Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91861 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Cyberlog.x and PSW.x-VIr


  • This topic is locked This topic is locked
24 replies to this topic

#1 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 18 April 2008 - 07:59 AM

my laptop just got infected with both of these yesterday. There are two new false icons in my taskbar (a blinking yellow triangle with an exclamation mark and a blue shield that blinks red with a white X in it. both keep saying "system alert: spyware found" and "Your computer is infected with the last version of PSW.x-Vir trojan." This is the virusburst trojan. I am getting popups linknig me to bogus antivirus softwares. I tried running McAfee and AdAware but neither removed the problem. I am running Windows XP. What do i need to do to get rid of this?

    Advertisements

Register to Remove


#2 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 18 April 2008 - 03:07 PM

Hello chaos and welcome to the What the Tech Forums

My name is Trevuren and I will be helping you with your problem.


Download HijackThis from Here .
  • Choose the default location of C:\Program Files\Trend Micro\HijackThis as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Click the Install button.
  • Accept the license agreement .
  • The progam will place a shortcut on your desktop. This will make it easier for you to access the tool when required.
  • Click Do a system scan and save a log file. A Notepad file will open.
  • To post the text, first you must highlight the entire text and then press the (Ctrl+C) keys which copies it to your clipboard.
  • Now paste the log into this thread using the (Ctrl + V) buttons.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#3 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 18 April 2008 - 05:24 PM

I downloaded the file from that link and when i clicked Install, it closed. I never got a choice to accept the license agreement. I tried restarting and installing it again and it still didn't install.

#4 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 18 April 2008 - 05:58 PM

That could very well be the infection. Many of them now try to close our tools. Please try the following:

Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What DSS will do:

  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.

Post Logs:
  • DSS Scan Results: contents of 1) Main.txt and 2) Extra.txt

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#5 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 18 April 2008 - 07:19 PM

I appreciate the help. Here are the logs:

MAIN:

Deckard's System Scanner v20071014.68
Run by gkdv on 2008-04-18 20:07:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2008-04-19 00:07:07 UTC - RP256 - Deckard's System Scanner Restore Point
61: 2008-04-18 23:27:47 UTC - RP255 - Removed Ad-Aware 2007
60: 2008-04-18 00:14:25 UTC - RP254 - Installed Ad-Aware 2007
59: 2008-04-17 22:49:14 UTC - RP253 - Software Distribution Service 3.0
58: 2008-04-16 13:39:45 UTC - RP252 - System Checkpoint


-- First Restore Point --
1: 2008-01-17 22:28:20 UTC - RP195 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-18 20:10:20
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Novell\xtagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Novell\ZENworks\WM.EXE
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\gvkudav\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/r...nclient/vec.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=198.163.152.229:3124
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [1] regedit /s \\maxwell\s_ecs\ECS\FixAutoCAD.reg
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Fix AutoCAD.lnk = C:\ECS\FixAutoCAD.reg
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C:\Program Files\Autodesk\Inventor Professional 10\Bin\HSPCLPRO10.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CADopia License Manager - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Flexlm (lmgrd) - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - C:\Program Files\COSMOS Applications\FloWorks\bin\StandAloneSlv.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\system32\Novell\xtagent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\WM.EXE


--
End of file - 8756 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 BlankScr (HBDevice) - c:\windows\system32\drivers\blankscr.sys <Not Verified; Novell Inc.; ZENworks Remote Management>
R3 Darpan - c:\windows\system32\drivers\darpan.sys <Not Verified; Novell, Inc.; ZENworks Remote Management>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; McAfee, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 NALNTSERVICE (Novell Application Launcher) - c:\program files\novell\zenworks\nalntsrv.exe <Not Verified; Novell, Inc.; >
R2 NNServ - "c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart <Not Verified; New.net, Inc.; New.net runner>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Remote Management Agent (Novell ZENworks Remote Management Agent) - c:\program files\novell\zenworks\remotemanagement\rmagent\zenrem32.exe <Not Verified; Novell, Inc.; ZENworks Remote Management>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R2 XTAgent (Novell XTier Agent Services) - c:\windows\system32\novell\xtagent.exe <Not Verified; Novell, Inc.; NetIdentity>
R2 ZFDWM (Workstation Manager) - c:\program files\novell\zenworks\wm.exe <Not Verified; Novell, Inc.; ZENworks Desktop Management>

S2 CADopia License Manager - c:\orcad\orcad_10.5\intell~1\licensemanager\lmgrd.exe <Not Verified; Macrovision Corporation; >
S2 lmgrd (Flexlm) - "c:\orcad\orcad_10.5\intellicad 4\licensemanager\lmgrd.exe" <Not Verified; Macrovision Corporation; >
S2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
S3 Remote Solver for COSMOSFloWorks 2005 - c:\program files\cosmos applications\floworks\bin\standaloneslv.exe <Not Verified; ; StandAloneSlv Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-12 16:53:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-18 and 2008-04-18 -----------------------------

2008-04-18 19:09:38 0 d-------- C:\Program Files\Trend Micro
2008-04-17 20:14:27 0 d-------- C:\Program Files\Lavasoft
2008-04-17 20:14:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 18:45:15 0 d-------- C:\Program Files\NetProject
2008-04-13 05:07:36 5404 --a------ C:\WINDOWS\system32\winmenu32.dll
2008-04-06 02:12:45 0 d-------- C:\Program Files\Cedelia
2008-03-21 12:55:44 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>


