Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Problem] Probably infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
16 replies to this topic

#1 Pidgeon

Pidgeon

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 09 December 2011 - 05:27 PM

Hi, I've the following problem:
- Google redirect (click on link of search results, after some clicks in Google I am redirected to ezanga.com websites).
- Sometimes iexplore.exe appears in task manager, I terminate the process, the process comes back after few seconds.

Some random notes:
- I run a scan using Dr.Web CureIt!, here is what I found:
Active Hidden OS/2 or NT Boot Sector HDD1 Partition3 infettato da BackDoor.Tdss.5544
- TDSS Killer (renamed in random_filename.exe) placed in Desktop doesn't start (I click on it, nothing appears).
- I tried Kaspersky Rescue Disk 10, the "Creating swap file" window appears, my system hangs after some minutes (the "Creating swap file" window is still there).
- I installed "Windows Recovery Console" using ComboFix.
- Using Combofix (renamed in random_filename.exe) placed in Desktop, the following window appears:
Posted Image
After 5 minutes, my PC hangs and I have to force reboot it.
- When I start GMER (renamed in random_filename.exe) placed in Desktop, the following window appears:
Posted Image
When I click "OK", the following window appears:
Posted Image
- I start DDS, the, when the "#" reaches the T of "Post the contents of the logfile to the forum where iT was requested", my PC hangs.
- I noticed a partition I wasn't aware of:
Posted Image
The unnamed partition has a size of 2 MB.

I'm asking for help to remove this useless virus.

Thank you!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 15 December 2011 - 05:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431569 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Pidgeon

Pidgeon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 15 December 2011 - 05:37 PM

I can't create a DDS or GMER log for these reasons:
http://www.bleepingcomputer.com/forums/topic431569.html/page__view__findpost__p__2503029

I'm currently using Windows XP Home Edition, SP3, 32 bit.

I've lost my original Windows XP CD, but I've downloaded a working copy.

Please help me to remove this useless virus.

Thank you!

Edited by Pidgeon, 15 December 2011 - 05:39 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 AM

Posted 16 December 2011 - 03:06 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pidgeon

Pidgeon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 16 December 2011 - 05:33 PM

You are great, no one suggested me fixTDSS. Here is what I did:

1) I downloaded fixTDSS to my desktop.
2) I run fixTDSS.
3) fixTDSS asked me to reboot, do I did.
4) After the reboot, a window appeared saying that an infected MBR had been found.
5) I clicked on repair.
6) fixTDSS said me that the repair was done.
7) I did a reboot.
8) I downloaded TDSSKiller to my desktop, renaming it to abc.exe.
9) I started TDSSKiller, and finally its opening process hadn't been blocked.
10) I run a scan using TDSSKiller, here is the log:

