\program files\Intel
2009-04-15 18:56 . 2009-04-15 18:56 388 ----a-w c:\windows\system32\drivers\sthdae.log
2009-04-15 16:43 . 2008-11-18 18:20 -------- d-----w c:\program files\Dell
2009-03-06 14:20 . 2008-04-14 11:56 294912 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:05 . 2008-04-14 11:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 16:53 . 2008-04-14 11:55 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:03 . 2008-04-14 11:27 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:21 . 2008-04-14 07:35 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:21 . 2008-04-14 11:35 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2008-04-14 11:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:52 . 2008-04-14 11:55 713728 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:52 . 2008-04-14 11:56 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:52 . 2008-04-14 11:55 674304 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:52 . 2008-04-14 11:55 636416 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-05 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:56 . 2008-04-14 11:56 56832 ----a-w c:\windows\system32\secur32.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CEIIcon Icon Overlay Identifier]
@="{90264A4E-C4B9-4D83-9827-A69630961C45}"
[HKEY_CLASSES_ROOT\CLSID\{90264A4E-C4B9-4D83-9827-A69630961C45}]
2005-07-05 18:53 53248 ----a-w c:\windows\system32\ceiicon.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SafeLAN Icon Overlay Identifier]
@="{6E03277D-7B81-43A2-A2B9-FE3CD33BF37E}"
[HKEY_CLASSES_ROOT\CLSID\{6E03277D-7B81-43A2-A2B9-FE3CD33BF37E}]
2005-05-12 14:58 53248 ----a-w c:\windows\system32\safelan.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-18 200704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-21 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"Removable Media Utility"="c:\program files\CE-Infosys\CompuSec\rme.exe" [2006-09-15 442368]
"Disk Utility"="c:\program files\CE-Infosys\CompuSec\BE.exe" [2005-12-02 307200]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-29 1932568]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" - c:\windows\system32\ctfmon.exe [2008-04-14 15360]
 
c:\documents and settings\All Users\¹¿üÈ áËåü\×í°éà\¹¿üÈ¢Ã×\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-11-18 1524776]
SetProxy xn·çüÈ«ÃÈ.lnk - C:\SetProxy.cmd [2008-11-18 110]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-29 03:26 10520 ----a-w c:\windows\system32\avgrsstx.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\csecw2k.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{2b872800-1cff-11d4-aa83-0000e8a60fea}]
@="Security devices"
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
 
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-29 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-29 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 298264]
R2 CE-Infosys Security Service;CE-Infosys Security System;c:\windows\system32\ceisvc.exe [2006-09-22 135168]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-08-01 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-08-01 21352]
R3 AESTAud;AE Audio Service; [x]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2008-08-01 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys [2008-04-04 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-17 101936]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-14 110080]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200]
S0 csecw2k;CE-Infosys CompuSec Security System;c:\windows\system32\DRIVERS\csecw2k.sys [2006-08-29 292480]
 
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - MDMXSDK
*NewlyCreated* - PARPORT
*NewlyCreated* - PXHELP20
*NewlyCreated* - RIMMPTSK
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-AESTFltr - c:\windows\system32\AESTFltr.exe
 
 
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nikkei.co.jp/
uInternet Settings,ProxyServer = amcproxy:8080
uInternet Settings,ProxyOverride = *.jp.mitsubishicorp.com;*.am.mitsubishicorp.com;*.ea.mitsubishicorp.com;*.ap.mitsubishicorp.com;*.corpedia.com;TrackIt;<local>
IE: Microsoft Excel k¨¯¹ÝüÈ(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kobayashin\Application Data\Mozilla\Firefox\Profiles\p5qmoqnn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nikkei.co.jp/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 09:30
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*û^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
 
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*û^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
 
[HKEY_USERS\S-1-5-21-1343024091-764733703-1177238915-1007\AppEvents\Schemes\Apps\Conf\*û^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
 
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*s0û0û0ûˆ0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
 
