Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google returns dubious results when using toolbar


  • This topic is locked This topic is locked
25 replies to this topic

#1 hato

hato

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 16 April 2012 - 09:07 AM

Hello,

Just want to thank you in advance for your patience and help.

In IE, searching through the search window on the toolbar gives strange results, just like random information, and it's always different from those that come from searching from Google's homepage. I don't know what else to explain. Laptop, one account w/o password on a somewhat communal computer often with unsavvy users. XP-Pro.

Here is the DDS output, created I think before a Windows update.

"""""""""""""""""""""""""""""""""""""""""""""""""'


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by USER at 22:23:11 on 2012-04-13
Microsoft Windows XP Professional 5.1.2600.3.932.81.1041.18.1263.887 [GMT 9:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\necmfk\necmfk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\jre1.6.0_31\bin\jqs.exe
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\READSCTSERVICE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.co.jp/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_31\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.6.0_31\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre1.6.0_31\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NECMFK] c:\program files\necmfk\necmfk.exe
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] ctfmon.exe
IE: Easy-WebPrint ƒvƒŒƒrƒ…[ - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint ˆ - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Easy-WebPrint ˆƒŠƒXƒg‚’‰ - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint ‚‘ˆ - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Google ƒTƒCƒhƒEƒBƒL... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Microsoft Excel ‚ƒGƒNƒXƒ|[ƒg(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-9 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-9 337880]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [2005-2-21 18560]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [2005-2-21 5376]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-9 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-9 44768]
R2 NT Meter;NT Meter;c:\windows\system32\NTMETER.EXE [2005-2-21 65536]
R2 ReadSctService;ReadSector;c:\smdata\READSCTSERVICE.EXE [2005-2-21 49152]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [2005-2-21 8448]
S2 gupdate;Google ƒAƒbƒvƒf[ƒg ƒT[ƒrƒX (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 gupdatem;Google Update ƒT[ƒrƒX (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176]
S3 SonicStage Back-End Service2;SonicStage Back-End Service2;c:\program files\common files\sony shared\avlib\SsBeService2.exe [2011-11-23 126008]
.
=============== Created Last 30 ================
.
2012-04-01 09:48:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 08:38:41 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-04-01 08:38:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-01 08:38:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 08:38:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-21 11:14:18 -------- d-----w- C:\My Web Sites
2012-03-21 11:00:10 -------- d-----w- c:\program files\WinHTTrack
.
==================== Find3M ====================
.
2012-04-01 09:48:02 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-02 12:11:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-02 12:11:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-02 12:08:22 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2012-03-02 12:08:22 125424 ------w- c:\windows\system32\pxinsi64.exe
2012-03-02 12:08:20 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-03-01 11:00:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:04 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09:51 177152 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09:50 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57:11 1859712 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:24:04.85 ===============

"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

The ark and attach files should now be at your hands.

You should know that before getting to bleepingcomputer I tried a couple of malware removal programs. I'm on a live cd now so I can't tell for sure, but I think they were malwarebytes and pctools.

Cheers.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 17 April 2012 - 12:07 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hato

hato
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 18 April 2012 - 08:14 AM

Hello Gringo, nice to meet you.

I installed SecurityCheck and Combofix, and ran them in that order. Here are the results for both...