23:19:49.0781 0584 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
23:19:50.0031 0584 ============================================================
23:19:50.0031 0584 Current date / time: 2011/12/16 23:19:50.0031
23:19:50.0031 0584 SystemInfo:
23:19:50.0031 0584
23:19:50.0031 0584 OS Version: 5.1.2600 ServicePack: 3.0
23:19:50.0031 0584 Product type: Workstation
23:19:50.0031 0584 ComputerName: PICCION
23:19:50.0031 0584 UserName: Pidgeon
23:19:50.0031 0584 Windows directory: C:\WINDOWS
23:19:50.0031 0584 System windows directory: C:\WINDOWS
23:19:50.0031 0584 Processor architecture: Intel x86
23:19:50.0031 0584 Number of processors: 1
23:19:50.0031 0584 Page size: 0x1000
23:19:50.0031 0584 Boot type: Normal boot
23:19:50.0031 0584 ============================================================
23:19:50.0968 0584 Initialize success
23:19:52.0484 3964 ============================================================
23:19:52.0484 3964 Scan started
23:19:52.0484 3964 Mode: Manual;
23:19:52.0484 3964 ============================================================
23:19:53.0281 3964 Abiosdsk - ok
23:19:53.0328 3964 abp480n5 - ok
23:19:53.0406 3964 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:19:53.0406 3964 ACPI - ok
23:19:53.0531 3964 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:19:53.0531 3964 ACPIEC - ok
23:19:53.0609 3964 adpu160m - ok
23:19:53.0687 3964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:19:53.0687 3964 aec - ok
23:19:53.0812 3964 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:19:53.0812 3964 AFD - ok
23:19:53.0890 3964 Aha154x - ok
23:19:53.0937 3964 aic78u2 - ok
23:19:54.0000 3964 aic78xx - ok
23:19:54.0078 3964 AliIde - ok
23:19:54.0156 3964 AmdK7 (8368729823859d2cfecc83bff7a4f8d8) C:\WINDOWS\system32\DRIVERS\amdk7.sys
23:19:54.0156 3964 AmdK7 - ok
23:19:54.0218 3964 amsint - ok
23:19:54.0343 3964 asc - ok
23:19:54.0406 3964 asc3350p - ok
23:19:54.0453 3964 asc3550 - ok
23:19:54.0609 3964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:19:54.0625 3964 AsyncMac - ok
23:19:54.0703 3964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:19:54.0703 3964 atapi - ok
23:19:54.0781 3964 Atdisk - ok
23:19:54.0906 3964 ati2mtag (26fa97bba8105f5ce7ece5111216a22e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:19:54.0906 3964 ati2mtag - ok
23:19:55.0046 3964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:19:55.0046 3964 Atmarpc - ok
23:19:55.0140 3964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:19:55.0156 3964 audstub - ok
23:19:55.0250 3964 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
23:19:55.0265 3964 avgio - ok
23:19:55.0390 3964 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:19:55.0390 3964 avgntflt - ok
23:19:55.0468 3964 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:19:55.0468 3964 avipbb - ok
23:19:55.0625 3964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:19:55.0625 3964 Beep - ok
23:19:55.0953 3964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:19:55.0953 3964 cbidf2k - ok
23:19:56.0156 3964 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:19:56.0156 3964 CCDECODE - ok
23:19:56.0218 3964 cd20xrnt - ok
23:19:56.0296 3964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:19:56.0296 3964 Cdaudio - ok
23:19:56.0359 3964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:19:56.0359 3964 Cdfs - ok
23:19:56.0453 3964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:19:56.0453 3964 Cdrom - ok
23:19:56.0500 3964 Changer - ok
23:19:56.0609 3964 CmdIde - ok
23:19:56.0718 3964 Cpqarray - ok
23:19:56.0843 3964 CrystalSysInfo - ok
23:19:56.0953 3964 ctac32k (8fb9ff97fe44175fecbd127b03589ad6) C:\WINDOWS\system32\drivers\ctac32k.sys
23:19:56.0953 3964 ctac32k - ok
23:19:57.0031 3964 ctaud2k (dab38c407db5b0737b583fe3ac4a6939) C:\WINDOWS\system32\drivers\ctaud2k.sys
23:19:57.0031 3964 ctaud2k - ok
23:19:57.0125 3964 ctdvda2k - ok
23:19:57.0203 3964 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
23:19:57.0203 3964 ctljystk - ok
23:19:57.0250 3964 ctprxy2k (0614cfa185c5979d36169e525d3327c0) C:\WINDOWS\system32\drivers\ctprxy2k.sys
23:19:57.0250 3964 ctprxy2k - ok
23:19:57.0312 3964 ctsfm2k (d53222d9e951efca8111aba2b9382b5e) C:\WINDOWS\system32\drivers\ctsfm2k.sys
23:19:57.0328 3964 ctsfm2k - ok
23:19:57.0437 3964 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
23:19:57.0437 3964 cvintdrv - ok
23:19:57.0484 3964 dac2w2k - ok
23:19:57.0531 3964 dac960nt - ok