-- Find3M Report ---------------------------------------------------------------

2008-04-18 20:05:28 0 d-------- C:\Documents and Settings\gvkudav\Application Data\DNA
2008-04-18 19:28:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 21:52:03 0 d-------- C:\Documents and Settings\gvkudav\Application Data\dvdcss
2008-04-13 05:07:36 13312 --a-s---- C:\WINDOWS\system32\bubbj.dll
2008-04-09 23:25:06 0 d-a-s---- C:\Program Files\NewDotNet
2008-04-07 21:04:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 02:59:41 0 d-------- C:\Program Files\Java
2008-03-21 13:13:35 0 d-------- C:\Program Files\iPod
2008-03-18 17:01:09 0 d-------- C:\Documents and Settings\gvkudav\Application Data\Macromedia
2008-03-18 17:01:07 8928 --a------ C:\WINDOWS\mozver.dat
2008-03-16 17:22:46 0 d-------- C:\Documents and Settings\gvkudav\Application Data\BitTorrent
2008-03-14 10:38:26 0 d-------- C:\Program Files\Common Files
2008-03-14 10:38:26 0 d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-14 10:38:13 0 d-------- C:\Documents and Settings\gvkudav\Application Data\InstallShield
2008-03-13 12:12:53 0 d-------- C:\Program Files\DNA
2008-03-13 12:12:46 0 d-------- C:\Documents and Settings\gvkudav\Application Data\BitTorrent DNA
2008-03-05 13:25:15 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2008-03-01 18:45:11 0 d-------- C:\Program Files\iTunes
2008-03-01 18:42:42 0 d-------- C:\Program Files\QuickTime
2008-02-21 13:41:47 0 d-------- C:\Program Files\tcetest
2008-02-21 11:50:32 0 d-------- C:\Documents and Settings\gvkudav\Application Data\U3
2008-02-20 20:48:25 0 d-------- C:\Documents and Settings\gvkudav\Application Data\GetRightToGo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
04/17/2008 10:55 PM 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [04/17/2008 06:45 PM 87552]

[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/12/2005 10:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [12/07/2005 03:55 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [01/17/2005 11:33 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 11:25 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [1/4/2006 2:47:19 PM]
Fix AutoCAD.lnk - C:\ECS\FixAutoCAD.reg [2/3/2006 2:37:59 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 6:23:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"1"=regedit /s \\maxwell\s_ecs\ECS\FixAutoCAD.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"= C:\WINDOWS\system32\bubbj.dll [04/13/2008 05:07 AM 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Program Files\Novell\ZENworks\NalShell.dll [09/09/2005 12:54 PM 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="ziswin.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll 01/10/2005 01:36 PM 24576 C:\WINDOWS\system32\Novell\xtnotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9302810e-e094-11dc-acc5-0013cebbb612}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-18 20:11:33 ------------




