" Application cannot be executed. File xxxx is infected. "

[fantacia]

Had read http://www.computerhope.com/forum/index.php?topic=107477.0

completed scan but couldn't find saved SuperAntispyware log file.

Everything is back to normal now. What to do next please?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5977

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16386

7/3/2011 下午 12:19:22
mbam-log-2011-03-07 (12-18-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 261797
Time elapsed: 40 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iNaPdCo09000 (Rogue.SystemTool.M) -> Value: iNaPdCo09000 -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\SlySoft\anydvd.hd.6.7.6.0.final.patch-jw.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Jessica\AppData\Local\Temp\jar_cache55152.tmp (Rogue.SecurityShield) -> No action taken.
c:\programdata\inapdco09000\inapdco09000.exe (Rogue.SystemTool.M) -> No action taken.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 01:39:32, on 7/3/2011
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Open PCMan Combo\PCMan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (filesize 143827 bytes, MD5 60E66DE0DFEA35E6363BD75B932552F6)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 51407 bytes, MD5 AE211141912E965B8D4309E9228D7505)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (filesize 1005040 bytes, MD5 1E0E5333B75E9CA6904358401B52EA22)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 465092 bytes, MD5 44FB7361EA2CB8A5D0779ACFCD4840FB)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 341054 bytes, MD5 EF48064280D5D91D969533BFF64B602C)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 977310 bytes, MD5 6B5F49C9E3FADE4D14D9E8ADA2EAE319)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (filesize 1005040 bytes, MD5 1E0E5333B75E9CA6904358401B52EA22)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeC:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeC:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeC:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe (filesize 3575197 bytes, MD5 64CCA18C7FAC84CCEAF6A07CCCF30545)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe (filesize 1139147 bytes, MD5 4945F9B5CCC4EFA459631E3FC6C7C462)
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" (filesize 313557 bytes, MD5 EBC06374C43CFB6B3204B8F0BB32D811)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (filesize 219583 bytes, MD5 A421E4FDAD9BEEE87B9BFBABF5FB593A)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (filesize 342618 bytes, MD5 32F2BC1B8C5C12659C483D64D5659EF2)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (filesize 108170 bytes, MD5 DEB8606FFB0522D0377C6EB1018D72D6)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 34689 bytes, MD5 7467518BD4812B01C79BF08E715B96E1)
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exeC:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 889805 bytes, MD5 B053A25CB5AC6F1CADFC1F2B074ECD23)
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exeC:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background (filesize 148566 bytes, MD5 657ECAB00D87C3440813A3001944476F)
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (filesize 1771915 bytes, MD5 BF308ECEC2942DB2DF91DCAE3575D241)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (filesize 18058370 bytes, MD5 53B54CDD3F53069FF5CC676B145AE968)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (filesize 172289 bytes, MD5 02221218B45CAB76540E5CE45E88872C)
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 465092 bytes, MD5 44FB7361EA2CB8A5D0779ACFCD4840FB)
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 465092 bytes, MD5 44FB7361EA2CB8A5D0779ACFCD4840FB)
O9 - Extra button: HP 剪貼本 - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (filesize 124316 bytes, MD5 1CE69251E894FAA5312E7832164658C2)
O9 - Extra button: HP 智慧型選取 - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (filesize 124316 bytes, MD5 1CE69251E894FAA5312E7832164658C2)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 977310 bytes, MD5 6B5F49C9E3FADE4D14D9E8ADA2EAE319)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 977310 bytes, MD5 6B5F49C9E3FADE4D14D9E8ADA2EAE319)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (filesize 34187 bytes, MD5 D587D7F5F818F6AFCE6E9A80FE141B3C)
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} (MeetUploader Control) - http://static1.meetupstatic.com/applet/MeetUploader_200909.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 977310 bytes, MD5 6B5F49C9E3FADE4D14D9E8ADA2EAE319)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (filesize 1915659 bytes, MD5 EF5EECECAEAEFC981131A36C5C38B470)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeC:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exeC:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exeC:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exeC:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeC:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12632 bytes

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
You will need to re-run MBAM again and this fix the infections and post the log.