23:19:57.0625 3964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:19:57.0625 3964 Disk - ok
23:19:57.0765 3964 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
23:19:57.0781 3964 dmboot - ok
23:19:57.0890 3964 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
23:19:57.0890 3964 dmio - ok
23:19:58.0000 3964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:19:58.0000 3964 dmload - ok
23:19:58.0093 3964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:19:58.0093 3964 DMusic - ok
23:19:58.0187 3964 dpti2o - ok
23:19:58.0265 3964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:19:58.0265 3964 drmkaud - ok
23:19:58.0343 3964 emupia (f5f6f897c6b39a1e2aac696412264c83) C:\WINDOWS\system32\drivers\emupia2k.sys
23:19:58.0343 3964 emupia - ok
23:19:58.0468 3964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:19:58.0484 3964 Fastfat - ok
23:19:58.0578 3964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:19:58.0578 3964 Fdc - ok
23:19:58.0640 3964 FET5X86V (e7072827d0b5f9bd99d6961571a38973) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
23:19:58.0640 3964 FET5X86V - ok
23:19:58.0718 3964 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
23:19:58.0718 3964 FETNDIS - ok
23:19:58.0812 3964 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
23:19:58.0812 3964 Fips - ok
23:19:58.0875 3964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:19:58.0875 3964 Flpydisk - ok
23:19:58.0921 3964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:19:58.0937 3964 FltMgr - ok
23:19:59.0015 3964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:19:59.0015 3964 Fs_Rec - ok
23:19:59.0078 3964 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:19:59.0078 3964 Ftdisk - ok
23:19:59.0187 3964 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:19:59.0187 3964 gameenum - ok
23:19:59.0250 3964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:19:59.0265 3964 Gpc - ok
23:19:59.0390 3964 ha10kx2k (2f3c7e8209305cba775ac57a173cfe86) C:\WINDOWS\system32\drivers\ha10kx2k.sys
23:19:59.0406 3964 ha10kx2k - ok
23:19:59.0500 3964 hap16v2k (c0aff14e3096f749c79210dc0491a35e) C:\WINDOWS\system32\drivers\hap16v2k.sys
23:19:59.0500 3964 hap16v2k - ok
23:19:59.0609 3964 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:19:59.0609 3964 hidusb - ok
23:19:59.0687 3964 hpn - ok
23:19:59.0765 3964 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:19:59.0765 3964 HPZid412 - ok
23:19:59.0828 3964 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:19:59.0828 3964 HPZipr12 - ok
23:19:59.0890 3964 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:19:59.0890 3964 HPZius12 - ok
23:19:59.0984 3964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:19:59.0984 3964 HTTP - ok
23:20:00.0093 3964 i2omgmt - ok
23:20:00.0140 3964 i2omp - ok
23:20:00.0203 3964 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:20:00.0218 3964 i8042prt - ok
23:20:00.0296 3964 IDMTDI (a9d5c620b3f09eb15ca75f5fe3ee8d4b) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
23:20:00.0296 3964 IDMTDI - ok
23:20:00.0390 3964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:20:00.0390 3964 Imapi - ok
23:20:00.0468 3964 ini910u - ok
23:20:00.0515 3964 IntelIde - ok
23:20:00.0578 3964 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:20:00.0578 3964 ip6fw - ok
23:20:00.0671 3964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:20:00.0671 3964 IpFilterDriver - ok
23:20:00.0734 3964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:20:00.0734 3964 IpInIp - ok
23:20:00.0796 3964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:20:00.0812 3964 IpNat - ok
23:20:00.0921 3964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:20:00.0921 3964 IPSec - ok
23:20:00.0984 3964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:20:00.0984 3964 IRENUM - ok
23:20:01.0078 3964 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:20:01.0078 3964 isapnp - ok
23:20:01.0156 3964 isftrm (8a0f7a7b693054319a2d3e6bdd9a5b16) C:\WINDOWS\system32\isftrm.sys
23:20:01.0156 3964 isftrm - ok
23:20:01.0234 3964 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:20:01.0234 3964 Kbdclass - ok
23:20:01.0281 3964 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:20:01.0281 3964 kbdhid - ok
23:20:01.0359 3964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:20:01.0359 3964 kmixer - ok
23:20:01.0437 3964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:20:01.0437 3964 KSecDD - ok