EXTRA:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.13GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1023.39 MiB / 536.87 MiB
Pagefile Memory (total/avail): 2460.69 MiB / 2099.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.75 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 39.63 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - Hitachi HTS721080G9AT00 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\OrCAD\\OrCAD_10.5\\setconfig.exe"="C:\\OrCAD\\OrCAD_10.5\\setconfig.exe:*:Enabled:setconfig (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\updates.exe"="C:\\OrCAD\\OrCAD_10.5\\updates.exe:*:Enabled:updates (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\icad.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\icad.exe:*:Enabled:icad (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\cadopia.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\cadopia.exe:*:Enabled:cadopia (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\installs.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\installs.exe:*:Enabled:installs (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmdown.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmdown.exe:*:Enabled:lmdown (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmgrd.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmgrd.exe:*:Enabled:lmgrd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmhostid.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmhostid.exe:*:Enabled:lmhostid (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmtools.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmtools.exe:*:Enabled:lmtools (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmutil.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmutil.exe:*:Enabled:lmutil (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsdoc.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsdoc.exe:*:Enabled:cdsdoc (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsinfo.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsinfo.exe:*:Enabled:cdsinfo (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsmps.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsmps.exe:*:Enabled:cdsmps (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsMsgServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsNameServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsNameServer.exe:*:Enabled:cdsNameServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRemshClient.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRemshClient.exe:*:Enabled:cdsRemshClient (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRunHidden.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRunHidden.exe:*:Enabled:cdsRunHidden (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsUnzip.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsUnzip.exe:*:Enabled:cdsUnzip (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdswhich.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdswhich.exe:*:Enabled:cdswhich (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsZip.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsZip.exe:*:Enabled:cdsZip (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cds_root.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cds_root.exe:*:Enabled:cds_root (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsAdminTool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsAdminTool.exe:*:Enabled:clsAdminTool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsbd.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsbd.exe:*:Enabled:clsbd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clu.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clu.exe:*:Enabled:clu (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\dregprint.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\dregprint.exe:*:Enabled:dregprint (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\mpsinfo.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\mpsinfo.exe:*:Enabled:mpsinfo (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmp.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmp.exe:*:Enabled:nmp (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmppath.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmppath.exe:*:Enabled:nmppath (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\switchversion.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\switchversion.exe:*:Enabled:switchversion (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\van.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\van.exe:*:Enabled:van (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\versionviewer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\versionviewer.exe:*:Enabled:versionviewer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\capture.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\capture.exe:*:Enabled:capture (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\comp16.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\comp16.exe:*:Enabled:comp16 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pcadi.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pcadi.exe:*:Enabled:pcadi (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pstswp.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pstswp.exe:*:Enabled:pstswp (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\regsvr32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\sch2cap.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\sch2cap.exe:*:Enabled:sch2cap (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\SETBROWS.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\SETBROWS.EXE:*:Enabled:SETBROWS (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\tutorial\\CAPTUTOR.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\cdsservipc.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\cdsservipc.exe:*:Enabled:cdsservipc (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill.exe:*:Enabled:skill (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill_g.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill_g.exe:*:Enabled:skill_g (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\mkdefcfg.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\mkdefcfg.exe:*:Enabled:mkdefcfg (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\versiontool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\versiontool.exe:*:Enabled:versiontool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\java.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\java.exe:*:Enabled:java (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\javaw.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\javaw.exe:*:Enabled:javaw (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\jpicpl32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\jpicpl32.exe:*:Enabled:jpicpl32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\keytool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\keytool.exe:*:Enabled:keytool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\kinit.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\kinit.exe:*:Enabled:kinit (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\klist.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\klist.exe:*:Enabled:klist (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\ktab.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\ktab.exe:*:Enabled:ktab (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\orbd.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\orbd.exe:*:Enabled:orbd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\policytool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\policytool.exe:*:Enabled:policytool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmid.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmid.exe:*:Enabled:rmid (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmiregistry.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmiregistry.exe:*:Enabled:rmiregistry (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\servertool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\servertool.exe:*:Enabled:servertool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\tnameserv.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\tnameserv.exe:*:Enabled:tnameserv (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\fvupdateutil.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\fvupdateutil.exe:*:Enabled:fvupdateutil (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcad.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcad.exe:*:Enabled:gcad (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcam.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcam.exe:*:Enabled:gcam (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcdin.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcdin.exe:*:Enabled:gcdin (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\idfin.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\idfin.exe:*:Enabled:idfin (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\ipc356.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\ipc356.exe:*:Enabled:ipc356 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\layout.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\layout.exe:*:Enabled:layout (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\libcat.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\libcat.exe:*:Enabled:libcat (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\lsession.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\lsession.exe:*:Enabled:lsession (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\max2hyp.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\max2hyp.exe:*:Enabled:max2hyp (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascb.exe:*:Enabled:maxascb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascx.exe:*:Enabled:maxascx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxdxf.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxdxf.exe:*:Enabled:maxdxf (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxeco.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxeco.exe:*:Enabled:maxeco (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxfnetx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxfnetx.exe:*:Enabled:maxfnetx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminb.exe:*:Enabled:maxminb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminw.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminw.exe:*:Enabled:maxminw (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminx.exe:*:Enabled:maxminx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxorcad.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxorcad.exe:*:Enabled:maxorcad (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxp99x.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxp99x.exe:*:Enabled:maxp99x (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadb.exe:*:Enabled:maxpadb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadx.exe:*:Enabled:maxpadx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadb.exe:*:Enabled:maxpcadb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadx.exe:*:Enabled:maxpcadx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotb.exe:*:Enabled:maxprotb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotx.exe:*:Enabled:maxprotx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrb.exe:*:Enabled:maxstrb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrx.exe:*:Enabled:maxstrx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangb.exe:*:Enabled:maxtangb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangx.exe:*:Enabled:maxtangx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\mfceco.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\mfceco.exe:*:Enabled:mfceco (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\orcadodb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\orcadodb.exe:*:Enabled:orcadodb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padb.exe:*:Enabled:padb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padx.exe:*:Enabled:padx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadb.exe:*:Enabled:pcadb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadx.exe:*:Enabled:pcadx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcb2max.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcb2max.exe:*:Enabled:pcb2max (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\prcat.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\prcat.exe:*:Enabled:prcat (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protb.exe:*:Enabled:protb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protx.exe:*:Enabled:protx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\searchTool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\searchTool.exe:*:Enabled:searchTool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\setbrows.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\setbrows.exe:*:Enabled:setbrows (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\specin.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\specin.exe:*:Enabled:specin (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strb.exe:*:Enabled:strb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strx.exe:*:Enabled:strx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangb.exe:*:Enabled:tangb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangx.exe:*:Enabled:tangx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\to386.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\to386.exe:*:Enabled:to386 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\toidf.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\toidf.exe:*:Enabled:toidf (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tomax.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tomax.exe:*:Enabled:tomax (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tospec.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tospec.exe:*:Enabled:tospec (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\update90.