*************************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these ;015 line/lines.
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[fantacia]

Hi Dave

Thanks for the help!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5977

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16386

7/3/2011 下午 12:26:41
mbam-log-2011-03-07 (12-26-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 261797
Time elapsed: 40 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iNaPdCo09000 (Rogue.SystemTool.M) -> Value: iNaPdCo09000 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\SlySoft\anydvd.hd.6.7.6.0.final.patch-jw.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Jessica\AppData\Local\Temp\jar_cache55152.tmp (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\programdata\inapdco09000\inapdco09000.exe (Rogue.SystemTool.M) -> Quarantined and deleted successfully.










.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Jessica at 17:11:38.26 on 08/03/2011 星期二
Internet Explorer: 7.0.6000.16386
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Jessica\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jessica\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = idiproxy-edu.tafe:8080
uInternet Settings,ProxyOverride = *.opac.tafe.net;172.*;192.*;*.tafe
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Google Update] "c:\users\jessica\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
StartupFolder: c:\users\jessica\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jessica\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: comsec.com.au\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-4-27 21504]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-2-7 6528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-3-7 247760]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
.
=============== Created Last 30 ================
.
2011-03-07 03:32:04   --------   d-----w-   c:\program files\Trend Micro
2011-03-07 01:35:24   --------   d-----w-   c:\users\jessica\appdata\roaming\Malwarebytes
2011-03-07 01:35:18   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 01:35:18   --------   d-----w-   c:\progra~2\Malwarebytes
2011-03-07 01:35:15   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-03-07 01:35:15   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-03-07 01:21:37   --------   d-----w-   c:\users\jessica\appdata\local\Threat Expert
2011-03-06 23:44:28   --------   d-----w-   c:\users\jessica\appdata\roaming\SUPERAntiSpyware.com
2011-03-06 23:44:28   --------   d-----w-   c:\progra~2\SUPERAntiSpyware.com
2011-03-06 23:44:22   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-03-06 14:38:03   767952   ----a-w-   c:\windows\BDTSupport.dll
2011-03-06 14:38:03   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2011-03-06 14:38:02   2000848   ----a-w-   c:\windows\PCTBDCore.dll
2011-03-06 14:38:02   1533904   ----a-w-   c:\windows\PCTBDRes.dll
2011-03-06 14:35:46   --------   d-----w-   c:\program files\PC Tools Security
2011-03-06 14:33:49   --------   d-----w-   c:\progra~2\PC Tools
2011-03-06 13:49:56   --------   d-----w-   c:\progra~2\iNaPdCo09000
2011-02-18 00:42:08   --------   d-----r-   c:\users\jessica\Dropbox
2011-02-18 00:39:31   --------   d-----w-   c:\users\jessica\appdata\roaming\Dropbox
2011-02-16 03:11:55   --------   d-----w-   c:\program files\common files\SpeechEngines
2011-02-09 04:10:18   --------   d-----w-   c:\program files\SlySoft
.
==================== Find3M  ====================
.
.
============= FINISH: 17:12:12.34 ===============








.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
.
Motherboard: TOSHIBA |  | PORTEGE M600
Processor: Intel(R) Core(TM) Duo CPU      T2450  @ 2.00GHz | U2E1 | 2000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 47.798 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP571: 22/2/2011 下午 11:31:08 - 排定的檢查點
RP572: 27/2/2011 下午 11:36:36 - 排定的檢查點
RP573: 1/3/2011 上午 12:28:06 - 排定的檢查點
RP574: 2/3/2011 下午 12:42:00 - 排定的檢查點
RP575: 3/3/2011 下午 03:48:33 - 排定的檢查點
RP576: 4/3/2011 下午 11:46:22 - 排定的檢查點
RP577: 6/3/2011 下午 06:06:47 - 排定的檢查點
RP578: 7/3/2011 下午 04:02:50 - Removed WebEx Support Manager for Internet Explorer
RP580: 7/3/2011 下午 04:04:26 - Configured RICOH R5C83x/84x Flash Media Controller Driver Ver.3.繻V?
RP582: 7/3/2011 下午 04:16:58 - Avira AntiVir Personal - 7/3/2011 16:16
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2 - Chinese Traditional
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AIO_Scan
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software v4.7.0，適用於 BlackBerry 9500 智慧型手機
BlackBerry Device Software v5.0.0 for the BlackBerry 9500 smartphone
Bluetooth Stack for Windows by Toshiba
Browser Defender 3.0
BufferChm
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Dropbox
DVD MovieFactory for TOSHIBA
e-tax 2010
eSupportQFolder
F2100
F2100_doccd
F2100_Help
Google 瀏覽器
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/無線軟體
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Junk Mail filter update
K-Lite Mega Codec Pack 5.1.0
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft XML Parser
mMHouse
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB927978)
MyAB 我的記帳簿 3.0.7
Open PCMan Combo 2007
PPLite 1.0.0.0028
PSSWCORE
Pure Networks Platform
Real Alternative 1.8.4 Lite
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Scan
Skype Toolbars
Skype(TM) 5.1
SolutionCenter
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
UnloadSupport
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VideoToolkit01
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media 編碼器 9 系列
WinRAR 壓縮工具
.
==== End Of File ===========================