23:20:01.0531 3964 lbrtfdc - ok
23:20:01.0671 3964 MBAMProtector - ok
23:20:01.0750 3964 MBAMSwissArmy - ok
23:20:01.0843 3964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:20:01.0843 3964 mnmdd - ok
23:20:01.0921 3964 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
23:20:01.0921 3964 Modem - ok
23:20:02.0000 3964 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
23:20:02.0000 3964 motccgp - ok
23:20:02.0062 3964 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
23:20:02.0062 3964 motccgpfl - ok
23:20:02.0140 3964 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\WINDOWS\system32\DRIVERS\motodrv.sys
23:20:02.0140 3964 MotDev - ok
23:20:02.0203 3964 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
23:20:02.0203 3964 motmodem - ok
23:20:02.0281 3964 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:20:02.0281 3964 Mouclass - ok
23:20:02.0343 3964 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:20:02.0343 3964 mouhid - ok
23:20:02.0406 3964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:20:02.0406 3964 MountMgr - ok
23:20:02.0484 3964 MPE (83eff7b976ae24f1a496ca94a8a19919) C:\WINDOWS\system32\DRIVERS\MPE.sys
23:20:02.0484 3964 MPE - ok
23:20:02.0546 3964 mraid35x - ok
23:20:02.0609 3964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:20:02.0609 3964 MRxDAV - ok
23:20:02.0718 3964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:20:02.0734 3964 MRxSmb - ok
23:20:02.0906 3964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:20:02.0906 3964 Msfs - ok
23:20:03.0000 3964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:20:03.0000 3964 MSKSSRV - ok
23:20:03.0062 3964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:20:03.0078 3964 MSPCLOCK - ok
23:20:03.0156 3964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:20:03.0156 3964 MSPQM - ok
23:20:03.0234 3964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:20:03.0234 3964 mssmbios - ok
23:20:03.0312 3964 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
23:20:03.0312 3964 MSTEE - ok
23:20:03.0390 3964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:20:03.0390 3964 Mup - ok
23:20:03.0453 3964 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:20:03.0453 3964 NABTSFEC - ok
23:20:03.0546 3964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:20:03.0546 3964 NDIS - ok
23:20:03.0625 3964 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:20:03.0625 3964 NdisIP - ok
23:20:03.0718 3964 NDISKIO - ok
23:20:03.0843 3964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:20:03.0843 3964 NdisTapi - ok
23:20:03.0906 3964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:20:03.0906 3964 Ndisuio - ok
23:20:03.0953 3964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:20:03.0968 3964 NdisWan - ok
23:20:04.0046 3964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:20:04.0046 3964 NDProxy - ok
23:20:04.0140 3964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:20:04.0140 3964 NetBIOS - ok
23:20:04.0218 3964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:20:04.0218 3964 NetBT - ok
23:20:04.0453 3964 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:20:04.0453 3964 nm - ok
23:20:04.0531 3964 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
23:20:04.0531 3964 NPF - ok
23:20:04.0625 3964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:20:04.0625 3964 Npfs - ok
23:20:04.0718 3964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:20:04.0718 3964 Ntfs - ok
23:20:04.0843 3964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:20:04.0843 3964 Null - ok
23:20:05.0281 3964 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:20:05.0421 3964 nv - ok
23:20:05.0531 3964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:20:05.0531 3964 NwlnkFlt - ok
23:20:05.0593 3964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:20:05.0593 3964 NwlnkFwd - ok
23:20:05.0703 3964 ossrv (262a62bfcece230e6b08c9c7c319d821) C:\WINDOWS\system32\drivers\ctoss2k.sys
23:20:05.0703 3964 ossrv - ok
23:20:05.0812 3964 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
23:20:05.0812 3964 Parport - ok
23:20:05.0859 3964 Partizan - ok
23:20:05.0937 3964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:20:05.0937 3964 PartMgr - ok
23:20:06.0015 3964 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:20:06.0015 3964 ParVdm - ok
23:20:06.0078 3964 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
23:20:06.0093 3964 PCI - ok