First SecurityCheck
""""""""""""""""""""""""""""""""""""""""""""
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10.3.181.22 Flash Player out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Google Update Install {AFBBE4F7-1769-4BC8-8463-4D2E05912113}\GoogleUpdateSetup.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
AVAST Software Avast setup avast.setup
``````````End of Log````````````


""""""""""""""""""""""""""""""""""""""""""

and combofix
"""""""""""""""""""""""""""""""""""""""""

ComboFix 12-04-17.01 - USER 2012/04/18 20:03:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1041.18.1263.868 [GMT 9:00]
Running from: c:\documents and settings\USER\My Documents\_E[h\aComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\USER\WINDOWS
c:\windows\COM+.log
c:\windows\IsUn0411.exe
c:\windows\system32\A650FDAT.DLL
c:\windows\system32\AF15bdat.dll
c:\windows\system32\af857dat.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-01 09:48 . 2012-04-16 13:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 08:38 . 2012-04-01 08:38 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes
2012-04-01 08:38 . 2012-04-01 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-01 08:38 . 2012-04-01 08:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 08:38 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 11:14 . 2012-03-21 11:14 -------- d-----w- C:\My Web Sites
2012-03-21 11:00 . 2012-03-21 11:00 -------- d-----w- c:\program files\WinHTTrack
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 13:35 . 2011-06-14 02:24 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2012-01-09 09:04 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-01-09 09:04 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-01-09 09:05 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-01-09 09:05 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-01-09 09:05 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2012-01-09 09:05 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-01-09 09:05 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2012-01-09 09:05 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2012-01-09 09:05 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2012-01-09 09:05 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-02 12:11 . 2011-04-16 04:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-02 12:11 . 2011-04-16 04:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-02 12:08 . 2012-03-02 12:09 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2012-03-02 12:08 . 2012-03-02 12:09 125424 ------w- c:\windows\system32\pxinsi64.exe
2012-03-02 12:08 . 2012-03-02 12:09 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-03-01 11:00 . 2004-08-11 08:25 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-11 08:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-08-11 08:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2004-08-11 08:25 177152 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-08-11 08:24 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-24 11:24 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57 . 2004-08-11 08:24 1859712 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"NECMFK"="c:\program files\necmfk\necmfk.exe" [2004-06-04 63488]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-28 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2003-07-14 118840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-08-24 135168]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ IMJP9.IME
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^X^[g j[^vO^X^[gAbv^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\X^[g j[\vO\X^[gAbv\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^USER^X^[g j[^vO^X^[gAbv^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\USER\X^[g j[\vO\X^[gAbv\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-08-24 15:17 135168 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-11-29 16:08 102400 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 08:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit]
2004-03-18 07:47 151552 ----a-w- c:\program files\RMClient\JobHisInit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp]
2000-11-03 19:09 40960 ----a-w- c:\program files\RMClient\MplSetUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:26 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 05:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012/01/09 18:05 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012/01/09 18:05 337880]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [2005/02/21 17:10 18560]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [2005/02/21 17:10 5376]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012/01/09 18:05 20696]
R2 ReadSctService;ReadSector;c:\smdata\READSCTSERVICE.EXE [2005/02/21 17:11 49152]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [2005/02/21 17:10 8448]
S2 gupdate;Google Abvf[g T[rX (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011/04/14 19:18 136176]
S2 NT Meter;NT Meter;c:\windows\system32\NTMETER.EXE [2005/02/21 17:11 65536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012/04/01 18:48 253088]
S3 gupdatem;Google Update T[rX (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011/04/14 19:18 136176]
S3 SonicStage Back-End Service2;SonicStage Back-End Service2;c:\program files\Common Files\Sony Shared\AVLib\SsBeService2.exe [2011/11/23 9:47 126008]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:35]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 10:18]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.jp/
IE: Easy-WebPrint vr[ - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Xgɒlj - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Google TChEBL... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Microsoft Excel ɃGNX|[g(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Easy-WebPrint - c:\windows\IsUn0411.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0411.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-18 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-21-4042313093-3997665026-3570326278-1004\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*0E0E0E0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*0E0E0E0\CurVer]
@="BDATuner.R|[lg.1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\0E0E00EEn0000000 *0EE0]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="̃o[W Windows ACXg[đÕIy[eBO VXeɖ߂ꍇ́Ãt@CKvłB"
"Display"="ÕIy[eBO VXẽobNAbv t@C"
"IconPath"=expand:"%SystemRoot%\\system32\\osuninst.EXE,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( K A T A Y A M A - S R V 0 1
N) \DsDriver]
"printBinNames"=multi:"ڲI\00ڲ1\00ڲ2\00ڲ3\00ڲ4\00荷ڲ\00\00"
"printCollate"=hex:01
"printColor"=hex:01
"printDuplexSupported"=hex:01
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000bea
"printMaxYExtent"=dword:000011dc
"printMinXExtent"=dword:000003e8
"printMinYExtent"=dword:00000575
"printMediaSupported"=multi:"12\" x 18\"\00A3 ( 297 x 420 mm )\00A4 ( 210 x 297 mm )\00A5 ( 148 x 210 mm )\00A6 ( 105 x 148 mm )\00ʶ޷ ( 100 x 148 mm )\00B4 ( 257 x 364 mm )\00B5 ( 182 x 257 mm )\00B6 ( 128 x 182 mm )\00Letter (8 1/2\" x 11\")\00Legal (8 1/2\" x 14\")\005 1/2\" x 8 1/2\"\0011\" x 17\"\00s`...\00s`1(210.0 x 297.0mm)\00s`2(210.0 x 297.0mm)\00s`3(210.0 x 297.0mm)\00s`4(210.0 x 297.0mm)\00s`5(210.0 x 297.0mm)\00s`6(210.0 x 297.0mm)\00s`7(210.0 x 297.0mm)\00s`8(210.0 x 297.0mm)\00s`9(210.0 x 297.0mm)\00s`10(210.0 x 297.0mm)\00\00"
"printMediaReady"=multi:"\00"
"printNumberUp"=dword:00000000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:00000258
"printLanguage"=multi:"RPCS\00\00"
"printRate"=dword:0000003c
"printRateUnit"="PagesPerMinute"
"printPagesPerMinute"=dword:0000003c
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( K A T A Y A M A - S R V 0 1
N) \DsSpooler]
"description"=""
"driverName"="RICOH imagio Neo C600 RPCS"
"location"=""
"portName"=multi:"\\\\KATAYAMA-SRV01\\RICOH NeoC600\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"=" RICOH imagio Neo C600 RPCS (KATAYAMA-SRV01 )"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\T6\\ RICOH imagio Neo C600 RPCS (KATAYAMA-SRV01 )"
"versionNumber"=dword:00000004
"serverName"="T6"
"shortServerName"="T6"
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( K A T A Y A M A - S R V 0 1
N) \PrinterDriverData]
"HelpFileName"="RC8DD1jp.HLP"
"RPCSPrinterName"=" RICOH imagio Neo C600 RPCS (KATAYAMA-SRV01 )"
"DriverName"="RICOH imagio Neo C600 RPCS"
"DefFontTableNum"=hex:0a,00
"TTFontDefTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,
00,77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,
20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"JCPrinterID"="20110607140749983"
"BatchInstallDone"=hex:01,00,00,00
"Tray1"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray2"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray3"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray4"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray5"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray6"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray7"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray8"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray9"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ServerUse"=hex:00
"UserCodeUse"=hex:00
"RAM"=hex:80,01,00,00
"RAMType"=hex:01
"Duplex"=hex:01,00,00,00
"LCT1"=hex:00,00,00,00
"ManualTray"=hex:01,00,00,00
"OutSideTray"=hex:01,00,00,00
"MailBox1"=hex:00,00,00,00
"ShiftTray"=hex:00,00,00,00
"HDD"=hex:01,00,00,00
"FinMF"=hex:00,00,00,00
"Fin50"=hex:00,00,00,00
"Fin100"=hex:00,00,00,00
"CVRFeeder"=hex:00,00,00,00
"FinMFNA23"=hex:00,00,00,00
"FinMFEU24"=hex:00,00,00,00
"FinMFNE4"=hex:00,00,00,00
"FinMFNoPunch"=hex:00,00,00,00
"Fin50NA23"=hex:00,00,00,00
"Fin50EU24"=hex:00,00,00,00
"Fin50NE4"=hex:00,00,00,00
"Fin50NoPunch"=hex:00,00,00,00
"Fin100NA23"=hex:00,00,00,00
"Fin100EU24"=hex:00,00,00,00
"Fin100NE4"=hex:00,00,00,00
"Fin100NoPunch"=hex:00,00,00,00
"FinZaire"=hex:00,00,00,00
"1StepNum"=hex:03,00,00,00
"Tray1Field"=hex:00,00,00,00
"Tray2Field"=hex:00,00,00,00
"Tray3Field"=hex:00,00,00,00
"Tray4Field"=hex:00,00,00,00
"LCT1Field"=hex:00,00,00,00
"ManualTrayField"=hex:00,00,00,00
"CVRField"=hex:00,00,00,00
"Tray1Orient"=hex:01,00,00,00
"Tray2Orient"=hex:01,00,00,00
"Tray3Orient"=hex:01,00,00,00
"Tray4Orient"=hex:01,00,00,00
"LCT1Orient"=hex:01,00,00,00
"ManualTrayOrient"=hex:01,00,00,00
"CVROrient"=hex:01,00,00,00
"Tray1Paper"=hex:00,00
"Tray2Paper"=hex:00,00
"Tray3Paper"=hex:00,00
"Tray4Paper"=hex:00,00
"LCT1Paper"=hex:00,00
"ManualTrayPaper"=hex:00,00
"CVRPaper"=hex:00,00
"Tray1Media"=hex:01,00
"Tray2Media"=hex:01,00
"Tray3Media"=hex:01,00
"Tray4Media"=hex:01,00
"LCT1Media"=hex:01,00
"ManualTrayMedia"=hex:01,00
"CVRMedia"=hex:01,00
"Tray1Lock"=hex:00,00,00,00
"Tray2Lock"=hex:00,00,00,00
"Tray3Lock"=hex:00,00,00,00
"Tray4Lock"=hex:00,00,00,00
"Tray7Lock"=hex:00,00,00,00
"LCT1Lock"=hex:00,00,00,00
"ManualTrayLock"=hex:01,00,00,00
"CVRLock"=hex:01,00,00,00
"DllUserCode"=hex:00,00,00,00,00,00,00,00,00
"Other"=hex:65,37,30,33,62,39,30,32,30,37,64,30,31,34,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00
"Logging"=dword:00000001
"CoverTray"=hex:01,00
"MarkTray"=hex:01,00
"ChapterTray1"=hex:01,00
"ChapterTray2"=hex:01,00
"ChapterTray3"=hex:01,00
"ReverseCoverTray"=hex:01,00
"FoldingUnit"=hex:00,00,00,00
"AuthenticationMode"=hex:00,00,00,00
"AuthenticationSecureMode"=hex:00,00,00,00
"DeviceFontNum"=hex:0f,00
"DeviceFont"=hex:ff,ff,00,00,01,90,e1,4f,62,5f,0f,5f,d3,30,c3,30,c8,30,de,30,
c3,30,d7,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"FontTableNum"=hex:0a,00
"TTFontTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,00,
77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,00,
52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"LastFontTableNum"=hex:0a,00
"SPLUserModePrinterDriver"="RC8DC123.DLL"
"DriverIniFileName"="RC8DD170.ini"
"DriverGRFileName"="RC8DD100.DLL"
"DriverEDFileName"="RC8DC120.dll"
"BidiFlag"=hex:00,00,00,00
"BidiExFlag"=hex:00,00,00,00
"BidiFunc"=hex:00
"LogFileName"="RC8DD100.log"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( T 3
N) \DsDriver]
"printBinNames"=multi:"ڲI\00ڲ1\00ڲ2\00ڲ3\00ڲ4\00荷ڲ\00\00"
"printCollate"=hex:01
"printColor"=hex:01
"printDuplexSupported"=hex:01
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000bea
"printMaxYExtent"=dword:000011dc
"printMinXExtent"=dword:000003e8
"printMinYExtent"=dword:00000575
"printMediaSupported"=multi:"12\" x 18\"\00A3 ( 297 x 420 mm )\00A4 ( 210 x 297 mm )\00A5 ( 148 x 210 mm )\00A6 ( 105 x 148 mm )\00ʶ޷ ( 100 x 148 mm )\00B4 ( 257 x 364 mm )\00B5 ( 182 x 257 mm )\00B6 ( 128 x 182 mm )\00Letter (8 1/2\" x 11\")\00Legal (8 1/2\" x 14\")\005 1/2\" x 8 1/2\"\0011\" x 17\"\00s`...\00s`1(210.0 x 297.0mm)\00s`2(210.0 x 297.0mm)\00s`3(210.0 x 297.0mm)\00s`4(210.0 x 297.0mm)\00s`5(210.0 x 297.0mm)\00s`6(210.0 x 297.0mm)\00s`7(210.0 x 297.0mm)\00s`8(210.0 x 297.0mm)\00s`9(210.0 x 297.0mm)\00s`10(210.0 x 297.0mm)\00\00"
"printMediaReady"=multi:"\00"
"printNumberUp"=dword:00000000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:00000258
"printLanguage"=multi:"RPCS\00\00"
"printRate"=dword:0000003c
"printRateUnit"="PagesPerMinute"
"printPagesPerMinute"=dword:0000003c
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( T 3
N) \DsSpooler]
"description"=""
"driverName"="RICOH imagio Neo C600 RPCS"
"location"=""