[fantacia]

Sorry, this is the correct latest mbam log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5977

Windows 6.0.6000
Internet Explorer 7.0.6000.16386

8/3/2011 下午 05:04:05
mbam-log-2011-03-08 (17-04-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 262534
Time elapsed: 1 hour(s), 16 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[SuperDave]

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[fantacia]

Hi Dave, many thanks...




ComboFix 11-03-08.02 - Jessica 3/2011 星期三   9:45.1.2 - x86
執行位置: c:\users\Jessica\Desktop\ComboFix.exe
 * 成功創造新還原點
.
.
(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
C:\Install.exe
c:\users\Jessica\AppData\Local\TempDIR
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\AutoRun.inf
.
.
(((((((((((((((((((((((((  2011-02-08 至 2011-03-08 的新的檔案  )))))))))))))))))))))))))))))))
.
.
2011-03-08 23:51 . 2011-03-08 23:53   --------   d-----w-   c:\users\Jessica\AppData\Local\temp
2011-03-08 23:51 . 2011-03-08 23:51   --------   d-----w-   c:\users\User\AppData\Local\temp
2011-03-08 23:51 . 2011-03-08 23:51   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-03-07 03:32 . 2011-03-07 03:32   --------   d-----w-   c:\program files\Trend Micro
2011-03-07 01:35 . 2011-03-07 01:35   --------   d-----w-   c:\users\Jessica\AppData\Roaming\Malwarebytes
2011-03-07 01:35 . 2011-03-07 01:35   --------   d-----w-   c:\programdata\Malwarebytes
2011-03-07 01:35 . 2010-12-20 08:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 01:35 . 2011-03-07 01:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-03-07 01:35 . 2010-12-20 08:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-03-07 01:21 . 2011-03-07 01:21   --------   d-----w-   c:\users\Jessica\AppData\Local\Threat Expert
2011-03-06 23:44 . 2011-03-06 23:44   --------   d-----w-   c:\users\Jessica\AppData\Roaming\SUPERAntiSpyware.com
2011-03-06 23:44 . 2011-03-06 23:44   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-03-06 23:44 . 2011-03-07 01:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-03-06 14:38 . 2011-01-07 04:54   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2011-03-06 14:38 . 2011-01-07 04:54   767952   ----a-w-   c:\windows\BDTSupport.dll
2011-03-06 14:38 . 2011-01-07 04:54   1533904   ----a-w-   c:\windows\PCTBDRes.dll
2011-03-06 14:38 . 2011-01-07 04:54   2000848   ----a-w-   c:\windows\PCTBDCore.dll
2011-03-06 14:35 . 2011-03-07 05:59   --------   d-----w-   c:\program files\PC Tools Security
2011-03-06 14:33 . 2011-03-07 05:56   --------   d-----w-   c:\programdata\PC Tools
2011-03-06 13:49 . 2011-03-07 02:26   --------   d-----w-   c:\programdata\iNaPdCo09000
2011-03-03 10:32 . 2011-03-03 10:32   --------   d-----w-   c:\program files\Microsoft Silverlight
2011-02-18 03:36 . 2011-02-18 03:36   --------   d-----w-   c:\program files\Common Files\Skype
2011-02-18 00:42 . 2011-03-07 06:05   --------   d-----r-   c:\users\Jessica\Dropbox
2011-02-18 00:39 . 2011-03-07 06:06   --------   d-----w-   c:\users\Jessica\AppData\Roaming\Dropbox
2011-02-09 04:18 . 2011-02-09 06:00   --------   d-----w-   c:\programdata\SlySoft
2011-02-09 04:10 . 2011-03-07 02:26   --------   d-----w-   c:\program files\SlySoft
.
.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 01:54 . 2011-03-06 14:38   2125   ----a-w-   c:\windows\UDB.zip
2010-12-20 12:35 . 2010-12-20 12:35   445008   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2010-12-20 12:35 . 2010-12-20 12:35   38480   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2010-12-20 12:35 . 2010-12-20 12:35   2048   ----a-w-   c:\windows\system32\drivers\zh-TW\wdf01000.sys.mui
.
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-04-20 430080]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-04-06 185800]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-01-04 2356088]
"Google Update"="c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-07 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"NDSTray.exe"="NDSTray.exe" [BU]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1914670458-3087845466-422601655-1000]
"EnableNotificationsRef"=dword:00000001
.
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21504]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-02-07 6528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
 ‘計劃任務’ 文件夾 裡的內容
.
2011-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1914670458-3087845466-422601655-1000Core.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 06:14]