23:20:06.0156 3964 PCIDump - ok
23:20:06.0203 3964 PCIIde - ok
23:20:06.0265 3964 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:20:06.0265 3964 Pcmcia - ok
23:20:06.0375 3964 PDCOMP - ok
23:20:06.0421 3964 PDFRAME - ok
23:20:06.0468 3964 PDRELI - ok
23:20:06.0531 3964 PDRFRAME - ok
23:20:06.0578 3964 perc2 - ok
23:20:06.0640 3964 perc2hib - ok
23:20:06.0750 3964 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
23:20:06.0765 3964 pfc - ok
23:20:06.0812 3964 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
23:20:06.0828 3964 PfModNT - ok
23:20:06.0937 3964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:20:06.0953 3964 PptpMiniport - ok
23:20:07.0015 3964 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
23:20:07.0015 3964 Processor - ok
23:20:07.0109 3964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:20:07.0109 3964 PSched - ok
23:20:07.0203 3964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:20:07.0203 3964 Ptilink - ok
23:20:07.0281 3964 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:20:07.0281 3964 PxHelp20 - ok
23:20:07.0312 3964 ql1080 - ok
23:20:07.0359 3964 Ql10wnt - ok
23:20:07.0421 3964 ql12160 - ok
23:20:07.0468 3964 ql1240 - ok
23:20:07.0531 3964 ql1280 - ok
23:20:07.0578 3964 RadProbe (542b1691ffb42431728486deacc1294e) C:\WINDOWS\system32\DRIVERS\RadProbe.sys
23:20:07.0578 3964 RadProbe - ok
23:20:07.0656 3964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:20:07.0656 3964 RasAcd - ok
23:20:07.0781 3964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:20:07.0781 3964 Rasl2tp - ok
23:20:07.0875 3964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:20:07.0875 3964 RasPppoe - ok
23:20:07.0953 3964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:20:07.0968 3964 Raspti - ok
23:20:08.0031 3964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:20:08.0046 3964 Rdbss - ok
23:20:08.0156 3964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:20:08.0156 3964 RDPCDD - ok
23:20:08.0265 3964 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:20:08.0281 3964 RDPWD - ok
23:20:08.0359 3964 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:20:08.0375 3964 redbook - ok
23:20:08.0531 3964 rtl8029 (493b54a894a6e70dd02961a68db8863f) C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
23:20:08.0531 3964 rtl8029 - ok
23:20:08.0562 3964 S5S7DRV - ok
23:20:08.0640 3964 S7opcsrtx (f38878173533a07cccb1e4c8e3981ed9) C:\WINDOWS\system32\DRIVERS\s7opcsrtx.sys
23:20:08.0640 3964 S7opcsrtx - ok
23:20:08.0734 3964 s7snsrtx (1b2666464be6719e1122c53eba487dd6) C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys
23:20:08.0734 3964 s7snsrtx - ok
23:20:08.0875 3964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:20:08.0875 3964 Secdrv - ok
23:20:08.0984 3964 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:20:08.0984 3964 serenum - ok
23:20:09.0046 3964 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
23:20:09.0046 3964 Serial - ok
23:20:09.0218 3964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:20:09.0218 3964 Sfloppy - ok
23:20:09.0312 3964 Simbad - ok
23:20:09.0375 3964 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:20:09.0375 3964 SLIP - ok
23:20:09.0500 3964 snapman (e92be8a451c56b5506f0f3eba2a3628e) C:\WINDOWS\system32\DRIVERS\snapman.sys
23:20:09.0500 3964 snapman - ok
23:20:09.0609 3964 SNTIE (4c48b120ce88d2b9bc11c56e7c955084) C:\WINDOWS\system32\DRIVERS\sntie.sys
23:20:09.0609 3964 SNTIE - ok
23:20:09.0734 3964 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:20:09.0734 3964 SONYPVU1 - ok
23:20:09.0781 3964 Sparrow - ok
23:20:09.0875 3964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:20:09.0875 3964 splitter - ok
23:20:10.0000 3964 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys
23:20:10.0000 3964 sptd - ok
23:20:10.0109 3964 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
23:20:10.0109 3964 sr - ok
23:20:10.0218 3964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:20:10.0218 3964 Srv - ok
23:20:10.0328 3964 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:20:10.0343 3964 ssmdrv - ok
23:20:10.0421 3964 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:20:10.0421 3964 streamip - ok
23:20:10.0484 3964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:20:10.0484 3964 swenum - ok
23:20:10.0546 3964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:20:10.0546 3964 swmidi - ok
23:20:10.0656 3964 symc810 - ok
23:20:10.0703 3964 symc8xx - ok