"portName"=multi:"\\\\T3\\v^\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"=" RICOH imagio Neo C600 RPCS (T3 )"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\T6\\ RICOH imagio Neo C600 RPCS (T3 )"
"versionNumber"=dword:00000004
"serverName"="T6"
"shortServerName"="T6"
"flags"=dword:00000000
"url"="http://T6/"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( T 3
N) \PrinterDriverData]
"HelpFileName"="RC8DD1jp.HLP"
"RPCSPrinterName"=" RICOH imagio Neo C600 RPCS (T3 )"
"DriverName"="RICOH imagio Neo C600 RPCS"
"DefFontTableNum"=hex:0a,00
"TTFontDefTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,
00,77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,
20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"JCPrinterID"="20060412165558480"
"BatchInstallDone"=hex:01,00,00,00
"Tray1"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray2"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray3"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray4"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray5"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray6"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray7"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray8"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray9"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ServerUse"=hex:00
"UserCodeUse"=hex:00
"RAM"=hex:80,01,00,00
"RAMType"=hex:01
"Duplex"=hex:01,00,00,00
"LCT1"=hex:00,00,00,00
"ManualTray"=hex:01,00,00,00
"OutSideTray"=hex:01,00,00,00
"MailBox1"=hex:00,00,00,00
"ShiftTray"=hex:00,00,00,00
"HDD"=hex:01,00,00,00
"FinMF"=hex:00,00,00,00
"Fin50"=hex:00,00,00,00
"Fin100"=hex:00,00,00,00
"CVRFeeder"=hex:00,00,00,00
"FinMFNA23"=hex:00,00,00,00
"FinMFEU24"=hex:00,00,00,00
"FinMFNE4"=hex:00,00,00,00
"FinMFNoPunch"=hex:00,00,00,00
"Fin50NA23"=hex:00,00,00,00
"Fin50EU24"=hex:00,00,00,00
"Fin50NE4"=hex:00,00,00,00
"Fin50NoPunch"=hex:00,00,00,00
"Fin100NA23"=hex:00,00,00,00
"Fin100EU24"=hex:00,00,00,00
"Fin100NE4"=hex:00,00,00,00
"Fin100NoPunch"=hex:00,00,00,00
"FinZaire"=hex:00,00,00,00
"1StepNum"=hex:03,00,00,00
"Tray1Field"=hex:00,00,00,00
"Tray2Field"=hex:00,00,00,00
"Tray3Field"=hex:00,00,00,00
"Tray4Field"=hex:00,00,00,00
"LCT1Field"=hex:00,00,00,00
"ManualTrayField"=hex:00,00,00,00
"CVRField"=hex:00,00,00,00
"Tray1Orient"=hex:01,00,00,00
"Tray2Orient"=hex:01,00,00,00
"Tray3Orient"=hex:01,00,00,00
"Tray4Orient"=hex:01,00,00,00
"LCT1Orient"=hex:01,00,00,00
"ManualTrayOrient"=hex:01,00,00,00
"CVROrient"=hex:01,00,00,00
"Tray1Paper"=hex:00,00
"Tray2Paper"=hex:00,00
"Tray3Paper"=hex:00,00
"Tray4Paper"=hex:00,00
"LCT1Paper"=hex:00,00
"ManualTrayPaper"=hex:00,00
"CVRPaper"=hex:00,00
"Tray1Media"=hex:01,00
"Tray2Media"=hex:01,00
"Tray3Media"=hex:01,00
"Tray4Media"=hex:01,00
"LCT1Media"=hex:01,00
"ManualTrayMedia"=hex:01,00
"CVRMedia"=hex:01,00
"Tray1Lock"=hex:00,00,00,00
"Tray2Lock"=hex:00,00,00,00
"Tray3Lock"=hex:00,00,00,00
"Tray4Lock"=hex:00,00,00,00
"Tray7Lock"=hex:00,00,00,00
"LCT1Lock"=hex:00,00,00,00
"ManualTrayLock"=hex:01,00,00,00
"CVRLock"=hex:01,00,00,00
"DllUserCode"=hex:00,00,00,00,00,00,00,00,00
"Other"=hex:65,37,30,33,62,39,30,32,30,37,64,30,31,34,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00
"Logging"=dword:00000001
"CoverTray"=hex:01,00
"MarkTray"=hex:01,00
"ChapterTray1"=hex:01,00
"ChapterTray2"=hex:01,00
"ChapterTray3"=hex:01,00
"ReverseCoverTray"=hex:01,00
"FoldingUnit"=hex:00,00,00,00
"AuthenticationMode"=hex:00,00,00,00
"AuthenticationSecureMode"=hex:00,00,00,00
"DeviceFontNum"=hex:0f,00
"DeviceFont"=hex:ff,ff,00,00,01,90,e1,4f,62,5f,0f,5f,d3,30,c3,30,c8,30,de,30,
c3,30,d7,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"FontTableNum"=hex:0a,00
"TTFontTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,00,
77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,00,
52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"LastFontTableNum"=hex:0a,00
"SPLUserModePrinterDriver"="RC8DC123.DLL"
"DriverIniFileName"="RC8DD170.ini"
"DriverGRFileName"="RC8DD100.DLL"
"DriverEDFileName"="RC8DC120.dll"
"BidiFlag"=hex:00,00,00,00
"BidiExFlag"=hex:00,00,00,00
"BidiFunc"=hex:00
"LogFileName"="RC8DD100.log"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H N e o C 6 0 0 ( T 0 6 5
N) \DsDriver]
"printBinNames"=multi:"ڲI\00ڲ1\00ڲ2\00ڲ3\00ڲ4\00荷ڲ\00\00"
"printCollate"=hex:01
"printColor"=hex:01
"printDuplexSupported"=hex:01
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000bea
"printMaxYExtent"=dword:000011dc
"printMinXExtent"=dword:000003e8
"printMinYExtent"=dword:00000575
"printMediaSupported"=multi:"12\" x 18\"\00A3 ( 297 x 420 mm )\00A4 ( 210 x 297 mm )\00A5 ( 148 x 210 mm )\00A6 ( 105 x 148 mm )\00ʶ޷ ( 100 x 148 mm )\00B4 ( 257 x 364 mm )\00B5 ( 182 x 257 mm )\00B6 ( 128 x 182 mm )\00Letter (8 1/2\" x 11\")\00Legal (8 1/2\" x 14\")\005 1/2\" x 8 1/2\"\0011\" x 17\"\00s`...\00s`1(210.0 x 297.0mm)\00s`2(210.0 x 297.0mm)\00s`3(210.0 x 297.0mm)\00s`4(210.0 x 297.0mm)\00s`5(210.0 x 297.0mm)\00s`6(210.0 x 297.0mm)\00s`7(210.0 x 297.0mm)\00s`8(210.0 x 297.0mm)\00s`9(210.0 x 297.0mm)\00s`10(210.0 x 297.0mm)\00\00"
"printMediaReady"=multi:"\00"
"printNumberUp"=dword:00000000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:00000258
"printLanguage"=multi:"RPCS\00\00"
"printRate"=dword:0000003c
"printRateUnit"="PagesPerMinute"
"printPagesPerMinute"=dword:0000003c
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H N e o C 6 0 0 ( T 0 6 5
N) \DsSpooler]
"description"=""
"driverName"="RICOH imagio Neo C600 RPCS"
"location"=""
"portName"=multi:"\\\\T065\\v^\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"=" RICOH Neo C600 (T065 )"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\T6\\ RICOH Neo C600 (T065 )"
"versionNumber"=dword:00000004
"serverName"="T6"
"shortServerName"="T6"
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H N e o C 6 0 0 ( T 0 6 5
N) \PrinterDriverData]
"HelpFileName"="RC8DD1jp.HLP"
"RPCSPrinterName"=" RICOH Neo C600 (T065 )"
"DriverName"="RICOH imagio Neo C600 RPCS"
"DefFontTableNum"=hex:0a,00
"TTFontDefTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,
00,77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,
20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"JCPrinterID"="20110607140716845"
"BatchInstallDone"=hex:01,00,00,00
"Tray1"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray2"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray3"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray4"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray5"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray6"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray7"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray8"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray9"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ServerUse"=hex:00
"UserCodeUse"=hex:00
"RAM"=hex:80,01,00,00
"RAMType"=hex:01
"Duplex"=hex:01,00,00,00
"LCT1"=hex:00,00,00,00
"ManualTray"=hex:01,00,00,00
"OutSideTray"=hex:01,00,00,00
"MailBox1"=hex:00,00,00,00
"ShiftTray"=hex:00,00,00,00
"HDD"=hex:01,00,00,00
"FinMF"=hex:00,00,00,00
"Fin50"=hex:00,00,00,00
"Fin100"=hex:00,00,00,00
"CVRFeeder"=hex:00,00,00,00
"FinMFNA23"=hex:00,00,00,00
"FinMFEU24"=hex:00,00,00,00
"FinMFNE4"=hex:00,00,00,00
"FinMFNoPunch"=hex:00,00,00,00
"Fin50NA23"=hex:00,00,00,00
"Fin50EU24"=hex:00,00,00,00
"Fin50NE4"=hex:00,00,00,00
"Fin50NoPunch"=hex:00,00,00,00
"Fin100NA23"=hex:00,00,00,00
"Fin100EU24"=hex:00,00,00,00
"Fin100NE4"=hex:00,00,00,00
"Fin100NoPunch"=hex:00,00,00,00
"FinZaire"=hex:00,00,00,00
"1StepNum"=hex:03,00,00,00
"Tray1Field"=hex:00,00,00,00
"Tray2Field"=hex:00,00,00,00
"Tray3Field"=hex:00,00,00,00
"Tray4Field"=hex:00,00,00,00
"LCT1Field"=hex:00,00,00,00
"ManualTrayField"=hex:00,00,00,00
"CVRField"=hex:00,00,00,00
"Tray1Orient"=hex:01,00,00,00
"Tray2Orient"=hex:01,00,00,00
"Tray3Orient"=hex:01,00,00,00
"Tray4Orient"=hex:01,00,00,00
"LCT1Orient"=hex:01,00,00,00
"ManualTrayOrient"=hex:01,00,00,00
"CVROrient"=hex:01,00,00,00
"Tray1Paper"=hex:00,00
"Tray2Paper"=hex:00,00
"Tray3Paper"=hex:00,00
"Tray4Paper"=hex:00,00
"LCT1Paper"=hex:00,00
"ManualTrayPaper"=hex:00,00
"CVRPaper"=hex:00,00
"Tray1Media"=hex:01,00
"Tray2Media"=hex:01,00
"Tray3Media"=hex:01,00
"Tray4Media"=hex:01,00
"LCT1Media"=hex:01,00
"ManualTrayMedia"=hex:01,00
"CVRMedia"=hex:01,00
"Tray1Lock"=hex:00,00,00,00
"Tray2Lock"=hex:00,00,00,00
"Tray3Lock"=hex:00,00,00,00
"Tray4Lock"=hex:00,00,00,00
"Tray7Lock"=hex:00,00,00,00
"LCT1Lock"=hex:00,00,00,00
"ManualTrayLock"=hex:01,00,00,00
"CVRLock"=hex:01,00,00,00
"DllUserCode"=hex:00,00,00,00,00,00,00,00,00
"Other"=hex:65,37,30,33,62,39,30,32,30,37,64,30,31,34,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00
"Logging"=dword:00000001
"CoverTray"=hex:01,00
"MarkTray"=hex:01,00
"ChapterTray1"=hex:01,00
"ChapterTray2"=hex:01,00
"ChapterTray3"=hex:01,00
"ReverseCoverTray"=hex:01,00
"FoldingUnit"=hex:00,00,00,00
"AuthenticationMode"=hex:00,00,00,00
"AuthenticationSecureMode"=hex:00,00,00,00
"DeviceFontNum"=hex:0f,00
"DeviceFont"=hex:ff,ff,00,00,01,90,e1,4f,62,5f,0f,5f,d3,30,c3,30,c8,30,de,30,
c3,30,d7,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"FontTableNum"=hex:0a,00
"TTFontTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,00,
77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,00,
52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"LastFontTableNum"=hex:0a,00
"SPLUserModePrinterDriver"="RC8DC123.DLL"
"DriverIniFileName"="RC8DD170.ini"
"DriverGRFileName"="RC8DD100.DLL"
"DriverEDFileName"="RC8DC120.dll"
"BidiFlag"=hex:00,00,00,00
"BidiExFlag"=hex:00,00,00,00
"BidiFunc"=hex:00
"LogFileName"="RC8DD100.log"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\IMJP9.IME
c:\windows\system32\imjp9k.dll
.
Completion time: 2012-04-18 20:11:55
ComboFix-quarantined-files.txt 2012-04-18 11:11
.
Pre-Run: 18,327,302,144 oCg̋󂫗̈
Post-Run: 18,568,396,800 oCg̋󂫗̈
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D887197B304C36B68C89D1CCE991F837

"""""""""""""""""""""""""""""""""""""""""""""""""'

The results from a google search from the tool bar is now the same as from the google homepage, as well from a separate PC. I'm not sure of any difference in the PC's speed.

Combofix reminded me to disable the anti-virus. I didn't back up any files because there is nothing important here. If the problem is fixed, could you tell me what the problem was? And should I delete these log files now? Thanks. When this is over I'd like to start a new thread for my work PC. Thanks.

hato

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 18 April 2012 - 08:51 AM

Greetings

It may or may not be fixed but we will do more checking to be sure.


There is not really enough in the report to say what was on it yet


remind me about the work computer when we are done and I will help you with it.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hato

hato
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 19 April 2012 - 08:50 AM

Hello Gringo,

I downloaded and ran the TDSSKiller and aswMBR programs. Each went well I think, and the logs are posted below.

TDSSKiller log:
""""""""""""""""""""""""""""""""""""""""""""""""""""

22:19:29.0988 2860 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
22:19:30.0008 2860 ============================================================
22:19:30.0008 2860 Current date / time: 2012/04/19 22:19:30.0008
22:19:30.0008 2860 SystemInfo:
22:19:30.0008 2860
22:19:30.0008 2860 OS Version: 5.1.2600 ServicePack: 3.0
22:19:30.0008 2860 Product type: Workstation
22:19:30.0008 2860 ComputerName: T6
22:19:30.0008 2860 UserName: USER
22:19:30.0008 2860 Windows directory: C:\WINDOWS
22:19:30.0008 2860 System windows directory: C:\WINDOWS
22:19:30.0008 2860 Processor architecture: Intel x86
22:19:30.0008 2860 Number of processors: 1
22:19:30.0008 2860 Page size: 0x1000
22:19:30.0008 2860 Boot type: Normal boot
22:19:30.0008 2860 ============================================================
22:19:33.0253 2860 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:19:33.0263 2860 \Device\Harddisk0\DR0:
22:19:33.0263 2860 MBR partitions:
22:19:33.0263 2860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38A4800
22:19:33.0263 2860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38A5000, BlocksNum 0x11E0000
22:19:33.0353 2860 D: <-> \Device\Harddisk0\DR0\Partition1
22:19:33.0884 2860 C: <-> \Device\Harddisk0\DR0\Partition0
22:19:33.0974 2860 Initialize success
22:19:33.0974 2860 ============================================================
22:20:04.0728 2944 ============================================================
22:20:04.0728 2944 Scan started
22:20:04.0728 2944 Mode: Manual;
22:20:04.0728 2944 ============================================================
22:20:05.0950 2944 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:20:05.0950 2944 Aavmker4 - ok
22:20:05.0970 2944 Abiosdsk - ok
22:20:05.0990 2944 abp480n5 - ok
22:20:06.0060 2944 ACPI (7a1cdb2db39841ad75bc7c7f0464efb2) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:20:06.0060 2944 ACPI - ok
22:20:06.0110 2944 ACPIEC (8838eab3a389c0b096ee691130f5c6c3) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:20:06.0110 2944 ACPIEC - ok
22:20:06.0210 2944 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:06.0220 2944 AdobeFlashPlayerUpdateSvc - ok
22:20:06.0241 2944 adpu160m - ok
22:20:06.0311 2944 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
22:20:06.0311 2944 aeaudio - ok