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*s0û0û0ûˆ0\CurVer]
@="BDATuner.³óÝüÍóÈ.1"
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\b0ûd0ûy0ˆ0ûûn00ƒ0o0b0ƒ0—0 *d0ûûx0]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="SnÐü¸çón Windows ’¢ó¤ó¹ÈüëWfMnªÚìüÆ£ó° ·¹Æàk;‹4oSŒ‰nÕ¡¤ëLŁgY"
"Display"="MnªÚìüÆ£ó° ·¹ÆànÐï¢Ã× Õ¡¤ë"
"IconPath"=expand:"%SystemRoot%\\system32\\osuninst.EXE,0"
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\j¨û‡0û:*:*(*j¨û‡0ûn0.z^û*:*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
 
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
"1<cr>"=hex:02,00,2c,01,00,00,00,00,00,00
"5<cr>"=hex:02,00,b0,04,00,00,00,00,00,00
"<cr><lf>NO DIAL TONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>RINGING<cr><lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>VOICE<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,00,
   00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
   00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
   00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/x2/NONE<cr><lf>"=hex:02,00,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,00,
   00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
   00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
   00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/x2/NONE<cr><lf>"=hex:02,00,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,00,
   00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/x2/NONE<cr><lf>"=hex:02,00,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,00,
   00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/x2/NONE<cr><lf>"=hex:02,00,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,00,
   00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/x2/NONE<cr><lf>"=hex:02,00,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,00,
   00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/x2/NONE<cr><lf>"=hex:02,00,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,00,
   00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/x2/NONE<cr><lf>"=hex:02,00,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,00,
   00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/x2/NONE<cr><lf>"=hex:02,00,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,00,
   00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/x2/NONE<cr><lf>"=hex:02,00,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,00,
   00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/x2/NONE<cr><lf>"=hex:02,00,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,00,
   00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
   00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
   00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/x2/NONE<cr><lf>"=hex:02,00,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,00,
   00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/x2/NONE<cr><lf>"=hex:02,00,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,00,
   00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/x2/NONE<cr><lf>"=hex:02,00,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,00,
   00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
   00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
   00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/x2/NONE<cr><lf>"=hex:02,00,d5,91,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\imjp9.ime
c:\windows\system32\imjp9k.dll
 
- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\imjp9.ime
c:\windows\system32\imjp9k.dll
c:\windows\system32\ceiicon.dll
c:\windows\system32\safelan.dll
c:\program files\Common Files\Microsoft Shared\IME\IMJP9\imjpsqm.dll
c:\program files\Common Files\Microsoft Shared\IME\IMJP9\DICTS\IMJPCD.DIC
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.JPN
c:\windows\system32\netprovcredman.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-29  9:33
ComboFix-quarantined-files.txt  2009-04-29 16:33
 
Pre-Run: 30,248,820,736 ФÈnzMß
 
Post-Run: 30,706,384,896 ФÈnzMß
 
 
733 --- E O F --- 2009-04-19 06:56

Open in new window

0
 
Hiroyuki TamuraAuthor Commented:
i can't install malwarebytes.
i get this error message
Snap15.png
0
 
warturtleCommented:
Can you try downloading MawlareBytes again and saving with a different name like jabba.exe and then try to install it?
0
 
Hiroyuki TamuraAuthor Commented:
does the combofix log say anything?
0
 
warturtleCommented:
There is 1 file that you can upload to www.virustotal.com for a scan. That will tell us if its legitimate or not. Its called as: c:\windows\system32\netprovcredman.dll . If its not, then we can finish off this file.
0
 
Hiroyuki TamuraAuthor Commented:
thank you.
this is the result.
VirusTotal---Free-Online-Vi...pdf
0
 
warturtleCommented:
I also had a look at the ComboFix log, but couldn't see anything obvious there. Perhaps rpg might be able to help. I am going to ask you to do an online scan with Kaspersky Online Scanner, its based at: http://www.kaspersky.co.uk/virusscanner and let us know, what does the report say. A critical scan might be sufficient for initial investigation.
0
 
Hiroyuki TamuraAuthor Commented:
thank you.
0
 
warturtleCommented:
Hello,

Has the problem been resolved? What did you do?
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now