.
2011-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1914670458-3087845466-422601655-1000UA.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 06:14]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = idiproxy-edu.tafe:8080
uInternet Settings,ProxyOverride = *.opac.tafe.net;172.*;192.*;*.tafe
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: comsec.com.au\www
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-Open PCMan Combo - c:\program files\Open PCMan Combo\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 09:53
Windows 6.0.6000  NTFS
.
掃描被隱藏的進程 ... 
.
掃描被隱藏的啟動組 ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??Vl?vD???V???V?P?V??V??
.
掃描被隱藏的文件 ... 
.
掃描完成
被隱藏的檔案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比！除了執行速度快、穩定且容易使用之外，它還內建防護機制，讓您安心瀏覽網頁，無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\jxe焺_j:*:*(*jxe焺_j^?W)*:*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
"1<cr>"=hex:02,00,2c,01,00,00,00,00,00,00
"5<cr>"=hex:02,00,b0,04,00,00,00,00,00,00
"<cr><lf>NO DIAL TONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>RINGING<cr><lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>VOICE<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,00,
   00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
   00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
   00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/x2/NONE<cr><lf>"=hex:02,00,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,00,
   00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
   00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
   00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/x2/NONE<cr><lf>"=hex:02,00,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,00,
   00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/x2/NONE<cr><lf>"=hex:02,00,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,00,
   00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/x2/NONE<cr><lf>"=hex:02,00,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,00,
   00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/x2/NONE<cr><lf>"=hex:02,00,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,00,
   00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/x2/NONE<cr><lf>"=hex:02,00,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,00,
   00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/x2/NONE<cr><lf>"=hex:02,00,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,00,
   00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/x2/NONE<cr><lf>"=hex:02,00,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,00,
   00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/x2/NONE<cr><lf>"=hex:02,00,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,00,
   00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/x2/NONE<cr><lf>"=hex:02,00,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,00,
   00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
   00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
   00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/x2/NONE<cr><lf>"=hex:02,00,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,00,
   00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/x2/NONE<cr><lf>"=hex:02,00,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,00,
   00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/x2/NONE<cr><lf>"=hex:02,00,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,00,
   00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
   00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
   00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/x2/NONE<cr><lf>"=hex:02,00,d5,91,00,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
完成時間: 2011-03-09  09:56:07
ComboFix-quarantined-files.txt  2011-03-08 23:55
.
Pre-Run: 50,974,683,136 位元組可用
Post-Run: 51,205,451,776 位元組可用
.
- - End Of File - - 5487BB1BA98630F8A3EEE3C7F857E808









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 09:58:50, on 9/3/2011
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Jessica\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Dropbox.lnk = C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP 剪貼本 - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP 智慧型選取 - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} (MeetUploader Control) - http://static1.meetupstatic.com/applet/MeetUploader_200909.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8495 bytes