22:20:06.0351 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:20:06.0351 2944 aec - ok
22:20:06.0441 2944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:20:06.0441 2944 AFD - ok
22:20:06.0471 2944 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:20:06.0471 2944 agp440 - ok
22:20:06.0491 2944 Aha154x - ok
22:20:06.0511 2944 aic78u2 - ok
22:20:06.0541 2944 aic78xx - ok
22:20:06.0591 2944 Alerter (1dd1684b2faeb1138048df3fd50f4c06) C:\WINDOWS\system32\alrsvc.dll
22:20:06.0591 2944 Alerter - ok
22:20:06.0721 2944 ALG (db827b788702b344fea38c6382b88db3) C:\WINDOWS\System32\alg.exe
22:20:06.0721 2944 ALG - ok
22:20:06.0761 2944 AliIde - ok
22:20:06.0781 2944 amsint - ok
22:20:06.0851 2944 ApfiltrService (27276d9bbd6f5322af18229760634df9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:20:06.0851 2944 ApfiltrService - ok
22:20:06.0911 2944 AppMgmt (b8032abf8f4c7df8be0687cf19ca3d45) C:\WINDOWS\System32\appmgmts.dll
22:20:06.0911 2944 AppMgmt - ok
22:20:06.0982 2944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:20:06.0982 2944 Arp1394 - ok
22:20:07.0002 2944 asc - ok
22:20:07.0032 2944 asc3350p - ok
22:20:07.0052 2944 asc3550 - ok
22:20:07.0132 2944 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:20:07.0132 2944 aspnet_state - ok
22:20:07.0182 2944 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:20:07.0182 2944 aswFsBlk - ok
22:20:07.0222 2944 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:20:07.0222 2944 aswMon2 - ok
22:20:07.0252 2944 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
22:20:07.0252 2944 aswRdr - ok
22:20:07.0322 2944 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:20:07.0332 2944 aswSnx - ok
22:20:07.0512 2944 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:20:07.0522 2944 aswSP - ok
22:20:07.0552 2944 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:20:07.0552 2944 aswTdi - ok
22:20:07.0592 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:20:07.0602 2944 AsyncMac - ok
22:20:07.0643 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:20:07.0643 2944 atapi - ok
22:20:07.0663 2944 Atdisk - ok
22:20:07.0753 2944 Ati HotKey Poller (94627116f20d1f1350d2d14470043a60) C:\WINDOWS\system32\Ati2evxx.exe
22:20:07.0763 2944 Ati HotKey Poller - ok
22:20:07.0833 2944 ati2mtag (8303b347a02ed4bbf94e5682a6d22619) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:20:07.0843 2944 ati2mtag - ok
22:20:07.0943 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:20:07.0943 2944 Atmarpc - ok
22:20:08.0043 2944 AudioSrv (a3772b1407f04506105335edbb809b33) C:\WINDOWS\System32\audiosrv.dll
22:20:08.0053 2944 AudioSrv - ok
22:20:08.0123 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:20:08.0133 2944 audstub - ok
22:20:08.0263 2944 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:20:08.0273 2944 avast! Antivirus - ok
22:20:08.0364 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:20:08.0364 2944 Beep - ok
22:20:08.0444 2944 BITS (21b41d6f0b92f2647dfb150ba24bc64e) C:\WINDOWS\system32\qmgr.dll
22:20:08.0464 2944 BITS - ok
22:20:08.0554 2944 Browser (80739006ea1e968b1e80cd631abe3240) C:\WINDOWS\System32\browser.dll
22:20:08.0554 2944 Browser - ok
22:20:08.0614 2944 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
22:20:08.0614 2944 caboagp - ok
22:20:08.0724 2944 catchme - ok
22:20:08.0834 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:20:08.0844 2944 cbidf2k - ok
22:20:08.0874 2944 cd20xrnt - ok
22:20:08.0914 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:20:08.0914 2944 Cdaudio - ok
22:20:08.0934 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:20:08.0944 2944 Cdfs - ok
22:20:08.0974 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:20:08.0974 2944 Cdrom - ok
22:20:09.0004 2944 Changer - ok
22:20:09.0055 2944 cisvc (3c630306371d81d095bb30f50878c1ba) C:\WINDOWS\system32\cisvc.exe
22:20:09.0065 2944 cisvc - ok
22:20:09.0105 2944 ClipSrv (88c4fb9b36068335403c65f168619634) C:\WINDOWS\system32\clipsrv.exe
22:20:09.0105 2944 ClipSrv - ok
22:20:09.0155 2944 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:20:09.0155 2944 CmBatt - ok
22:20:09.0225 2944 CmdIde - ok
22:20:09.0255 2944 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:20:09.0255 2944 Compbatt - ok
22:20:09.0285 2944 COMSysApp - ok
22:20:09.0315 2944 Cpqarray - ok
22:20:09.0365 2944 CryptSvc (55aef3aba7a78e4358bbc6f6cc9fc210) C:\WINDOWS\System32\cryptsvc.dll
22:20:09.0365 2944 CryptSvc - ok
22:20:09.0385 2944 dac2w2k - ok
22:20:09.0415 2944 dac960nt - ok
22:20:09.0505 2944 DcomLaunch (f0f478d570658321936945d0950aac7f) C:\WINDOWS\system32\rpcss.dll
22:20:09.0545 2944 DcomLaunch - ok
22:20:09.0625 2944 Dhcp (3bf2474ed987cc0fa7d9f2de5611e8de) C:\WINDOWS\System32\dhcpcsvc.dll
22:20:09.0635 2944 Dhcp - ok
22:20:09.0695 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:20:09.0695 2944 Disk - ok
22:20:09.0766 2944 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
22:20:09.0766 2944 DLABMFSM - ok
22:20:09.0786 2944 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:20:09.0796 2944 DLABOIOM - ok
22:20:09.0816 2944 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:20:09.0826 2944 DLACDBHM - ok
22:20:09.0846 2944 DLADResM (972a72ea3e90d8642ab177db8fd78e66) C:\WINDOWS\system32\DLA\DLADResM.SYS
22:20:09.0846 2944 DLADResM - ok
22:20:09.0876 2944 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:20:09.0876 2944 DLAIFS_M - ok
22:20:09.0906 2944 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:20:09.0906 2944 DLAOPIOM - ok
22:20:09.0926 2944 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:20:09.0926 2944 DLAPoolM - ok
22:20:09.0956 2944 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
22:20:09.0956 2944 DLARTL_M - ok
22:20:09.0986 2944 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:20:09.0986 2944 DLAUDFAM - ok
22:20:10.0016 2944 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:20:10.0016 2944 DLAUDF_M - ok
22:20:10.0046 2944 dmadmin - ok
22:20:10.0136 2944 dmboot (d2588be561221dc503eff3b4c49066af) C:\WINDOWS\system32\drivers\dmboot.sys
22:20:10.0156 2944 dmboot - ok
22:20:10.0216 2944 dmio (88991ec18e8d1e42c59a84d92e342d45) C:\WINDOWS\system32\drivers\dmio.sys
22:20:10.0226 2944 dmio - ok
22:20:10.0286 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:20:10.0286 2944 dmload - ok
22:20:10.0346 2944 dmserver (6d11e9f3007c6461a930fa79345b387e) C:\WINDOWS\System32\dmserver.dll
22:20:10.0346 2944 dmserver - ok
22:20:10.0386 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:20:10.0386 2944 DMusic - ok
22:20:10.0487 2944 Dnscache (fd98349d20b12cc53379be8d7df3b584) C:\WINDOWS\System32\dnsrslvr.dll
22:20:10.0497 2944 Dnscache - ok
22:20:10.0587 2944 Dot3svc (c9568b6e0c513634e1a0713b9de880b9) C:\WINDOWS\System32\dot3svc.dll
22:20:10.0587 2944 Dot3svc - ok
22:20:10.0647 2944 dpti2o - ok
22:20:10.0687 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:20:10.0687 2944 drmkaud - ok
22:20:10.0747 2944 drvmcdb (0377e9deadd761f3cfb2fc4255e1e76d) C:\WINDOWS\system32\drivers\drvmcdb.sys
22:20:10.0747 2944 drvmcdb - ok
22:20:10.0797 2944 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:20:10.0797 2944 DRVNDDM - ok
22:20:10.0827 2944 EapHost (122b3bbee52ef9533aeeae5ffa34d384) C:\WINDOWS\System32\eapsvc.dll
22:20:10.0837 2944 EapHost - ok
22:20:10.0907 2944 ERSvc (b921939f681e42a5ae287b7d4d3c2008) C:\WINDOWS\System32\ersvc.dll
22:20:10.0917 2944 ERSvc - ok
22:20:10.0977 2944 Eventlog (0c5818e56ac5306b11087d8451453c5c) C:\WINDOWS\system32\services.exe
22:20:11.0017 2944 Eventlog - ok
22:20:11.0118 2944 EventSystem (5c0df35f9e7ad164c0b350db243e230d) C:\WINDOWS\System32\es.dll
22:20:11.0128 2944 EventSystem - ok
22:20:11.0198 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:20:11.0208 2944 Fastfat - ok
22:20:11.0258 2944 FastUserSwitchingCompatibility (5ddaeedba8e2c349e85263f0c4745764) C:\WINDOWS\System32\shsvcs.dll
22:20:11.0278 2944 FastUserSwitchingCompatibility - ok
22:20:11.0348 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:20:11.0348 2944 Fdc - ok
22:20:11.0378 2944 Fips (225cb09b8c3a59fd177423fbe8d44b02) C:\WINDOWS\system32\drivers\Fips.sys
22:20:11.0378 2944 Fips - ok
22:20:11.0428 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:20:11.0428 2944 Flpydisk - ok
22:20:11.0458 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:20:11.0468 2944 FltMgr - ok
22:20:11.0558 2944 FsVga (9dd699bca7c08ca6c42d70b3ccbbb3f7) C:\WINDOWS\system32\DRIVERS\fsvga.sys
22:20:11.0558 2944 FsVga - ok
22:20:11.0588 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:20:11.0588 2944 Fs_Rec - ok
22:20:11.0658 2944 Ftdisk (7b32415cf596fe0306c90b05fe29f325) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:20:11.0658 2944 Ftdisk - ok
22:20:11.0698 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:20:11.0698 2944 Gpc - ok
22:20:11.0859 2944 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:20:11.0859 2944 gupdate - ok
22:20:11.0869 2944 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:20:11.0879 2944 gupdatem - ok
22:20:11.0949 2944 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:20:11.0949 2944 gusvc - ok
22:20:12.0059 2944 helpsvc (92932f61f09e3dff04dd6ce3955e15e7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:20:12.0069 2944 helpsvc - ok
22:20:12.0139 2944 HidServ - ok
22:20:12.0239 2944 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:20:12.0239 2944 HidUsb - ok
22:20:12.0309 2944 hkmsvc (22a9c650e4e6c4dc1805a1642eb35e79) C:\WINDOWS\System32\kmsvc.dll
22:20:12.0319 2944 hkmsvc - ok
22:20:12.0339 2944 hpn - ok
22:20:12.0359 2944 hpt3xx - ok
22:20:12.0459 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:20:12.0469 2944 HTTP - ok
22:20:12.0500 2944 HTTPFilter (55f4980164463c24aa8ebe28c7184b2e) C:\WINDOWS\System32\w3ssl.dll
22:20:12.0520 2944 HTTPFilter - ok
22:20:12.0540 2944 i2omgmt - ok
22:20:12.0560 2944 i2omp - ok
22:20:12.0600 2944 i8042prt (e2960fb6d8e099be41a33374f3528aeb) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:20:12.0610 2944 i8042prt - ok
22:20:12.0760 2944 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:20:12.0760 2944 IDriverT - ok
22:20:12.0810 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:20:12.0810 2944 Imapi - ok
22:20:12.0930 2944 ImapiService (81cb36bccb9a4be4463d47f6bbaf65ca) C:\WINDOWS\system32\imapi.exe
22:20:12.0940 2944 ImapiService - ok
22:20:13.0030 2944 ini910u - ok
22:20:13.0060 2944 IntelIde - ok
22:20:13.0110 2944 intelppm (2d7d0f3eca9ef18200a7b42e9902b2f8) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:20:13.0110 2944 intelppm - ok
22:20:13.0160 2944 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:20:13.0160 2944 ip6fw - ok
22:20:13.0211 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:20:13.0211 2944 IpFilterDriver - ok
22:20:13.0281 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:20:13.0281 2944 IpInIp - ok
22:20:13.0351 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:20:13.0351 2944 IpNat - ok
22:20:13.0391 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:20:13.0391 2944 IPSec - ok
22:20:13.0471 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:20:13.0471 2944 IRENUM - ok
22:20:13.0511 2944 isapnp (232774f529ef6e0b5d94a423de736812) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:20:13.0511 2944 isapnp - ok
22:20:13.0681 2944 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre1.6.0_31\bin\jqs.exe
22:20:13.0691 2944 JavaQuickStarterService - ok
22:20:13.0831 2944 Kbdclass (bcfffeba2503a221741bfc49b8253fdc) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:20:13.0831 2944 Kbdclass - ok
22:20:13.0871 2944 kbdhid (9323119ec30e747afc7d851d9010cf11) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:20:13.0871 2944 kbdhid - ok
22:20:13.0912 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:20:13.0912 2944 kmixer - ok
22:20:13.0962 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:20:13.0962 2944 KSecDD - ok
22:20:14.0022 2944 lanmanserver (347bd1369fe82b9fb04c0985a6367b44) C:\WINDOWS\System32\srvsvc.dll
22:20:14.0032 2944 lanmanserver - ok
22:20:14.0092 2944 lanmanworkstation (37b6510a4d7d873064051d854577d61b) C:\WINDOWS\System32\wkssvc.dll
22:20:14.0112 2944 lanmanworkstation - ok
22:20:14.0132 2944 lbrtfdc - ok
22:20:14.0202 2944 LmHosts (85c0e7773b1cff186f4e8af358a15dd3) C:\WINDOWS\System32\lmhsvc.dll
22:20:14.0202 2944 LmHosts - ok
22:20:14.0252 2944 Messenger (5b4145bc87e4045386811fc230dfef4e) C:\WINDOWS\System32\msgsvc.dll
22:20:14.0252 2944 Messenger - ok
22:20:14.0302 2944 MFKGTKEY (76ce2e9aa9d9f548f122b66cde409f2a) C:\WINDOWS\system32\drivers\mfkgtkey.sys
22:20:14.0302 2944 MFKGTKEY - ok
22:20:14.0342 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:20:14.0342 2944 mnmdd - ok
22:20:14.0392 2944 mnmsrvc (b4ffd2e0ab59edd82975e645cb41e62d) C:\WINDOWS\System32\mnmsrvc.exe
22:20:14.0392 2944 mnmsrvc - ok
22:20:14.0783 2944 Modem (60445bf3606095104f66e85723ff2dc8) C:\WINDOWS\system32\drivers\Modem.sys
22:20:14.0783 2944 Modem - ok
22:20:14.0843 2944 Mouclass (264c4cd6aa9237ce23b79200d5044909) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:20:14.0853 2944 Mouclass - ok
22:20:14.0913 2944 mouhid (52a831d0de5d6cc4655642ed13cccd43) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:20:14.0913 2944 mouhid - ok
22:20:14.0963 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:20:14.0963 2944 MountMgr - ok
22:20:14.0993 2944 mraid35x - ok
22:20:15.0023 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:20:15.0033 2944 MRxDAV - ok