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\update90.exe:*:Enabled:update90 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\F2G.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\F2G.EXE:*:Enabled:F2G (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\G2F.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\G2F.EXE:*:Enabled:G2F (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\custaped.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\custaped.exe:*:Enabled:custaped (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GERBLINE.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GERBLINE.EXE:*:Enabled:GERBLINE (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\Gerbtool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\Gerbtool.exe:*:Enabled:Gerbtool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GT2VIEW.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GT2VIEW.EXE:*:Enabled:GT2VIEW (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\System\\FixTbar.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\System\\FixTbar.exe:*:Enabled:FixTbar (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\samples\\demo\\reset.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\samples\\demo\\reset.exe:*:Enabled:reset (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\batch32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\batch32.exe:*:Enabled:batch32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\sroute.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\sroute.exe:*:Enabled:sroute (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tutorial\\laytutor.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tutorial\\laytutor.exe:*:Enabled:laytutor (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\vcadd\\vcadd32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\vcadd\\vcadd32.exe:*:Enabled:vcadd32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\IndiceFileGeneration.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\Magneticdesigner.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\Magneticdesigner.exe:*:Enabled:Magneticdesigner (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\modeled.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\modeled.exe:*:Enabled:modeled (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\MrkSrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\MrkSrvr.exe:*:Enabled:MrkSrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspice.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspice.exe:*:Enabled:pspice (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\psp_cmd.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\psp_cmd.exe:*:Enabled:psp_cmd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\regsvr32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simmgr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simmgr.exe:*:Enabled:simmgr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simsrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simsrvr.exe:*:Enabled:simsrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\stmed.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\stmed.exe:*:Enabled:stmed (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.exe:*:Enabled:specctra (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\merge.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\merge.exe:*:Enabled:merge (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\mkvdk.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\mkvdk.exe:*:Enabled:mkvdk (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\search.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\search.exe:*:Enabled:search (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\setup.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\setup.exe:*:Enabled:setup (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\v_uninst.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\v_uninst.exe:*:Enabled:v_uninst (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\callback.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\callback.exe:*:Enabled:callback (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\filter.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\filter.exe:*:Enabled:filter (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmlini.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmlini.exe:*:Enabled:htmlini (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmserv.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmserv.exe:*:Enabled:htmserv (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\index.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\index.exe:*:Enabled:index (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jstree.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jstree.exe:*:Enabled:jstree (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jvtree.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jvtree.exe:*:Enabled:jvtree (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\kvoop.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\kvoop.exe:*:Enabled:kvoop (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\regsvr32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\summary.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\summary.exe:*:Enabled:summary (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe:*:Enabled:amovie (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.com"="C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.com:*:Enabled:specctra (Release OrCAD 10.5)"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\proeWildfire 2.0\\i486_nt\\nms\\nmsd.exe"="C:\\Program Files\\proeWildfire 2.0\\i486_nt\\nms\\nmsd.exe:*:Enabled:nmsd"
"C:\\Program Files\\proeWildfire 2.0\\i486_nt\\obj\\pro_comm_msg.exe"="C:\\Program Files\\proeWildfire 2.0\\i486_nt\\obj\\pro_comm_msg.exe:*:Enabled:pro_comm_msg"
"C:\\OrCAD\\OrCAD_10.5\\setconfig.exe"="C:\\OrCAD\\OrCAD_10.5\\setconfig.exe:*:Enabled:setconfig (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\updates.exe"="C:\\OrCAD\\OrCAD_10.5\\updates.exe:*:Enabled:updates (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\icad.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\icad.exe:*:Enabled:icad (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\cadopia.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\cadopia.exe:*:Enabled:cadopia (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\installs.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\installs.exe:*:Enabled:installs (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmdown.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmdown.exe:*:Enabled:lmdown (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmgrd.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmgrd.exe:*:Enabled:lmgrd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmhostid.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmhostid.exe:*:Enabled:lmhostid (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmtools.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmtools.exe:*:Enabled:lmtools (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmutil.exe"="C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmutil.exe:*:Enabled:lmutil (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsdoc.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsdoc.exe:*:Enabled:cdsdoc (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsinfo.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsinfo.exe:*:Enabled:cdsinfo (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsmps.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsmps.exe:*:Enabled:cdsmps (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsMsgServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsNameServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsNameServer.exe:*:Enabled:cdsNameServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRemshClient.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRemshClient.exe:*:Enabled:cdsRemshClient (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRunHidden.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsRunHidden.exe:*:Enabled:cdsRunHidden (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsUnzip.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsUnzip.exe:*:Enabled:cdsUnzip (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdswhich.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdswhich.exe:*:Enabled:cdswhich (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsZip.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cdsZip.exe:*:Enabled:cdsZip (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cds_root.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\cds_root.exe:*:Enabled:cds_root (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsAdminTool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsAdminTool.exe:*:Enabled:clsAdminTool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsbd.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clsbd.exe:*:Enabled:clsbd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clu.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\clu.exe:*:Enabled:clu (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\dregprint.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\dregprint.exe:*:Enabled:dregprint (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\mpsinfo.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\mpsinfo.exe:*:Enabled:mpsinfo (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmp.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmp.exe:*:Enabled:nmp (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmppath.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\nmppath.exe:*:Enabled:nmppath (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\switchversion.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\switchversion.exe:*:Enabled:switchversion (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\van.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\van.exe:*:Enabled:van (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\versionviewer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\bin\\versionviewer.exe:*:Enabled:versionviewer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\capture.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\capture.exe:*:Enabled:capture (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\comp16.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\comp16.exe:*:Enabled:comp16 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pcadi.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pcadi.exe:*:Enabled:pcadi (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pstswp.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\pstswp.exe:*:Enabled:pstswp (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\regsvr32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\sch2cap.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\sch2cap.exe:*:Enabled:sch2cap (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\SETBROWS.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\SETBROWS.EXE:*:Enabled:SETBROWS (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\tutorial\\CAPTUTOR.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\capture\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\cdsdoc\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\cdsservipc.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\cdsservipc.exe:*:Enabled:cdsservipc (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill.exe:*:Enabled:skill (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill_g.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\dfII\\bin\\skill_g.exe:*:Enabled:skill_g (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\mkdefcfg.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\mkdefcfg.exe:*:Enabled:mkdefcfg (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\versiontool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\fet\\bin\\versiontool.exe:*:Enabled:versiontool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\java.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\java.exe:*:Enabled:java (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\javaw.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\javaw.exe:*:Enabled:javaw (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\jpicpl32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\jpicpl32.exe:*:Enabled:jpicpl32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\keytool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\keytool.exe:*:Enabled:keytool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\kinit.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\kinit.exe:*:Enabled:kinit (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\klist.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\klist.exe:*:Enabled:klist (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\ktab.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\ktab.exe:*:Enabled:ktab (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\orbd.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\orbd.exe:*:Enabled:orbd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\policytool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\policytool.exe:*:Enabled:policytool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmid.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmid.exe:*:Enabled:rmid (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmiregistry.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\rmiregistry.exe:*:Enabled:rmiregistry (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\servertool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\servertool.exe:*:Enabled:servertool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\tnameserv.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\jre\\bin\\tnameserv.exe:*:Enabled:tnameserv (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\fvupdateutil.