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  DDS::
  uInternet Settings,ProxyServer = idiproxy-edu.tafe:8080
  uInternet Settings,ProxyOverride = *.opac.tafe.net;172.*;192.*;*.tafe
  Trusted Zone: comsec.com.au\www
  
  MBR::
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

***********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[fantacia]

ComboFix 11-03-11.02 - Jessica 3/2011 星期六  22:43:45.3.2 - x86
執行位置: c:\users\Jessica\Desktop\ComboFix.exe
Command switches used :: c:\users\Jessica\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
.
.
(((((((((((((((((((((((((  2011-02-12 至 2011-03-12 的新的檔案  )))))))))))))))))))))))))))))))
.
.
2011-03-12 12:47 . 2011-03-12 13:09   --------   d-----w-   c:\users\Jessica\AppData\Local\temp
2011-03-12 12:47 . 2011-03-12 12:47   --------   d-----w-   c:\users\User\AppData\Local\temp
2011-03-07 03:32 . 2011-03-07 03:32   --------   d-----w-   c:\program files\Trend Micro
2011-03-07 01:35 . 2011-03-07 01:35   --------   d-----w-   c:\users\Jessica\AppData\Roaming\Malwarebytes
2011-03-07 01:35 . 2011-03-07 01:35   --------   d-----w-   c:\programdata\Malwarebytes
2011-03-07 01:35 . 2010-12-20 08:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 01:35 . 2011-03-07 01:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-03-07 01:35 . 2010-12-20 08:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-03-07 01:21 . 2011-03-07 01:21   --------   d-----w-   c:\users\Jessica\AppData\Local\Threat Expert
2011-03-06 23:44 . 2011-03-06 23:44   --------   d-----w-   c:\users\Jessica\AppData\Roaming\SUPERAntiSpyware.com
2011-03-06 23:44 . 2011-03-06 23:44   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-03-06 23:44 . 2011-03-07 01:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-03-06 14:38 . 2011-01-07 04:54   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2011-03-06 14:38 . 2011-01-07 04:54   767952   ----a-w-   c:\windows\BDTSupport.dll
2011-03-06 14:38 . 2011-01-07 04:54   1533904   ----a-w-   c:\windows\PCTBDRes.dll
2011-03-06 14:38 . 2011-01-07 04:54   2000848   ----a-w-   c:\windows\PCTBDCore.dll
2011-03-06 14:35 . 2011-03-07 05:59   --------   d-----w-   c:\program files\PC Tools Security
2011-03-06 14:33 . 2011-03-07 05:56   --------   d-----w-   c:\programdata\PC Tools
2011-03-06 13:49 . 2011-03-07 02:26   --------   d-----w-   c:\programdata\iNaPdCo09000
2011-03-03 10:32 . 2011-03-03 10:32   --------   d-----w-   c:\program files\Microsoft Silverlight
2011-02-18 03:36 . 2011-02-18 03:36   --------   d-----w-   c:\program files\Common Files\Skype
2011-02-18 00:42 . 2011-03-11 05:34   --------   d-----r-   c:\users\Jessica\Dropbox
2011-02-18 00:39 . 2011-03-12 00:19   --------   d-----w-   c:\users\Jessica\AppData\Roaming\Dropbox
.
.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 01:54 . 2011-03-06 14:38   2125   ----a-w-   c:\windows\UDB.zip
2010-12-20 12:35 . 2010-12-20 12:35   445008   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2010-12-20 12:35 . 2010-12-20 12:35   38480   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2010-12-20 12:35 . 2010-12-20 12:35   2048   ----a-w-   c:\windows\system32\drivers\zh-TW\wdf01000.sys.mui
.
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-04-20 430080]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-04-06 185800]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-01-04 2356088]
"Google Update"="c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-07 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"NDSTray.exe"="NDSTray.exe" [BU]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1914670458-3087845466-422601655-1000]
"EnableNotificationsRef"=dword:00000001
.
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21504]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-02-07 6528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
 ‘計劃任務’ 文件夾 裡的內容
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1914670458-3087845466-422601655-1000Core.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 06:14]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1914670458-3087845466-422601655-1000UA.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 06:14]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.google.com.au/
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-12 23:09
Windows 6.0.6000  NTFS
.
掃描被隱藏的進程 ... 
.
掃描被隱藏的啟動組 ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??Vl?vD???V???V?P?V??V??
.
掃描被隱藏的文件 ... 
.
掃描完成
被隱藏的檔案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比！除了執行速度快、穩定且容易使用之外，它還內建防護機制，讓您安心瀏覽網頁，無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Users\\Jessica\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\jxe焺_j:*:*(*jxe焺_j^?W)*:*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
"1<cr>"=hex:02,00,2c,01,00,00,00,00,00,00
"5<cr>"=hex:02,00,b0,04,00,00,00,00,00,00
"<cr><lf>NO DIAL TONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>RINGING<cr><lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>VOICE<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,00,
   00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
   00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
   00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/x2/NONE<cr><lf>"=hex:02,00,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,00,
   00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
   00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
   00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/x2/NONE<cr><lf>"=hex:02,00,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,00,
   00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/x2/NONE<cr><lf>"=hex:02,00,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,00,
   00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/x2/NONE<cr><lf>"=hex:02,00,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,00,
   00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/x2/NONE<cr><lf>"=hex:02,00,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,00,
   00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
   00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/x2/NONE<cr><lf>"=hex:02,00,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,00,
   00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
   00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/x2/NONE<cr><lf>"=hex:02,00,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,00,
   00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
   00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/x2/NONE<cr><lf>"=hex:02,00,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,00,
   00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/x2/NONE<cr><lf>"=hex:02,00,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,00,
   00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/x2/NONE<cr><lf>"=hex:02,00,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,00,
   00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
   00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
   00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/x2/NONE<cr><lf>"=hex:02,00,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,00,
   00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
   00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/x2/NONE<cr><lf>"=hex:02,00,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,00,
   00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
   00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/x2/NONE<cr><lf>"=hex:02,00,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,00,
   00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
   00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
   00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/x2/NONE<cr><lf>"=hex:02,00,d5,91,00,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\System32\ThpSrv.exe
c:\windows\system32\WerFault.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\users\Jessica\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
.
**************************************************************************
.
完成時間: 2011-03-12  23:11:43 - 電腦已重新啟動
ComboFix-quarantined-files.txt  2011-03-12 13:11
ComboFix2.txt  2011-03-12 12:39
ComboFix3.txt  2011-03-08 23:56
.
Pre-Run: 52,180,353,024 位元組可用
Post-Run: 51,867,258,880 位元組可用
.
- - End Of File - - 8E0C43C0F06E534C22FA5D8CFF30F9CD