22:20:15.0123 2944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:20:15.0133 2944 MRxSmb - ok
22:20:15.0253 2944 MSDTC (ee19ed79cf887cb5ac0156d73c1479d7) C:\WINDOWS\system32\msdtc.exe
22:20:15.0253 2944 MSDTC - ok
22:20:15.0324 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:20:15.0334 2944 Msfs - ok
22:20:15.0354 2944 MSIServer - ok
22:20:15.0394 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:20:15.0394 2944 MSKSSRV - ok
22:20:15.0424 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:20:15.0424 2944 MSPCLOCK - ok
22:20:15.0444 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:20:15.0454 2944 MSPQM - ok
22:20:15.0494 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:20:15.0494 2944 mssmbios - ok
22:20:15.0544 2944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:20:15.0554 2944 Mup - ok
22:20:15.0604 2944 napagent (e063da3d0fdcce0acd572891bb7bec10) C:\WINDOWS\System32\qagentrt.dll
22:20:15.0614 2944 napagent - ok
22:20:15.0664 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:20:15.0664 2944 NDIS - ok
22:20:15.0724 2944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:20:15.0724 2944 NdisTapi - ok
22:20:15.0754 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:20:15.0754 2944 Ndisuio - ok
22:20:15.0794 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:20:15.0794 2944 NdisWan - ok
22:20:15.0844 2944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:20:15.0844 2944 NDProxy - ok
22:20:15.0864 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:20:15.0874 2944 NetBIOS - ok
22:20:15.0914 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:20:15.0924 2944 NetBT - ok
22:20:15.0964 2944 NetDDE (59c6fe4264854b6d4604eb41fe30d1d3) C:\WINDOWS\system32\netdde.exe
22:20:15.0975 2944 NetDDE - ok
22:20:15.0985 2944 NetDDEdsdm (59c6fe4264854b6d4604eb41fe30d1d3) C:\WINDOWS\system32\netdde.exe
22:20:16.0005 2944 NetDDEdsdm - ok
22:20:16.0105 2944 Netlogon (3c9f668112aae22401bc4aff90bd6782) C:\WINDOWS\system32\lsass.exe
22:20:16.0105 2944 Netlogon - ok
22:20:16.0195 2944 Netman (a4222312758c01270be93a2a6d7fbb04) C:\WINDOWS\System32\netman.dll
22:20:16.0215 2944 Netman - ok
22:20:16.0275 2944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:20:16.0285 2944 NIC1394 - ok
22:20:16.0365 2944 Nla (997611205d34af7f38fa7ba191142b12) C:\WINDOWS\System32\mswsock.dll
22:20:16.0375 2944 Nla - ok
22:20:16.0405 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:20:16.0415 2944 Npfs - ok
22:20:16.0485 2944 NT Meter (998ca9df971624429892bc5749238c56) C:\WINDOWS\system32\NTMETER.EXE
22:20:16.0495 2944 NT Meter - ok
22:20:16.0545 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:20:16.0565 2944 Ntfs - ok
22:20:16.0676 2944 NtLmSsp (3c9f668112aae22401bc4aff90bd6782) C:\WINDOWS\System32\lsass.exe
22:20:16.0686 2944 NtLmSsp - ok
22:20:16.0776 2944 NtmsSvc (4e7b93a6c4d6ad21c88799cc93ad2187) C:\WINDOWS\system32\ntmssvc.dll
22:20:16.0796 2944 NtmsSvc - ok
22:20:16.0896 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:20:16.0906 2944 Null - ok
22:20:16.0966 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:20:16.0966 2944 NwlnkFlt - ok
22:20:16.0996 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:20:16.0996 2944 NwlnkFwd - ok
22:20:17.0036 2944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:20:17.0046 2944 ohci1394 - ok
22:20:17.0136 2944 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:17.0146 2944 ose - ok
22:20:17.0246 2944 PACSPTISVR (3bba09f67ff608863d2f3d874091a164) C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
22:20:17.0256 2944 PACSPTISVR - ok
22:20:17.0367 2944 Parport (bff867941573da75b046f0dfab96ca59) C:\WINDOWS\system32\DRIVERS\parport.sys
22:20:17.0367 2944 Parport - ok
22:20:17.0447 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:20:17.0457 2944 PartMgr - ok
22:20:17.0517 2944 ParVdm (acd12767f76bb6e7109fe17b00823543) C:\WINDOWS\system32\drivers\ParVdm.sys
22:20:17.0517 2944 ParVdm - ok
22:20:17.0567 2944 PCI (dc51fa93029662b7b42d41a8d0750c0e) C:\WINDOWS\system32\DRIVERS\pci.sys
22:20:17.0567 2944 PCI - ok
22:20:17.0587 2944 PCIDump - ok
22:20:17.0607 2944 PCIIde (72d152abf38eb26671488f9ba23c78a8) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:20:17.0607 2944 PCIIde - ok
22:20:17.0637 2944 Pcmcia (2bd31d5e6c7100d795eec72ac4feac14) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:20:17.0637 2944 Pcmcia - ok
22:20:17.0667 2944 PDCOMP - ok
22:20:17.0687 2944 PDFRAME - ok
22:20:17.0707 2944 PDRELI - ok
22:20:17.0727 2944 PDRFRAME - ok
22:20:17.0747 2944 perc2 - ok
22:20:17.0777 2944 perc2hib - ok
22:20:17.0877 2944 PlugPlay (0c5818e56ac5306b11087d8451453c5c) C:\WINDOWS\system32\services.exe
22:20:17.0887 2944 PlugPlay - ok
22:20:17.0947 2944 PolicyAgent (3c9f668112aae22401bc4aff90bd6782) C:\WINDOWS\system32\lsass.exe
22:20:17.0947 2944 PolicyAgent - ok
22:20:18.0017 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:20:18.0017 2944 PptpMiniport - ok
22:20:18.0047 2944 Processor (4c36dd4f21693c89140777314fa6ae76) C:\WINDOWS\system32\DRIVERS\processr.sys
22:20:18.0057 2944 Processor - ok
22:20:18.0078 2944 ProtectedStorage (3c9f668112aae22401bc4aff90bd6782) C:\WINDOWS\system32\lsass.exe
22:20:18.0088 2944 ProtectedStorage - ok
22:20:18.0148 2944 Ps2Led (e940c1ba8ed9d34321ebbf8045d9a03a) C:\WINDOWS\system32\DRIVERS\Ps2Led.sys
22:20:18.0158 2944 Ps2Led - ok
22:20:18.0218 2944 Ps2LedIF (e70f5598ee9a7f88a6fb2ca595296cc7) C:\WINDOWS\system32\drivers\ps2ledif.sys
22:20:18.0218 2944 Ps2LedIF - ok
22:20:18.0318 2944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:20:18.0318 2944 PSched - ok
22:20:18.0398 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:20:18.0398 2944 Ptilink - ok
22:20:18.0468 2944 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:20:18.0468 2944 PxHelp20 - ok
22:20:18.0508 2944 ql1080 - ok
22:20:18.0538 2944 Ql10wnt - ok
22:20:18.0558 2944 ql12160 - ok
22:20:18.0588 2944 ql1240 - ok
22:20:18.0608 2944 ql1280 - ok
22:20:18.0648 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:20:18.0658 2944 RasAcd - ok
22:20:18.0698 2944 RasAuto (2a732f1cf38f99a8b9dec0761837431b) C:\WINDOWS\System32\rasauto.dll
22:20:18.0708 2944 RasAuto - ok
22:20:18.0759 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:20:18.0759 2944 Rasl2tp - ok
22:20:18.0819 2944 RasMan (a6a4a6add7ea9189f26f7cd3235ddb78) C:\WINDOWS\System32\rasmans.dll
22:20:18.0839 2944 RasMan - ok
22:20:18.0879 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:20:18.0889 2944 RasPppoe - ok
22:20:18.0919 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:20:18.0929 2944 Raspti - ok
22:20:18.0959 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:20:18.0969 2944 Rdbss - ok
22:20:19.0029 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:20:19.0039 2944 RDPCDD - ok
22:20:19.0139 2944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:20:19.0149 2944 rdpdr - ok
22:20:19.0249 2944 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:20:19.0249 2944 RDPWD - ok
22:20:19.0289 2944 RDSessMgr (1da2f628adf4023ec83e95594b05c0d4) C:\WINDOWS\system32\sessmgr.exe
22:20:19.0309 2944 RDSessMgr - ok
22:20:19.0359 2944 ReadSctService (c91ab2595e67f8f7dc35fe3ab978bef5) C:\Smdata\READSCTSERVICE.EXE
22:20:19.0359 2944 ReadSctService - ok
22:20:19.0449 2944 redbook (c5927f08f38a8da6ce16b2d1017d8782) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:20:19.0449 2944 redbook - ok
22:20:19.0520 2944 RemoteAccess (1cadd406d8fc926c80ab4522a8397b2c) C:\WINDOWS\System32\mprdim.dll
22:20:19.0520 2944 RemoteAccess - ok
22:20:19.0590 2944 RemoteRegistry (a94d67d9ece648a3c2136d87e28ad55e) C:\WINDOWS\system32\regsvc.dll
22:20:19.0600 2944 RemoteRegistry - ok
22:20:19.0970 2944 RoxMediaDB9 (a577e2283375eb39db936309800a0719) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:20:19.0990 2944 RoxMediaDB9 - ok
22:20:20.0151 2944 RpcLocator (bb327ebeeb830907ca4b6b398ee18662) C:\WINDOWS\System32\locator.exe
22:20:20.0151 2944 RpcLocator - ok
22:20:20.0231 2944 RpcSs (f0f478d570658321936945d0950aac7f) C:\WINDOWS\System32\rpcss.dll
22:20:20.0261 2944 RpcSs - ok
22:20:20.0301 2944 RSVP (ff89bccebc0d50e7877ac4b688b063f7) C:\WINDOWS\System32\rsvp.exe
22:20:20.0311 2944 RSVP - ok
22:20:20.0401 2944 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
22:20:20.0401 2944 RTL8023xp - ok
22:20:20.0471 2944 RxFilter (19f33ceb4d3672f55dde53cc0a684ac2) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
22:20:20.0471 2944 RxFilter - ok
22:20:20.0531 2944 SamSs (3c9f668112aae22401bc4aff90bd6782) C:\WINDOWS\system32\lsass.exe
22:20:20.0531 2944 SamSs - ok
22:20:20.0561 2944 SCardSvr (cdae962fa7fe9fd52a7365e563b02505) C:\WINDOWS\System32\SCardSvr.exe
22:20:20.0581 2944 SCardSvr - ok
22:20:20.0641 2944 Schedule (6f2cd576a3a14709a3ad77214f0f9d6c) C:\WINDOWS\system32\schedsvc.dll
22:20:20.0661 2944 Schedule - ok
22:20:20.0701 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:20:20.0701 2944 Secdrv - ok
22:20:20.0741 2944 seclogon (1686c4c22f6605e100b38c74b0fa685a) C:\WINDOWS\System32\seclogon.dll
22:20:20.0751 2944 seclogon - ok
22:20:20.0872 2944 SENS (87069f53d6cdd4e8b6dc1273d95d84e4) C:\WINDOWS\system32\sens.dll
22:20:20.0882 2944 SENS - ok
22:20:20.0932 2944 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:20:20.0932 2944 Serenum - ok
22:20:20.0962 2944 Serial (32be213745551fb893713308a28e832e) C:\WINDOWS\system32\DRIVERS\serial.sys
22:20:20.0972 2944 Serial - ok
22:20:20.0992 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:20:20.0992 2944 Sfloppy - ok
22:20:21.0042 2944 SharedAccess (91025abcd3a23c75fec7b519252eb690) C:\WINDOWS\System32\ipnathlp.dll
22:20:21.0062 2944 SharedAccess - ok
22:20:21.0112 2944 ShellHWDetection (5ddaeedba8e2c349e85263f0c4745764) C:\WINDOWS\System32\shsvcs.dll
22:20:21.0122 2944 ShellHWDetection - ok
22:20:21.0162 2944 Simbad - ok
22:20:21.0252 2944 smwdm (1ce7bd122a582d77bdeee502432bfc02) C:\WINDOWS\system32\drivers\smwdm.sys
22:20:21.0272 2944 smwdm - ok
22:20:21.0573 2944 SonicStage Back-End Service2 (cbb344de65a8cbe7e80117191f921e15) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
22:20:21.0573 2944 SonicStage Back-End Service2 - ok
22:20:21.0663 2944 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
22:20:21.0663 2944 SoundMAX Agent Service (default) - ok
22:20:21.0813 2944 Sparrow - ok
22:20:21.0843 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:20:21.0853 2944 splitter - ok
22:20:21.0913 2944 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:20:21.0923 2944 Spooler - ok
22:20:21.0963 2944 sr (293f6452dbbd46d37bd0e1274dbe227e) C:\WINDOWS\system32\DRIVERS\sr.sys
22:20:21.0973 2944 sr - ok
22:20:22.0023 2944 srservice (abc0e2d2e965ca9eddef617d0ab0686d) C:\WINDOWS\system32\srsvc.dll
22:20:22.0043 2944 srservice - ok
22:20:22.0103 2944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:20:22.0113 2944 Srv - ok
22:20:22.0163 2944 SSDPSRV (00fa3597fd7bc7b36b9140552c32e44a) C:\WINDOWS\System32\ssdpsrv.dll
22:20:22.0173 2944 SSDPSRV - ok
22:20:22.0244 2944 stisvc (de0fad11ed060298d9a55a450c1bb6cd) C:\WINDOWS\system32\wiaservc.dll
22:20:22.0264 2944 stisvc - ok
22:20:22.0414 2944 stllssvr (4173a9cd59f15a64f54b3242c3232731) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:20:22.0424 2944 stllssvr - ok
22:20:22.0604 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:20:22.0604 2944 swenum - ok
22:20:22.0654 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:20:22.0654 2944 swmidi - ok
22:20:22.0684 2944 SwPrv - ok
22:20:22.0714 2944 symc810 - ok
22:20:22.0734 2944 symc8xx - ok
22:20:22.0764 2944 sym_hi - ok
22:20:22.0784 2944 sym_u3 - ok
22:20:22.0814 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:20:22.0824 2944 sysaudio - ok
22:20:22.0884 2944 SysmonLog (987be8c897ec8090ef19d58746f3669d) C:\WINDOWS\system32\smlogsvc.exe
22:20:22.0894 2944 SysmonLog - ok
22:20:22.0924 2944 TapiSrv (732ed20c79a3c32e909c6d826a5bb27a) C:\WINDOWS\System32\tapisrv.dll
22:20:22.0945 2944 TapiSrv - ok
22:20:23.0015 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:20:23.0025 2944 Tcpip - ok
22:20:23.0085 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:20:23.0085 2944 TDPIPE - ok
22:20:23.0105 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:20:23.0115 2944 TDTCP - ok
22:20:23.0145 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:20:23.0145 2944 TermDD - ok
22:20:23.0185 2944 TermService (a2d28bd95dde7225077dd24c5554e814) C:\WINDOWS\System32\termsrv.dll
22:20:23.0205 2944 TermService - ok
22:20:23.0265 2944 Themes (5ddaeedba8e2c349e85263f0c4745764) C:\WINDOWS\System32\shsvcs.dll
22:20:23.0275 2944 Themes - ok
22:20:23.0535 2944 TlntSvr (246a96f48069bc5aa85df819a35bd581) C:\WINDOWS\System32\tlntsvr.exe
22:20:23.0545 2944 TlntSvr - ok
22:20:23.0585 2944 TosIde - ok
22:20:23.0636 2944 TrkWks (66f14a1c7a7f4d8f25ae1e63bbf088f3) C:\WINDOWS\system32\trkwks.dll
22:20:23.0646 2944 TrkWks - ok
22:20:23.0676 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:20:23.0686 2944 Udfs - ok
22:20:23.0706 2944 ultra - ok
22:20:23.0786 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:20:23.0796 2944 Update - ok
22:20:23.0846 2944 upnphost (1b0f436ee4200343161c749fcfcdc47f) C:\WINDOWS\System32\upnphost.dll
22:20:23.0856 2944 upnphost - ok
22:20:23.0886 2944 UPS (16d6274318380a89f0e07fdb7cd778b2) C:\WINDOWS\System32\ups.exe
22:20:23.0906 2944 UPS - ok
22:20:23.0956 2944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:20:23.0956 2944 usbaudio - ok