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\fvupdateutil.exe:*:Enabled:fvupdateutil (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcad.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcad.exe:*:Enabled:gcad (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcam.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcam.exe:*:Enabled:gcam (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcdin.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gcdin.exe:*:Enabled:gcdin (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\idfin.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\idfin.exe:*:Enabled:idfin (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\ipc356.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\ipc356.exe:*:Enabled:ipc356 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\layout.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\layout.exe:*:Enabled:layout (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\libcat.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\libcat.exe:*:Enabled:libcat (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\lsession.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\lsession.exe:*:Enabled:lsession (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\max2hyp.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\max2hyp.exe:*:Enabled:max2hyp (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascb.exe:*:Enabled:maxascb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxascx.exe:*:Enabled:maxascx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxdxf.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxdxf.exe:*:Enabled:maxdxf (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxeco.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxeco.exe:*:Enabled:maxeco (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxfnetx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxfnetx.exe:*:Enabled:maxfnetx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminb.exe:*:Enabled:maxminb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminw.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminw.exe:*:Enabled:maxminw (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxminx.exe:*:Enabled:maxminx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxorcad.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxorcad.exe:*:Enabled:maxorcad (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxp99x.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxp99x.exe:*:Enabled:maxp99x (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadb.exe:*:Enabled:maxpadb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpadx.exe:*:Enabled:maxpadx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadb.exe:*:Enabled:maxpcadb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxpcadx.exe:*:Enabled:maxpcadx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotb.exe:*:Enabled:maxprotb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxprotx.exe:*:Enabled:maxprotx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrb.exe:*:Enabled:maxstrb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxstrx.exe:*:Enabled:maxstrx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangb.exe:*:Enabled:maxtangb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\maxtangx.exe:*:Enabled:maxtangx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\mfceco.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\mfceco.exe:*:Enabled:mfceco (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\orcadodb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\orcadodb.exe:*:Enabled:orcadodb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padb.exe:*:Enabled:padb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\padx.exe:*:Enabled:padx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadb.exe:*:Enabled:pcadb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcadx.exe:*:Enabled:pcadx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcb2max.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\pcb2max.exe:*:Enabled:pcb2max (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\prcat.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\prcat.exe:*:Enabled:prcat (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protb.exe:*:Enabled:protb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\protx.exe:*:Enabled:protx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\searchTool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\searchTool.exe:*:Enabled:searchTool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\setbrows.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\setbrows.exe:*:Enabled:setbrows (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\specin.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\specin.exe:*:Enabled:specin (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strb.exe:*:Enabled:strb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\strx.exe:*:Enabled:strx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangb.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangb.exe:*:Enabled:tangb (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangx.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tangx.exe:*:Enabled:tangx (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\to386.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\to386.exe:*:Enabled:to386 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\toidf.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\toidf.exe:*:Enabled:toidf (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tomax.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tomax.exe:*:Enabled:tomax (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tospec.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tospec.exe:*:Enabled:tospec (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\update90.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\update90.exe:*:Enabled:update90 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\F2G.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\F2G.EXE:*:Enabled:F2G (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\G2F.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Fonts\\G2F.EXE:*:Enabled:G2F (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\custaped.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\custaped.exe:*:Enabled:custaped (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GERBLINE.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GERBLINE.EXE:*:Enabled:GERBLINE (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\Gerbtool.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\Gerbtool.exe:*:Enabled:Gerbtool (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GT2VIEW.EXE"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\Program\\GT2VIEW.EXE:*:Enabled:GT2VIEW (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\System\\FixTbar.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\gtool\\System\\FixTbar.exe:*:Enabled:FixTbar (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\samples\\demo\\reset.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\samples\\demo\\reset.exe:*:Enabled:reset (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\batch32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\batch32.exe:*:Enabled:batch32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\sroute.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\sroute\\sroute.exe:*:Enabled:sroute (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tutorial\\laytutor.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\tutorial\\laytutor.exe:*:Enabled:laytutor (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\vcadd\\vcadd32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\layout\\vcadd\\vcadd32.exe:*:Enabled:vcadd32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\IndiceFileGeneration.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\Magneticdesigner.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\Magneticdesigner.exe:*:Enabled:Magneticdesigner (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\modeled.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\modeled.exe:*:Enabled:modeled (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\MrkSrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\MrkSrvr.exe:*:Enabled:MrkSrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspice.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspice.exe:*:Enabled:pspice (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\psp_cmd.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\psp_cmd.exe:*:Enabled:psp_cmd (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\regsvr32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simmgr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simmgr.exe:*:Enabled:simmgr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simsrvr.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\simsrvr.exe:*:Enabled:simsrvr (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\stmed.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\pspice\\stmed.exe:*:Enabled:stmed (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.exe:*:Enabled:specctra (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\merge.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\merge.exe:*:Enabled:merge (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\mkvdk.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\mkvdk.exe:*:Enabled:mkvdk (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\search.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\search.exe:*:Enabled:search (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\setup.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\setup.exe:*:Enabled:setup (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\v_uninst.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\bin\\v_uninst.exe:*:Enabled:v_uninst (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\callback.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\callback.exe:*:Enabled:callback (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\filter.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\filter.exe:*:Enabled:filter (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmlini.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmlini.exe:*:Enabled:htmlini (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmserv.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\htmserv.exe:*:Enabled:htmserv (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\index.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\index.exe:*:Enabled:index (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jstree.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jstree.exe:*:Enabled:jstree (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jvtree.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\jvtree.exe:*:Enabled:jvtree (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\kvoop.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\kvoop.exe:*:Enabled:kvoop (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\regsvr32.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\summary.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\summary.exe:*:Enabled:summary (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe"="C:\\OrCAD\\OrCAD_10.5\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe:*:Enabled:amovie (Release OrCAD 10.5)"
"C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.com"="C:\\OrCAD\\OrCAD_10.5\\tools\\specctra\\bin\\specctra.com:*:Enabled:specctra (Release OrCAD 10.5)"
"C:\\Program Files\\Hummingbird\\Connectivity\\7.11\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\7.11\\Exceed\\exceed.exe:*:Enabled:X server for Win32"
"C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"="C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe:*:Enabled:Freelancer"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Documents and Settings\\gvkudav\\Local Settings\\Temp\\Temporary Directory 2 for agsm_beta_test.2.52d.zip\\aGSM.exe"="C:\\Documents and Settings\\gvkudav\\Local Settings\\Temp\\Temporary Directory 2 for agsm_beta_test.2.52d.zip\\aGSM.exe:*:Enabled:alternative Game Server Monitor"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\proeWildfire 2.0\\i486_nt\\obj\\xtop.exe"="C:\\Program Files\\proeWildfire 2.0\\i486_nt\\obj\\xtop.exe:*:Disabled:xtop"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gvkudav\Application Data
CDSROOT=C:\OrCAD\OrCAD_10.5
CDS_LIC_FILE=5280@tesla
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SKUDAV
ComSpec=C:\WINDOWS\system32\cmd.exe
COSMOSM=C:\Program Files\COSMOS Applications
FLUENT_INC=C:\fluent.inc
FP_NO_HOST_CHECK=NO
GEOSTAR_HELP_TYPE=WINHELP
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gvkudav
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LM_LICENSE_FILE=C:\OrCAD\OrCAD_10.5\IntelliCAD 4\\cadopia.dat;7241@tesla;27002@tesla
LOGONSERVER=\\SKUDAV
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\COSMOS Applications;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\program files\ati technologies\ati control panel;c:\program files\common files\adaptec shared\system;c:\program files\proewildfire 2.0\bin;c:\orcad\orcad_10.5\tools\specctra\bin;c:\orcad\orcad_10.5\tools\pspice\library;c:\orcad\orcad_10.5\tools\capture;c:\orcad\orcad_10.5\tools\bin;c:\orcad\orcad_10.5\tools\fet\bin;C:\Program Files\MATLAB71\bin\win32;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Hummingbird\Connectivity\7.11\Accessories\;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin;;C:\Modeltech_ae\win32aloem;c:\fluent.inc\ntbin\ntx86;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Novell\ZENworks\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\gvkudav\LOCALS~1\Temp
TMP=C:\DOCUME~1\gvkudav\LOCALS~1\Temp
USERDOMAIN=SKUDAV
USERNAME=gvkudav
USERPROFILE=C:\Documents and Settings\gvkudav
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