 Results of screen317's Security Check version 0.99.9 
 Windows Vista  (UAC is disabled!)
 Out of date service pack!![/b]
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) SE Runtime Environment 6
 Java(TM) 6 Update 3 
 Out of date Java installed!
 Adobe Flash Player   
Adobe Reader 8.1.2 - Chinese Traditional
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
***************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[fantacia]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 891BA000
Module End: 891C5000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8930D000
Module End: 89315000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: A4780000
Module End: A4788000
Hidden: Yes

Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: A5B0C000
Module End: A5B0E000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[fantacia]

The link shows:


We are sorry, the page you requested cannot be found.

[SuperDave]

It works for me. Please try it without holding the CTRL key.

[fantacia]

I did. Still Page not found.....

[fantacia]

The page still not working for me but found another link.



C:\Users\Jessica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\78782723-4ec911f7   multiple threats




ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=8c3e0ea75a51104e9e9f6114226ef181
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-15 05:15:38
# local_time=2011-03-15 03:15:38 )
# country="Taiwan"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 95 137694193 137694565 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=14646
# found=0
# cleaned=0
# scan_time=745
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=8c3e0ea75a51104e9e9f6114226ef181
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-15 06:25:34
# local_time=2011-03-15 04:25:34 )
# country="Taiwan"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 95 137695050 137695422 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=103131
# found=1
# cleaned=0
# scan_time=4085
C:\Users\Jessica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\78782723-4ec911f7   multiple threats (unable to clean)   00000000000000000000000000000000   I