22:20:24.0116 2944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:20:24.0116 2944 usbccgp - ok
22:20:24.0166 2944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:20:24.0166 2944 usbehci - ok
22:20:24.0196 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:20:24.0196 2944 usbhub - ok
22:20:24.0226 2944 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:20:24.0226 2944 usbohci - ok
22:20:24.0256 2944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:20:24.0256 2944 usbprint - ok
22:20:24.0286 2944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:20:24.0286 2944 usbscan - ok
22:20:24.0306 2944 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:20:24.0316 2944 usbstor - ok
22:20:24.0347 2944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:20:24.0347 2944 usbuhci - ok
22:20:24.0387 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:20:24.0387 2944 VgaSave - ok
22:20:24.0407 2944 ViaIde - ok
22:20:24.0467 2944 VolSnap (72a85441a8285ef8af2794c42d87935f) C:\WINDOWS\system32\drivers\VolSnap.sys
22:20:24.0467 2944 VolSnap - ok
22:20:24.0507 2944 VSS (b7fec66d234f687a672577a5e5699cc5) C:\WINDOWS\System32\vssvc.exe
22:20:24.0527 2944 VSS - ok
22:20:24.0567 2944 W32Time (d0d722474a289ddcd7578bd93b4830c3) C:\WINDOWS\system32\w32time.dll
22:20:24.0587 2944 W32Time - ok
22:20:24.0637 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:20:24.0637 2944 Wanarp - ok
22:20:24.0657 2944 WDICA - ok
22:20:24.0697 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:20:24.0697 2944 wdmaud - ok
22:20:24.0757 2944 WebClient (e3fce00cdd8c9c774539921bdcc0e661) C:\WINDOWS\System32\webclnt.dll
22:20:24.0767 2944 WebClient - ok
22:20:24.0847 2944 winmgmt (880ac8fdb46f0553398162a40a95c726) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:20:24.0847 2944 winmgmt - ok
22:20:24.0937 2944 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:20:24.0947 2944 WmdmPmSN - ok
22:20:25.0138 2944 Wmi (4b8be10f05d071d8f1005affbb3f9e9c) C:\WINDOWS\System32\advapi32.dll
22:20:25.0158 2944 Wmi - ok
22:20:25.0208 2944 WmiApSrv (77f7db9897f6fde516884d4a06f3ed3e) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:20:25.0208 2944 WmiApSrv - ok
22:20:25.0288 2944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:20:25.0298 2944 WS2IFSL - ok
22:20:25.0358 2944 wscsvc (2cfcce3d7a0e22df719237202861cbc5) C:\WINDOWS\system32\wscsvc.dll
22:20:25.0378 2944 wscsvc - ok
22:20:25.0398 2944 wuauserv (bee247cdfbb34cdc9e273cdeb7840df9) C:\WINDOWS\system32\wuauserv.dll
22:20:25.0428 2944 wuauserv - ok
22:20:25.0568 2944 WZCSVC (ba7dd83e3c86b00e35be891322a8c171) C:\WINDOWS\System32\wzcsvc.dll
22:20:25.0588 2944 WZCSVC - ok
22:20:25.0698 2944 xmlprov (aea345c5d385ac56f1eedc3087f20f40) C:\WINDOWS\System32\xmlprov.dll
22:20:25.0708 2944 xmlprov - ok
22:20:25.0749 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:20:25.0919 2944 \Device\Harddisk0\DR0 - ok
22:20:25.0929 2944 Boot (0x1200) (355a98cb52ec15de02a76d91c8d6fe0d) \Device\Harddisk0\DR0\Partition0
22:20:25.0929 2944 \Device\Harddisk0\DR0\Partition0 - ok
22:20:25.0969 2944 Boot (0x1200) (48c24ce71829d6571670dcb488ff6082) \Device\Harddisk0\DR0\Partition1
22:20:25.0969 2944 \Device\Harddisk0\DR0\Partition1 - ok
22:20:25.0969 2944 ============================================================
22:20:25.0969 2944 Scan finished
22:20:25.0969 2944 ============================================================
22:20:25.0999 2936 Detected object count: 0
22:20:25.0999 2936 Actual detected object count: 0

"""""""""""""""""""""""""""""""""""""""""""""""""""
And the aswMBR log:

****************************************************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 22:21:54
-----------------------------
22:21:54.486 OS Version: Windows 5.1.2600 Service Pack 3
22:21:54.486 Number of processors: 1 586 0xD06
22:21:54.486 ComputerName: T6 UserName:
22:21:54.987 Initialize success
22:21:55.107 AVAST engine defs: 12041800
22:22:09.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:22:09.958 Disk 0 Vendor: HTS541040G9AT00 MB2OA60A Size: 38154MB BusType: 3
22:22:09.988 Disk 0 MBR read successfully
22:22:09.988 Disk 0 MBR scan
22:22:10.008 Disk 0 Windows XP default MBR code
22:22:10.029 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29001 MB offset 2048
22:22:10.069 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9152 MB offset 59396096
22:22:10.079 Disk 0 scanning sectors +78139392
22:22:10.179 Disk 0 scanning C:\WINDOWS\system32\drivers
22:22:23.458 Service scanning
22:22:39.451 Modules scanning
22:22:45.179 Disk 0 trace - called modules:
22:22:45.209 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:22:45.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89539ab8]
22:22:45.219 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000072[0x8953b1c0]
22:22:45.219 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8958b940]
22:22:45.620 AVAST engine scan C:\WINDOWS
22:23:04.357 AVAST engine scan C:\WINDOWS\system32
22:25:16.677 AVAST engine scan C:\WINDOWS\system32\drivers
22:25:30.427 AVAST engine scan C:\Documents and Settings\USER
22:26:08.682 AVAST engine scan C:\Documents and Settings\All Users
22:26:33.367 Scan finished successfully
22:36:35.964 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\My Documents\ƒ_ƒEƒ“ƒ[ƒh\MBR.dat"
22:36:35.974 The log file has been saved successfully to "C:\Documents and Settings\USER\My Documents\ƒ_ƒEƒ“ƒ[ƒh\aswMBR.txt"

**********************************************

I haven't tried to access the internet with this PC since running these programs. I noticed no booting or speed issues, however. No reboot was necessary for aswMBR.

- hato

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 19 April 2012 - 09:03 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hato

hato
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 19 April 2012 - 09:06 AM

Hello again,

Just to update, there is a menu selection that appears now, or maybe I just wasn't aware of it before, between the BIOS and the first XP screen. It has three choices:

Microsoft Windows Recover Console
do not select this [debugger enabled]
Microsoft Windows XP Professional

where the latter is default and autoselects in 2 or 3 seconds. I haven't noticed it before, but I'll check tomorrow to see if it shows up on a similar model.

- hato

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 19 April 2012 - 09:08 AM

hello

yes that was added by combofix and it is a safety net in case something goes wrong in the future


see my post above


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hato

hato
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 April 2012 - 06:34 AM

Hello,

I think I ran the script right. Here is the output log:
**************************************************
ComboFix 12-04-17.01 - USER 2012/04/21 20:05:02.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1041.18.1263.796 [GMT 9:00]
Running from: c:\documents and settings\USER\My Documents\ƒ_ƒEƒ“ƒ[ƒh\aComboFix.exe
Command switches used :: c:\documents and settings\USER\My Documents\ƒ_ƒEƒ“ƒ[ƒh\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-01 09:48 . 2012-04-16 13:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 08:38 . 2012-04-01 08:38 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes
2012-04-01 08:38 . 2012-04-01 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-01 08:38 . 2012-04-01 08:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 08:38 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 13:35 . 2011-06-14 02:24 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2012-01-09 09:04 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-01-09 09:04 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-01-09 09:05 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-01-09 09:05 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-01-09 09:05 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2012-01-09 09:05 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-01-09 09:05 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2012-01-09 09:05 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2012-01-09 09:05 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2012-01-09 09:05 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-02 12:11 . 2011-04-16 04:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-02 12:11 . 2011-04-16 04:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-02 12:08 . 2012-03-02 12:09 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2012-03-02 12:08 . 2012-03-02 12:09 125424 ------w- c:\windows\system32\pxinsi64.exe
2012-03-02 12:08 . 2012-03-02 12:09 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-03-01 11:00 . 2004-08-11 08:25 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-11 08:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-08-11 08:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2004-08-11 08:25 177152 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-08-11 08:24 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-24 11:24 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57 . 2004-08-11 08:24 1859712 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-18_11.09.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-21 11:00 . 2012-04-21 11:00 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"NECMFK"="c:\program files\necmfk\necmfk.exe" [2004-06-04 63488]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-28 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2003-07-14 118840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-08-24 135168]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ IMJP9.IME
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ƒXƒ^[ƒg ƒƒjƒ…[^ƒvƒƒOƒ‰ƒ€^ƒXƒ^[ƒgƒAƒbƒv^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\ƒXƒ^[ƒg ƒƒjƒ…[\ƒvƒƒOƒ‰ƒ€\ƒXƒ^[ƒgƒAƒbƒv\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^USER^ƒXƒ^[ƒg ƒƒjƒ…[^ƒvƒƒOƒ‰ƒ€^ƒXƒ^[ƒgƒAƒbƒv^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\USER\ƒXƒ^[ƒg ƒƒjƒ…[\ƒvƒƒOƒ‰ƒ€\ƒXƒ^[ƒgƒAƒbƒv\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-08-24 15:17 135168 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-11-29 16:08 102400 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 08:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit]
2004-03-18 07:47 151552 ----a-w- c:\program files\RMClient\JobHisInit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp]
2000-11-03 19:09 40960 ----a-w- c:\program files\RMClient\MplSetUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:26 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 05:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012/01/09 18:05 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012/01/09 18:05 337880]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [2005/02/21 17:10 18560]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [2005/02/21 17:10 5376]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012/01/09 18:05 20696]
R2 ReadSctService;ReadSector;c:\smdata\READSCTSERVICE.EXE [2005/02/21 17:11 49152]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [2005/02/21 17:10 8448]
S2 gupdate;Google ƒAƒbƒvƒf[ƒg ƒT[ƒrƒX (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011/04/14 19:18 136176]
S2 NT Meter;NT Meter;c:\windows\system32\NTMETER.EXE [2005/02/21 17:11 65536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012/04/01 18:48 253088]
S3 gupdatem;Google Update ƒT[ƒrƒX (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011/04/14 19:18 136176]
S3 SonicStage Back-End Service2;SonicStage Back-End Service2;c:\program files\Common Files\Sony Shared\AVLib\SsBeService2.exe [2011/11/23 9:47 126008]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:35]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 10:18]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.jp/
IE: Easy-WebPrint ƒvƒŒƒrƒ…[ - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint ˆ - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint ˆƒŠƒXƒg‚’‰ - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint ‚‘ˆ - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Google ƒTƒCƒhƒEƒBƒL... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Microsoft Excel ‚ƒGƒNƒXƒ|[ƒg(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-21 20:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-21-4042313093-3997665026-3570326278-1004\AppEvents\Schemes\Apps\Conf\*E^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*0E0E0E0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*0E0E0E0\CurVer]
@="BDATuner.ƒRƒ“ƒ|[ƒlƒ“ƒg.1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\0E0E00EEn0000000 *0EE0]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="‚‚ƒo[ƒWƒ‡ƒ“‚ Windows ‚ƒAƒ“ƒCƒ“ƒXƒg[ƒ‹‚‚‘O‚ƒIƒyƒŒ[ƒeƒBƒ“ƒO ƒVƒXƒeƒ€‚–‚‡‚́A‚‚‚‚ƒtƒ@ƒCƒ‹‚•K—v‚‚B"
"Display"="‘O‚ƒIƒyƒŒ[ƒeƒBƒ“ƒO ƒVƒXƒeƒ€‚ƒoƒbƒNƒAƒbƒv ƒtƒ@ƒCƒ‹"
"IconPath"=expand:"%SystemRoot%\\system32\\osuninst.EXE,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( K A T A Y A M A - S R V 0 1
N) \DsDriver]
"printBinNames"=multi:"Ž“ڲ‘I‘\00ڲ1\00ڲ2\00ڲ3\00ڲ4\00Ž荷‚ڲ\00\00"
"printCollate"=hex:01
"printColor"=hex:01
"printDuplexSupported"=hex:01
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000bea
"printMaxYExtent"=dword:000011dc
"printMinXExtent"=dword:000003e8
"printMinYExtent"=dword:00000575