gvkudav.ECS (admin)
System Administrator (admin)
gvkudav (new local, admin)
gvkudav (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> \IsUninst.exe -f"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\\Uninst.isu"
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Autodesk Inventor Professional 10 --> MsiExec.exe /I{7F4DD591-1000-0409-0001-7107D70F3DB4}
Autodesk Inventor Professional 10 modules --> MsiExec.exe /I{7F4DD591-1000-4C43-9CB2-8107D70F3DB5}
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
CADopia IntelliCAD 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BB4B8FCF-44B4-4957-B92F-5F5A631AF629}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
COSMOSDesignSTAR 4.5 (2004/300) --> MsiExec.exe /I{91C3B889-D939-4C18-9FF3-6286F26D9309}
COSMOSFloWorks 2005 SP3.1 --> MsiExec.exe /I{03E3DDF5-12E1-4157-97E1-A38AE857D223}
COSMOSM 2.9 (2004/260) --> MsiExec.exe /I{CEFEB8FD-9CA2-4686-AF27-CE1D5F58C921}
COSMOSMotion 2005 SP3.1 --> MsiExec.exe /I{0EA15A4B-B4D1-4021-90F6-BC6402A7D2BA}
COSMOSWorks 2005 SP3.1 --> MsiExec.exe /I{0589E258-8822-4D0F-BBFA-DAA5678FD3E3}
Crystal10 --> MsiExec.exe /I{91FD3E1D-FE00-4ECB-8379-204704812A9D}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eDrawings 2005 --> MsiExec.exe /I{071D088C-6DF6-4F1B-B024-DA10896AF66D}
Evochron Renegades --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\sw3dg\EvochronRenegades\UnInst.log" "/APPNAME=Evochron Renegades"
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
Futuremark SystemInfo --> C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
getPlus®_dll --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hummingbird Exceed V7.1.1 --> MsiExec.exe /I{CFAF70CE-A0BE-46F6-B9C9-4901D8096D22}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Service --> "C:\Program Files\NetProject\waun.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Mathcad 2001 Professional --> MsiExec.exe /X{31A38B62-9168-4052-920A-F1405F43FEA8}
MATLAB 7.1 --> C:\Program Files\MATLAB71\uninstall\uninstall.exe C:\Program Files\MATLAB71\
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MDSolids --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\MDSolids\ST5UNST.LOG"
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (INVENTORCONTENT) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual Studio 6.0 Professional Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft WSE 2.0 Runtime --> MsiExec.exe /X{6EF75643-E1C3-4954-AC7D-FCEE1656D800}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla (1.7.12) --> C:\WINDOWS\MozillaUninstall.exe /ua "1.7.12 (en)"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSDN Library - Visual Studio 6.0a --> "C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1033\Setup\Setup.exe"
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySQL Connector/ODBC 3.51 --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\myodbc3_install.LOG
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
New.net Domains 8.0 build 840 --> C:\Program Files\NewDotNet\uninstall.exe
PASSPORT 32-bit (Standard Installation) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PASSPORT\UninsSTD.isu"
PDFXSDKdrInst --> C:\Program Files\PDF-XChange\SDK Drivers\uninstx.exe C:\Program Files\PDF-XChange\SDK Drivers\PDFXSDKdrInst.log
PIPE-FLO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69C86651-D075-11D6-9DD3-002078079A40}\setup.exe" -l0x9 PIPE-FLO
Pro/ENGINEER Release Wildfire 2.0 Datecode M070 --> "C:\Program Files\proeWildfire 2.0\uninstall\i486_nt\obj\psuninst.exe" "C:\Program Files\proeWildfire 2.0\uninstall\instlog.txt"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
Release OrCAD 10.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24D0A76F-34E1-43F7-B972-0608518CD2A7}\setup.exe" -l0x9 Uninstall
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
SolidWorks 2005 SP03.1 --> MsiExec.exe /I{C8D1B87D-A3ED-440C-8ABF-1881E8DE79A5}
STAAD.Pro 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92337117-8C7D-44FA-B29D-7BF7F7BE51C2}\Setup.exe" -l0x9
StreamPlug Player --> c:/Program Files/Cedelia/StreamPlug\StreamPlug Player.exe --uninstall
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52503B4E-149A-4731-A6FF-495067EABFDC} /l1033
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Safety Alert --> C:\Documents and Settings\gvkudav\Local Settings\Temp\zfe1.exe /del
Working Model 2D 5.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Working Model 2D\DeIsL1.isu"
ZENworks Desktop Management Agent --> MsiExec.exe /I{5CD0779F-4B55-4300-91C9-44584BB7ACB9}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1665 / Warning
Event Submitted/Written: 04/18/2008 08:11:16 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from SKUDAV IP 127.0.0.1 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type1664 / Warning
Event Submitted/Written: 04/18/2008 08:11:16 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from SKUDAV IP 127.0.0.1 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type1662 / Error
Event Submitted/Written: 04/18/2008 07:18:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type1659 / Warning
Event Submitted/Written: 04/18/2008 07:13:02 PM
Event ID/Source: 19011 / MSSQL$INVENTORCONTENT
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type1651 / Warning
Event Submitted/Written: 04/17/2008 10:55:58 PM
Event ID/Source: 19011 / MSSQL$INVENTORCONTENT
Event Description:
(SpnRegister) : Error 1355