"printMediaSupported"=multi:"12\" x 18\"\00A3 ( 297 x 420 mm )\00A4 ( 210 x 297 mm )\00A5 ( 148 x 210 mm )\00A6 ( 105 x 148 mm )\00Šʶ޷ ( 100 x 148 mm )\00B4 ( 257 x 364 mm )\00B5 ( 182 x 257 mm )\00B6 ( 128 x 182 mm )\00Letter (8 1/2\" x 11\")\00Legal (8 1/2\" x 14\")\005 1/2\" x 8 1/2\"\0011\" x 17\"\00•s’Œ`...\00•s’Œ`1(210.0 x 297.0mm)\00•s’Œ`2(210.0 x 297.0mm)\00•s’Œ`3(210.0 x 297.0mm)\00•s’Œ`4(210.0 x 297.0mm)\00•s’Œ`5(210.0 x 297.0mm)\00•s’Œ`6(210.0 x 297.0mm)\00•s’Œ`7(210.0 x 297.0mm)\00•s’Œ`8(210.0 x 297.0mm)\00•s’Œ`9(210.0 x 297.0mm)\00•s’Œ`10(210.0 x 297.0mm)\00\00"
"printMediaReady"=multi:"\00"
"printNumberUp"=dword:00000000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:00000258
"printLanguage"=multi:"RPCS\00\00"
"printRate"=dword:0000003c
"printRateUnit"="PagesPerMinute"
"printPagesPerMinute"=dword:0000003c
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( K A T A Y A M A - S R V 0 1
N) \DsSpooler]
"description"=""
"driverName"="RICOH imagio Neo C600 RPCS"
"location"=""
"portName"=multi:"\\\\KATAYAMA-SRV01\\RICOH NeoC600\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="Ž“ RICOH imagio Neo C600 RPCS (KATAYAMA-SRV01 )"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\T6\\Ž“ RICOH imagio Neo C600 RPCS (KATAYAMA-SRV01 )"
"versionNumber"=dword:00000004
"serverName"="T6"
"shortServerName"="T6"
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( K A T A Y A M A - S R V 0 1
N) \PrinterDriverData]
"HelpFileName"="RC8DD1jp.HLP"
"RPCSPrinterName"="Ž“ RICOH imagio Neo C600 RPCS (KATAYAMA-SRV01 )"
"DriverName"="RICOH imagio Neo C600 RPCS"
"DefFontTableNum"=hex:0a,00
"TTFontDefTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,
00,77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,
20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"JCPrinterID"="20110607140749983"
"BatchInstallDone"=hex:01,00,00,00
"Tray1"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray2"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray3"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray4"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray5"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray6"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray7"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray8"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray9"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ServerUse"=hex:00
"UserCodeUse"=hex:00
"RAM"=hex:80,01,00,00
"RAMType"=hex:01
"Duplex"=hex:01,00,00,00
"LCT1"=hex:00,00,00,00
"ManualTray"=hex:01,00,00,00
"OutSideTray"=hex:01,00,00,00
"MailBox1"=hex:00,00,00,00
"ShiftTray"=hex:00,00,00,00
"HDD"=hex:01,00,00,00
"FinMF"=hex:00,00,00,00
"Fin50"=hex:00,00,00,00
"Fin100"=hex:00,00,00,00
"CVRFeeder"=hex:00,00,00,00
"FinMFNA23"=hex:00,00,00,00
"FinMFEU24"=hex:00,00,00,00
"FinMFNE4"=hex:00,00,00,00
"FinMFNoPunch"=hex:00,00,00,00
"Fin50NA23"=hex:00,00,00,00
"Fin50EU24"=hex:00,00,00,00
"Fin50NE4"=hex:00,00,00,00
"Fin50NoPunch"=hex:00,00,00,00
"Fin100NA23"=hex:00,00,00,00
"Fin100EU24"=hex:00,00,00,00
"Fin100NE4"=hex:00,00,00,00
"Fin100NoPunch"=hex:00,00,00,00
"FinZaire"=hex:00,00,00,00
"1StepNum"=hex:03,00,00,00
"Tray1Field"=hex:00,00,00,00
"Tray2Field"=hex:00,00,00,00
"Tray3Field"=hex:00,00,00,00
"Tray4Field"=hex:00,00,00,00
"LCT1Field"=hex:00,00,00,00
"ManualTrayField"=hex:00,00,00,00
"CVRField"=hex:00,00,00,00
"Tray1Orient"=hex:01,00,00,00
"Tray2Orient"=hex:01,00,00,00
"Tray3Orient"=hex:01,00,00,00
"Tray4Orient"=hex:01,00,00,00
"LCT1Orient"=hex:01,00,00,00
"ManualTrayOrient"=hex:01,00,00,00
"CVROrient"=hex:01,00,00,00
"Tray1Paper"=hex:00,00
"Tray2Paper"=hex:00,00
"Tray3Paper"=hex:00,00
"Tray4Paper"=hex:00,00
"LCT1Paper"=hex:00,00
"ManualTrayPaper"=hex:00,00
"CVRPaper"=hex:00,00
"Tray1Media"=hex:01,00
"Tray2Media"=hex:01,00
"Tray3Media"=hex:01,00
"Tray4Media"=hex:01,00
"LCT1Media"=hex:01,00
"ManualTrayMedia"=hex:01,00
"CVRMedia"=hex:01,00
"Tray1Lock"=hex:00,00,00,00
"Tray2Lock"=hex:00,00,00,00
"Tray3Lock"=hex:00,00,00,00
"Tray4Lock"=hex:00,00,00,00
"Tray7Lock"=hex:00,00,00,00
"LCT1Lock"=hex:00,00,00,00
"ManualTrayLock"=hex:01,00,00,00
"CVRLock"=hex:01,00,00,00
"DllUserCode"=hex:00,00,00,00,00,00,00,00,00
"Other"=hex:65,37,30,33,62,39,30,32,30,37,64,30,31,34,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00
"Logging"=dword:00000001
"CoverTray"=hex:01,00
"MarkTray"=hex:01,00
"ChapterTray1"=hex:01,00
"ChapterTray2"=hex:01,00
"ChapterTray3"=hex:01,00
"ReverseCoverTray"=hex:01,00
"FoldingUnit"=hex:00,00,00,00
"AuthenticationMode"=hex:00,00,00,00
"AuthenticationSecureMode"=hex:00,00,00,00
"DeviceFontNum"=hex:0f,00
"DeviceFont"=hex:ff,ff,00,00,01,90,e1,4f,62,5f,0f,5f,d3,30,c3,30,c8,30,de,30,
c3,30,d7,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"FontTableNum"=hex:0a,00
"TTFontTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,00,
77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,00,
52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"LastFontTableNum"=hex:0a,00
"SPLUserModePrinterDriver"="RC8DC123.DLL"
"DriverIniFileName"="RC8DD170.ini"
"DriverGRFileName"="RC8DD100.DLL"
"DriverEDFileName"="RC8DC120.dll"
"BidiFlag"=hex:00,00,00,00
"BidiExFlag"=hex:00,00,00,00
"BidiFunc"=hex:00
"LogFileName"="RC8DD100.log"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( T 3
N) \DsDriver]
"printBinNames"=multi:"Ž“ڲ‘I‘\00ڲ1\00ڲ2\00ڲ3\00ڲ4\00Ž荷‚ڲ\00\00"
"printCollate"=hex:01
"printColor"=hex:01
"printDuplexSupported"=hex:01
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000bea
"printMaxYExtent"=dword:000011dc
"printMinXExtent"=dword:000003e8
"printMinYExtent"=dword:00000575
"printMediaSupported"=multi:"12\" x 18\"\00A3 ( 297 x 420 mm )\00A4 ( 210 x 297 mm )\00A5 ( 148 x 210 mm )\00A6 ( 105 x 148 mm )\00Šʶ޷ ( 100 x 148 mm )\00B4 ( 257 x 364 mm )\00B5 ( 182 x 257 mm )\00B6 ( 128 x 182 mm )\00Letter (8 1/2\" x 11\")\00Legal (8 1/2\" x 14\")\005 1/2\" x 8 1/2\"\0011\" x 17\"\00•s’Œ`...\00•s’Œ`1(210.0 x 297.0mm)\00•s’Œ`2(210.0 x 297.0mm)\00•s’Œ`3(210.0 x 297.0mm)\00•s’Œ`4(210.0 x 297.0mm)\00•s’Œ`5(210.0 x 297.0mm)\00•s’Œ`6(210.0 x 297.0mm)\00•s’Œ`7(210.0 x 297.0mm)\00•s’Œ`8(210.0 x 297.0mm)\00•s’Œ`9(210.0 x 297.0mm)\00•s’Œ`10(210.0 x 297.0mm)\00\00"
"printMediaReady"=multi:"\00"
"printNumberUp"=dword:00000000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:00000258
"printLanguage"=multi:"RPCS\00\00"
"printRate"=dword:0000003c
"printRateUnit"="PagesPerMinute"
"printPagesPerMinute"=dword:0000003c
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( T 3
N) \DsSpooler]
"description"=""
"driverName"="RICOH imagio Neo C600 RPCS"
"location"=""
"portName"=multi:"\\\\T3\\ƒvƒŠƒ“ƒ^\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="Ž“ RICOH imagio Neo C600 RPCS (T3 )"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\T6\\Ž“ RICOH imagio Neo C600 RPCS (T3 )"
"versionNumber"=dword:00000004
"serverName"="T6"
"shortServerName"="T6"
"flags"=dword:00000000
"url"="http://T6/"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H i m a g i o N e o C 6 0 0 R P C S ( T 3
N) \PrinterDriverData]
"HelpFileName"="RC8DD1jp.HLP"
"RPCSPrinterName"="Ž“ RICOH imagio Neo C600 RPCS (T3 )"
"DriverName"="RICOH imagio Neo C600 RPCS"
"DefFontTableNum"=hex:0a,00
"TTFontDefTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,
00,77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,
20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"JCPrinterID"="20060412165558480"
"BatchInstallDone"=hex:01,00,00,00
"Tray1"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray2"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray3"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray4"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray5"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray6"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray7"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray8"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray9"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ServerUse"=hex:00
"UserCodeUse"=hex:00
"RAM"=hex:80,01,00,00
"RAMType"=hex:01
"Duplex"=hex:01,00,00,00
"LCT1"=hex:00,00,00,00
"ManualTray"=hex:01,00,00,00
"OutSideTray"=hex:01,00,00,00
"MailBox1"=hex:00,00,00,00
"ShiftTray"=hex:00,00,00,00
"HDD"=hex:01,00,00,00
"FinMF"=hex:00,00,00,00
"Fin50"=hex:00,00,00,00
"Fin100"=hex:00,00,00,00
"CVRFeeder"=hex:00,00,00,00
"FinMFNA23"=hex:00,00,00,00
"FinMFEU24"=hex:00,00,00,00
"FinMFNE4"=hex:00,00,00,00
"FinMFNoPunch"=hex:00,00,00,00
"Fin50NA23"=hex:00,00,00,00
"Fin50EU24"=hex:00,00,00,00
"Fin50NE4"=hex:00,00,00,00
"Fin50NoPunch"=hex:00,00,00,00
"Fin100NA23"=hex:00,00,00,00
"Fin100EU24"=hex:00,00,00,00
"Fin100NE4"=hex:00,00,00,00
"Fin100NoPunch"=hex:00,00,00,00
"FinZaire"=hex:00,00,00,00
"1StepNum"=hex:03,00,00,00
"Tray1Field"=hex:00,00,00,00
"Tray2Field"=hex:00,00,00,00
"Tray3Field"=hex:00,00,00,00
"Tray4Field"=hex:00,00,00,00
"LCT1Field"=hex:00,00,00,00
"ManualTrayField"=hex:00,00,00,00
"CVRField"=hex:00,00,00,00
"Tray1Orient"=hex:01,00,00,00
"Tray2Orient"=hex:01,00,00,00
"Tray3Orient"=hex:01,00,00,00
"Tray4Orient"=hex:01,00,00,00
"LCT1Orient"=hex:01,00,00,00
"ManualTrayOrient"=hex:01,00,00,00
"CVROrient"=hex:01,00,00,00
"Tray1Paper"=hex:00,00
"Tray2Paper"=hex:00,00
"Tray3Paper"=hex:00,00
"Tray4Paper"=hex:00,00
"LCT1Paper"=hex:00,00
"ManualTrayPaper"=hex:00,00
"CVRPaper"=hex:00,00
"Tray1Media"=hex:01,00
"Tray2Media"=hex:01,00
"Tray3Media"=hex:01,00
"Tray4Media"=hex:01,00
"LCT1Media"=hex:01,00
"ManualTrayMedia"=hex:01,00
"CVRMedia"=hex:01,00
"Tray1Lock"=hex:00,00,00,00
"Tray2Lock"=hex:00,00,00,00
"Tray3Lock"=hex:00,00,00,00
"Tray4Lock"=hex:00,00,00,00
"Tray7Lock"=hex:00,00,00,00
"LCT1Lock"=hex:00,00,00,00
"ManualTrayLock"=hex:01,00,00,00
"CVRLock"=hex:01,00,00,00
"DllUserCode"=hex:00,00,00,00,00,00,00,00,00
"Other"=hex:65,37,30,33,62,39,30,32,30,37,64,30,31,34,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00
"Logging"=dword:00000001
"CoverTray"=hex:01,00
"MarkTray"=hex:01,00
"ChapterTray1"=hex:01,00
"ChapterTray2"=hex:01,00
"ChapterTray3"=hex:01,00
"ReverseCoverTray"=hex:01,00
"FoldingUnit"=hex:00,00,00,00
"AuthenticationMode"=hex:00,00,00,00
"AuthenticationSecureMode"=hex:00,00,00,00
"DeviceFontNum"=hex:0f,00
"DeviceFont"=hex:ff,ff,00,00,01,90,e1,4f,62,5f,0f,5f,d3,30,c3,30,c8,30,de,30,
c3,30,d7,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"FontTableNum"=hex:0a,00
"TTFontTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,00,
77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,00,
52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"LastFontTableNum"=hex:0a,00
"SPLUserModePrinterDriver"="RC8DC123.DLL"
"DriverIniFileName"="RC8DD170.ini"
"DriverGRFileName"="RC8DD100.DLL"
"DriverEDFileName"="RC8DC120.dll"
"BidiFlag"=hex:00,00,00,00
"BidiExFlag"=hex:00,00,00,00
"BidiFunc"=hex:00
"LogFileName"="RC8DD100.log"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H N e o C 6 0 0 ( T 0 6 5
N) \DsDriver]
"printBinNames"=multi:"Ž“ڲ‘I‘\00ڲ1\00ڲ2\00ڲ3\00ڲ4\00Ž荷‚ڲ\00\00"
"printCollate"=hex:01
"printColor"=hex:01
"printDuplexSupported"=hex:01
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000bea
"printMaxYExtent"=dword:000011dc
"printMinXExtent"=dword:000003e8
"printMinYExtent"=dword:00000575
"printMediaSupported"=multi:"12\" x 18\"\00A3 ( 297 x 420 mm )\00A4 ( 210 x 297 mm )\00A5 ( 148 x 210 mm )\00A6 ( 105 x 148 mm )\00Šʶ޷ ( 100 x 148 mm )\00B4 ( 257 x 364 mm )\00B5 ( 182 x 257 mm )\00B6 ( 128 x 182 mm )\00Letter (8 1/2\" x 11\")\00Legal (8 1/2\" x 14\")\005 1/2\" x 8 1/2\"\0011\" x 17\"\00•s’Œ`...\00•s’Œ`1(210.0 x 297.0mm)\00•s’Œ`2(210.0 x 297.0mm)\00•s’Œ`3(210.0 x 297.0mm)\00•s’Œ`4(210.0 x 297.0mm)\00•s’Œ`5(210.0 x 297.0mm)\00•s’Œ`6(210.0 x 297.0mm)\00•s’Œ`7(210.0 x 297.0mm)\00•s’Œ`8(210.0 x 297.0mm)\00•s’Œ`9(210.0 x 297.0mm)\00•s’Œ`10(210.0 x 297.0mm)\00\00"
"printMediaReady"=multi:"\00"
"printNumberUp"=dword:00000000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:00000258
"printLanguage"=multi:"RPCS\00\00"
"printRate"=dword:0000003c
"printRateUnit"="PagesPerMinute"
"printPagesPerMinute"=dword:0000003c
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H N e o C 6 0 0 ( T 0 6 5
N) \DsSpooler]
"description"=""
"driverName"="RICOH imagio Neo C600 RPCS"
"location"=""
"portName"=multi:"\\\\T065\\ƒvƒŠƒ“ƒ^\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="Ž“ RICOH Neo C600 (T065 )"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\T6\\Ž“ RICOH Neo C600 (T065 )"
"versionNumber"=dword:00000004
"serverName"="T6"
"shortServerName"="T6"
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\R R I C O H N e o C 6 0 0 ( T 0 6 5
N) \PrinterDriverData]
"HelpFileName"="RC8DD1jp.HLP"
"RPCSPrinterName"="Ž“ RICOH Neo C600 (T065 )"
"DriverName"="RICOH imagio Neo C600 RPCS"
"DefFontTableNum"=hex:0a,00
"TTFontDefTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,
00,77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,
20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontDefTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"JCPrinterID"="20110607140716845"
"BatchInstallDone"=hex:01,00,00,00
"Tray1"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray2"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray3"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray4"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray5"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray6"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray7"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray8"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Tray9"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ServerUse"=hex:00
"UserCodeUse"=hex:00
"RAM"=hex:80,01,00,00
"RAMType"=hex:01
"Duplex"=hex:01,00,00,00