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12822 / Error
Event Submitted/Written: 04/18/2008 07:15:09 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer OWNER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1CB51091-47F2-4377-.
The master browser is stopping or an election is being forced.

Event Record #/Type12816 / Error
Event Submitted/Written: 04/18/2008 07:13:04 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The CADopia License Manager service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type12814 / Error
Event Submitted/Written: 04/18/2008 07:13:04 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Flexlm service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type12812 / Error
Event Submitted/Written: 04/18/2008 07:13:02 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The WLANKEEPER service depends on the Spectrum24 Event Monitor service which failed to start because of the following error:
%%1075

Event Record #/Type12811 / Error
Event Submitted/Written: 04/18/2008 07:13:02 PM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The Spectrum24 Event Monitor service depends on the following nonexistent service: s24trans



-- End of Deckard's System Scanner: finished at 2008-04-18 20:11:33 ------------

#6 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 18 April 2008 - 07:52 PM

A. First we fix some file associations:

To repair the faulty file associations, please do the following:
  • Make sure that DSS.exe is located on your Desktop.
  • Click on your START button, then choose Run. A little box will appear.
  • Now copy and paste all the following in bold (including the "" marks into the run box and click OK.

    "%userprofile%\desktop\dss.exe" /daft


  • This will start DSS in a different way. A small window will appear.
  • Click on the Scan button.
  • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a tick in the boxes in question.
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post
.


B. 1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

@Echo off
sc stop "NNServ - New.net, Inc."
sc delete "NNServ - New.net, Inc."
del delete.bat

3. Save the file as "delete.bat". Make sure to save it with the quotes. It should look like this on your desktop: Posted Image

4. Double click delete.bat.


C. Using the Add/Remove program module in your Control Panel, please UNINSTALL the following program:

New.net Domains or NewDotNet


D. Now, using Windows Explorer, (Windows Key + E), please locate and DELETE the following folder and all its content:

C:\Program Files\NewDotNet<==Folder in Red


E. Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply along with the DAFT report.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#7 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 18 April 2008 - 10:09 PM

DAFT report: DAFT Log saved on 2008-04-18 23:58:38 ----------------------------------------------------------------------- All associations okay! SMITFRAUDFIX REPORT: SmitFraudFix v2.314 Scan done at 0:05:43.89, Sat 04/19/2008 Run from C:\Documents and Settings\gvkudav\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe C:\Program Files\Novell\ZENworks\nalntsrv.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Novell\ZENworks\wm.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DNA\btdna.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\bubbj.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gvkudav »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gvkudav\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\gvkudav\FAVORI~1 C:\DOCUME~1\gvkudav\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\NetProject\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{db763ed8-100a-481b-8913-50a2f41dcdc3}"="exegeses" [HKEY_CLASSES_ROOT\CLSID\{db763ed8-100a-481b-8913-50a2f41dcdc3}\InProcServer32] @="C:\WINDOWS\system32\bubbj.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{db763ed8-100a-481b-8913-50a2f41dcdc3}\InProcServer32] @="C:\WINDOWS\system32\bubbj.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="ziswin.exe" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CB51091-47F2-4377-99D5-88A713837423}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CB51091-47F2-4377-99D5-88A713837423}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{1CB51091-47F2-4377-99D5-88A713837423}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#8 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 18 April 2008 - 11:09 PM

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Download, update and configure SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
DO NOT RUN THE PROGRAM YET

2. Reboot your computer into Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

3. Once in Safe Mode, double-click Smitfraudfix.exe
Select option #2 - Clean by typing 2 and press Enter to delete the infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will now check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


4. Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.


5. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

6. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

7. Now, please run SuperAntispyeare by clicking on its icon
  • On the main screen, under "Scan for Harmful Software" click Scan your computer
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

8.Reboot your system into Normal Windows Mode whether the tool prompts you to do so or not.

.
9. To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply along with afresh HJT log.
  • Click Close to exit the program.

10. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer YES to the question "Restore Trusted Zone?" by Typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

11. Please Post the following logs:
  • c:\rapport.txt
  • SuperAntispyware log
  • A new HijackThis log

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#9 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 19 April 2008 - 03:55 PM

HiJackThis won't do anything for some reason....i double clicked it but nothing happened. here are the logs:

SmitFraudFix v2.314

Scan done at 11:24:05.62, Sat 04/19/2008
Run from C:\Documents and Settings\gvkudav\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"="exegeses"

[HKEY_CLASSES_ROOT\CLSID\{db763ed8-100a-481b-8913-50a2f41dcdc3}\InProcServer32]
@="C:\WINDOWS\SYSTEM32\BUBBJ.DLL"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{db763ed8-100a-481b-8913-50a2f41dcdc3}\InProcServer32]
@="C:\WINDOWS\SYSTEM32\BUBBJ.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\SYSTEM32\BUBBJ.DLL -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\SYSTEM32\BUBBJ.DLL -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\gvkudav\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\NetProject\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CB51091-47F2-4377-99D5-88A713837423}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CB51091-47F2-4377-99D5-88A713837423}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1CB51091-47F2-4377-99D5-88A713837423}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="ziswin.exe"