"LCT1"=hex:00,00,00,00
"ManualTray"=hex:01,00,00,00
"OutSideTray"=hex:01,00,00,00
"MailBox1"=hex:00,00,00,00
"ShiftTray"=hex:00,00,00,00
"HDD"=hex:01,00,00,00
"FinMF"=hex:00,00,00,00
"Fin50"=hex:00,00,00,00
"Fin100"=hex:00,00,00,00
"CVRFeeder"=hex:00,00,00,00
"FinMFNA23"=hex:00,00,00,00
"FinMFEU24"=hex:00,00,00,00
"FinMFNE4"=hex:00,00,00,00
"FinMFNoPunch"=hex:00,00,00,00
"Fin50NA23"=hex:00,00,00,00
"Fin50EU24"=hex:00,00,00,00
"Fin50NE4"=hex:00,00,00,00
"Fin50NoPunch"=hex:00,00,00,00
"Fin100NA23"=hex:00,00,00,00
"Fin100EU24"=hex:00,00,00,00
"Fin100NE4"=hex:00,00,00,00
"Fin100NoPunch"=hex:00,00,00,00
"FinZaire"=hex:00,00,00,00
"1StepNum"=hex:03,00,00,00
"Tray1Field"=hex:00,00,00,00
"Tray2Field"=hex:00,00,00,00
"Tray3Field"=hex:00,00,00,00
"Tray4Field"=hex:00,00,00,00
"LCT1Field"=hex:00,00,00,00
"ManualTrayField"=hex:00,00,00,00
"CVRField"=hex:00,00,00,00
"Tray1Orient"=hex:01,00,00,00
"Tray2Orient"=hex:01,00,00,00
"Tray3Orient"=hex:01,00,00,00
"Tray4Orient"=hex:01,00,00,00
"LCT1Orient"=hex:01,00,00,00
"ManualTrayOrient"=hex:01,00,00,00
"CVROrient"=hex:01,00,00,00
"Tray1Paper"=hex:00,00
"Tray2Paper"=hex:00,00
"Tray3Paper"=hex:00,00
"Tray4Paper"=hex:00,00
"LCT1Paper"=hex:00,00
"ManualTrayPaper"=hex:00,00
"CVRPaper"=hex:00,00
"Tray1Media"=hex:01,00
"Tray2Media"=hex:01,00
"Tray3Media"=hex:01,00
"Tray4Media"=hex:01,00
"LCT1Media"=hex:01,00
"ManualTrayMedia"=hex:01,00
"CVRMedia"=hex:01,00
"Tray1Lock"=hex:00,00,00,00
"Tray2Lock"=hex:00,00,00,00
"Tray3Lock"=hex:00,00,00,00
"Tray4Lock"=hex:00,00,00,00
"Tray7Lock"=hex:00,00,00,00
"LCT1Lock"=hex:00,00,00,00
"ManualTrayLock"=hex:01,00,00,00
"CVRLock"=hex:01,00,00,00
"DllUserCode"=hex:00,00,00,00,00,00,00,00,00
"Other"=hex:65,37,30,33,62,39,30,32,30,37,64,30,31,34,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00
"Logging"=dword:00000001
"CoverTray"=hex:01,00
"MarkTray"=hex:01,00
"ChapterTray1"=hex:01,00
"ChapterTray2"=hex:01,00
"ChapterTray3"=hex:01,00
"ReverseCoverTray"=hex:01,00
"FoldingUnit"=hex:00,00,00,00
"AuthenticationMode"=hex:00,00,00,00
"AuthenticationSecureMode"=hex:00,00,00,00
"DeviceFontNum"=hex:0f,00
"DeviceFont"=hex:ff,ff,00,00,01,90,e1,4f,62,5f,0f,5f,d3,30,c3,30,c8,30,de,30,
c3,30,d7,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"FontTableNum"=hex:0a,00
"TTFontTable1"=hex:2d,ff,33,ff,20,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable1"=hex:0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable2"=hex:2d,ff,33,ff,20,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable2"=hex:b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable3"=hex:2d,ff,33,ff,20,00,30,ff,0e,66,1d,67,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable3"=hex:50,00,0e,66,1d,67,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable4"=hex:2d,ff,33,ff,20,00,30,ff,b4,30,b7,30,c3,30,af,30,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable4"=hex:50,00,b4,30,b7,30,c3,30,af,30,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable5"=hex:41,00,72,00,69,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,20,00,4e,00,65,00,
77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable6"=hex:43,00,6f,00,75,00,72,00,69,00,65,00,72,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,00,
52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable7"=hex:54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,65,00,77,00,20,
00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable8"=hex:53,00,79,00,6d,00,62,00,6f,00,6c,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable9"=hex:57,00,69,00,6e,00,67,00,64,00,69,00,6e,00,67,00,73,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"TTFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DevFontTable10"=hex:43,00,65,00,6e,00,74,00,75,00,72,00,79,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"LastFontTableNum"=hex:0a,00
"SPLUserModePrinterDriver"="RC8DC123.DLL"
"DriverIniFileName"="RC8DD170.ini"
"DriverGRFileName"="RC8DD100.DLL"
"DriverEDFileName"="RC8DC120.dll"
"BidiFlag"=hex:00,00,00,00
"BidiExFlag"=hex:00,00,00,00
"BidiFunc"=hex:00
"LogFileName"="RC8DD100.log"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\IMJP9.IME
c:\windows\system32\imjp9k.dll
.
- - - - - - - > 'explorer.exe'(884)
c:\windows\system32\IMJP9.IME
c:\windows\system32\imjp9k.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-21 20:16:49
ComboFix-quarantined-files.txt 2012-04-21 11:16
ComboFix2.txt 2012-04-18 11:11
.
Pre-Run: 18,545,053,696 ƒoƒCƒg‚‹‚—ˆ
Post-Run: 18,532,982,784 ƒoƒCƒg‚‹‚—ˆ
.
- - End Of File - - FD303B889BB6CF87EBFBC6D38F88C5D4

***********************************************************

I'll post again to see if it works ok, wanted to get the log up first.

#10 hato

hato
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 April 2012 - 06:52 AM

Hello,

Well, PC starts fine and internet speed is okay, however a search from the toolbar now returns results that differ from when accessing google directly, again. Sorry. This time the search was for "computer parts."

Had no problems running the script. The CFScript file disappeared, though.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 21 April 2012 - 07:18 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 hato

hato
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 April 2012 - 08:47 AM

Hello,

Downloaded and ran OTL. Here is the file.
****************************************************
OTL logfile created on: 2012/04/21 22:02:28 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\USER\My Documents\ダウンロード
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

1.23 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 72.78% Memory free
1.45 Gb Paging File | 1.26 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.32 Gb Total Space | 17.22 Gb Free Space | 60.81% Space Free | Partition Type: NTFS
Drive D: | 8.94 Gb Total Space | 8.85 Gb Free Space | 99.05% Space Free | Partition Type: NTFS

Computer Name: T6 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\USER\My Documents\ダウンロード\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Java\jre1.6.0_31\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\SMDATA\READSCTSERVICE.EXE ()
PRC - C:\Program Files\NECMFK\necmfk.exe (NEC)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\NTMETER.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12042100\algo.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.JPN ()
MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()
MOD - C:\SMDATA\READSCTSERVICE.EXE ()
MOD - C:\SMDATA\RSWXP.DLL ()
MOD - C:\WINDOWS\system32\NTMETER.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre1.6.0_31\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SonicStage Back-End Service2) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe (Sony Corporation)
SRV - (ReadSctService) -- C:\SMDATA\READSCTSERVICE.EXE ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (NT Meter) -- C:\WINDOWS\system32\NTMETER.EXE ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (MFKGTKEY) -- C:\WINDOWS\system32\drivers\mfkgtkey.sys (NEC Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Ps2Led) -- C:\WINDOWS\system32\drivers\Ps2Led.sys (NEC Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)
DRV - (Ps2LedIF) -- C:\WINDOWS\system32\drivers\Ps2LedIF.sys (NEC Corporation)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.jp/
IE - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\..\SearchScopes,DefaultScope = {B45DD61D-0D4D-47D6-8405-F3132B93581F}
IE - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_ja&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\..\SearchScopes\{B45DD61D-0D4D-47D6-8405-F3132B93581F}: "URL" = http://www.google.co.jp/search?hl=ja&q={searchTerms}&lr=lang_ja
IE - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_31\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_31\lib\deploy\jqs\ff [2012/03/02 21:11:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/18 20:09:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_31\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_31\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_31\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NECMFK] C:\Program Files\NECMFK\necmfk.exe (NEC)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4042313093-3997665026-3570326278-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint プレビュー - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint 印刷 - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint 印刷リストに追加 - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint 高速印刷 - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.12.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F96D13F3-E9E6-47CF-85DB-E01D90DB906F}: DhcpNameServer = 192.168.12.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (現在のホーム ページ) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:44:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 20:01:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/18 19:59:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/18 19:59:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/18 19:59:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/18 19:59:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/18 19:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/18 19:59:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 18:48:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/01 17:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes
[2012/04/01 17:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\Malwarebytes' Anti-Malware
[2012/04/01 17:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/01 17:38:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/01 17:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/21 22:01:11 | 000,000,674 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/21 21:59:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/21 21:59:38 | 000,000,670 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 21:59:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/21 21:59:24 | 1324,404,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 22:35:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/18 20:09:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/18 20:01:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/16 22:35:28 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/16 22:35:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/12 23:52:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 23:26:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\USER\defogger_reenable
[2012/04/12 23:19:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 20:01:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/18 20:01:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/18 19:59:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/18 19:59:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/18 19:59:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/18 19:59:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/18 19:59:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/12 23:26:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\defogger_reenable
[2012/04/01 18:48:04 | 000,000,626 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/13 08:59:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2012/03/13 08:56:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat
[2012/03/02 22:03:48 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2012/03/02 22:03:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/02 20:49:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/06 07:40:27 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011/06/08 19:20:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/31 18:32:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/06 09:43:12 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini

< End of report >
**********************************************
The Extras.txt is on hand too. Avast shut it down the first time, so I disabled avast.
Thanks - hato

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 21 April 2012 - 09:15 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O8 - Extra context menu item: Google ??????... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/08/06 07:40:27 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 hato

hato
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 21 April 2012 - 11:02 PM

Hello,

I think I did it right, but I don't remember the "OK" button in the process. Anyway, here are the results.
********************************************************
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google ??????...\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\system32\_psisdecd.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\USER\My Documents\ダウンロード\cmd.bat deleted successfully.
C:\Documents and Settings\USER\My Documents\ダウンロード\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: USER
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: USER
->Flash cache emptied: 1760 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.40.0 log created on 04222012_124403
***********************************************

Still get different search results.

- hato

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 23 April 2012 - 02:19 AM

Hello

I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo

Edited by gringo_pr, 23 April 2012 - 02:21 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users