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/19/2008 at 03:43 PM

Application Version : 4.0.1154

Core Rules Database Version : 3442
Trace Rules Database Version: 1434

Scan type : Complete Scan
Total Scan Time : 04:04:32

Memory items scanned : 191
Memory threats detected : 0
Registry items scanned : 9424
Registry threats detected : 3
File items scanned : 206178
File threats detected : 5

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net
C:\WINDOWS\NDNUNINSTALL6_38.EXE
C:\WINDOWS\NDNUNINSTALL7_48.EXE

Trojan.Downloader-WINHP32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#1 [ regedit /s \\maxwell\s_ecs\ECS\FixAutoCAD.reg ]

Adware.Tracking Cookie
C:\Documents and Settings\gvkudav\Cookies\gvkudav@atdmt[2].txt
C:\Documents and Settings\gvkudav\Cookies\gvkudav@msnportal.112.2o7[1].txt
C:\Documents and Settings\gvkudav.ECS\Cookies\gvkudav@atwola[1].txt

#10 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 19 April 2008 - 08:12 PM

Please post a fresh HijackThis log.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

    Advertisements

Register to Remove


#11 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 19 April 2008 - 08:16 PM

HijackThis won't do anything. I tried running it after reboot 3 times but nothing happened any of those times. I had the same problem in my second post. You suggested using DSS. Should i use that to scan and post that log?

Edited by chaos, 19 April 2008 - 08:19 PM.


#12 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 19 April 2008 - 08:23 PM

Try renaming HijackThis.exe ( From the original download) to killer.exe. At times, this will allow the program to be run.


Trevuren

Edited by Trevuren, 19 April 2008 - 08:23 PM.

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#13 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 20 April 2008 - 08:16 AM

i renamed the hijackthis.exe file in the trendmicro directory to killer.exe and nothing changed.

#14 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 20 April 2008 - 10:23 AM

Please run Deckard's System Scanner again, this time using these instructions:

1. Click the Windows 'Start' button > Select 'Run'
2. Copy/paste the following into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

3. A mini window will pop up.
4. Place a checkmark in the box beside the following item(s) under Main Text:

HijackThis
Files/Created/Modified
Registry Dump


5. Click Scan
6. When finished, it shall produce a log for you. Please post that log in your next reply.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#15 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 20 April 2008 - 12:49 PM

Deckard's System Scanner v20071014.68
Run by gvkudav on 2008-04-20 14:38:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-20 14:39:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Novell\xtagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Novell\ZENworks\WM.EXE
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gvkudav\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/r...nclient/vec.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=198.163.152.229:3124
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] regedit /s \\maxwell\s_ecs\ECS\FixAutoCAD.reg
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Fix AutoCAD.lnk = C:\ECS\FixAutoCAD.reg
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C:\Program Files\Autodesk\Inventor Professional 10\Bin\HSPCLPRO10.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CADopia License Manager - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Flexlm (lmgrd) - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - C:\Program Files\COSMOS Applications\FloWorks\bin\StandAloneSlv.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\system32\Novell\xtagent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\WM.EXE


--
End of file - 8655 bytes

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-19 09:41:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 09:41:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 09:41:32 0 d-------- C:\Documents and Settings\gvkudav\Application Data\SUPERAntiSpyware.com
2008-04-19 00:05:55 2870 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-18 19:09:38 0 d-------- C:\Program Files\Trend Micro
2008-04-17 20:14:27 0 d-------- C:\Program Files\Lavasoft
2008-04-17 20:14:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 05:07:36 5404 --a------ C:\WINDOWS\system32\winmenu32.dll
2008-04-06 02:12:45 0 d-------- C:\Program Files\Cedelia
2008-03-21 12:55:44 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>


-- Find3M Report ---------------------------------------------------------------

2008-04-20 14:36:12 0 d-------- C:\Documents and Settings\gvkudav\Application Data\DNA
2008-04-19 09:39:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 21:52:03 0 d-------- C:\Documents and Settings\gvkudav\Application Data\dvdcss
2008-04-07 21:04:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 02:59:41 0 d-------- C:\Program Files\Java
2008-03-21 13:13:35 0 d-------- C:\Program Files\iPod
2008-03-18 17:01:09 0 d-------- C:\Documents and Settings\gvkudav\Application Data\Macromedia
2008-03-18 17:01:07 8928 --a------ C:\WINDOWS\mozver.dat
2008-03-16 17:22:46 0 d-------- C:\Documents and Settings\gvkudav\Application Data\BitTorrent
2008-03-14 10:38:26 0 d-------- C:\Program Files\Common Files
2008-03-14 10:38:26 0 d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-14 10:38:13 0 d-------- C:\Documents and Settings\gvkudav\Application Data\InstallShield
2008-03-13 12:12:53 0 d-------- C:\Program Files\DNA
2008-03-13 12:12:46 0 d-------- C:\Documents and Settings\gvkudav\Application Data\BitTorrent DNA
2008-03-05 13:25:15 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2008-03-01 18:45:11 0 d-------- C:\Program Files\iTunes
2008-03-01 18:42:42 0 d-------- C:\Program Files\QuickTime
2008-02-21 13:41:47 0 d-------- C:\Program Files\tcetest
2008-02-21 11:50:32 0 d-------- C:\Documents and Settings\gvkudav\Application Data\U3
2008-02-20 20:48:25 0 d-------- C:\Documents and Settings\gvkudav\Application Data\GetRightToGo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/12/2005 10:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [12/07/2005 03:55 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [01/17/2005 11:33 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 11:25 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [1/4/2006 2:47:19 PM]
Fix AutoCAD.lnk - C:\ECS\FixAutoCAD.reg [2/3/2006 2:37:59 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 6:23:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"1"=regedit /s \\maxwell\s_ecs\ECS\FixAutoCAD.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Program Files\Novell\ZENworks\NalShell.dll [09/09/2005 12:54 PM 430080]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="ziswin.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll 01/10/2005 01:36 PM 24576 C:\WINDOWS\system32\Novell\xtnotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9302810e-e094-11dc-acc5-0013cebbb612}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-20 14:40:00 ------------

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users