23:20:10.0750 3964 sym_hi - ok
23:20:10.0796 3964 sym_u3 - ok
23:20:10.0875 3964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:20:10.0875 3964 sysaudio - ok
23:20:11.0015 3964 Tcpip (05f3441246bfedc2a5b12cf827012f7f) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:20:11.0031 3964 Tcpip - ok
23:20:11.0125 3964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:20:11.0125 3964 TDPIPE - ok
23:20:11.0171 3964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:20:11.0171 3964 TDTCP - ok
23:20:11.0250 3964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:20:11.0250 3964 TermDD - ok
23:20:11.0343 3964 TosIde - ok
23:20:11.0406 3964 TridDev (09373edad91f02f35fcd85b99a47db40) C:\WINDOWS\system32\DRIVERS\Triddev.sys
23:20:11.0406 3964 TridDev - ok
23:20:11.0484 3964 TridVid (564b20911dd5ffe6aad061b867bc71c3) C:\WINDOWS\system32\DRIVERS\TridVid.sys
23:20:11.0484 3964 TridVid - ok
23:20:11.0609 3964 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
23:20:11.0609 3964 TVICHW32 - ok
23:20:11.0687 3964 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:20:11.0687 3964 uagp35 - ok
23:20:11.0750 3964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:20:11.0750 3964 Udfs - ok
23:20:11.0796 3964 ultra - ok
23:20:11.0875 3964 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Programmi\Unlocker\UnlockerDriver5.sys
23:20:11.0875 3964 UnlockerDriver5 - ok
23:20:11.0984 3964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:20:12.0000 3964 Update - ok
23:20:12.0140 3964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:20:12.0140 3964 usbccgp - ok
23:20:12.0203 3964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:20:12.0203 3964 usbehci - ok
23:20:12.0281 3964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:20:12.0281 3964 usbhub - ok
23:20:12.0343 3964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:20:12.0343 3964 usbprint - ok
23:20:12.0406 3964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:20:12.0406 3964 usbscan - ok
23:20:12.0484 3964 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
23:20:12.0484 3964 usbsermpt - ok
23:20:12.0546 3964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:20:12.0546 3964 USBSTOR - ok
23:20:12.0640 3964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:20:12.0640 3964 usbuhci - ok
23:20:12.0703 3964 VBoxDrv (49a4673b3e1e167fe5c18f6571d00af5) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
23:20:12.0703 3964 VBoxDrv - ok
23:20:12.0796 3964 VBoxNetAdp (a471884d136dce3cec878ddab5acaebe) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
23:20:12.0796 3964 VBoxNetAdp - ok
23:20:12.0890 3964 VBoxNetFlt (af33dc300f15505321efb49c58016258) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
23:20:12.0906 3964 VBoxNetFlt - ok
23:20:12.0984 3964 VBoxUSBMon (3cdc46bc988ce3921c4e9480a56afd8e) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
23:20:12.0984 3964 VBoxUSBMon - ok
23:20:13.0046 3964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:20:13.0046 3964 VgaSave - ok
23:20:13.0093 3964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:20:13.0093 3964 ViaIde - ok
23:20:13.0171 3964 viamraid (00046aa2e396edc2238556e740a8e5af) C:\WINDOWS\system32\DRIVERS\viamraid.sys
23:20:13.0171 3964 viamraid - ok
23:20:13.0265 3964 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\WINDOWS\system32\DRIVERS\videX32.sys
23:20:13.0265 3964 videX32 - ok
23:20:13.0312 3964 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
23:20:13.0328 3964 vncmirror - ok
23:20:13.0406 3964 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
23:20:13.0406 3964 VolSnap - ok
23:20:13.0531 3964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:20:13.0531 3964 Wanarp - ok
23:20:13.0640 3964 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:20:13.0640 3964 Wdf01000 - ok
23:20:13.0734 3964 WDICA - ok
23:20:13.0812 3964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:20:13.0812 3964 wdmaud - ok
23:20:13.0953 3964 WINIO (363438fbfd6dbf489c2d65ab25c2c5b4) C:\WINDOWS\system32\winio.sys
23:20:13.0953 3964 WINIO - ok
23:20:14.0203 3964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:20:14.0203 3964 WS2IFSL - ok
23:20:14.0296 3964 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:20:14.0296 3964 WSTCODEC - ok
23:20:14.0390 3964 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:20:14.0390 3964 WudfPf - ok
23:20:14.0468 3964 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:20:14.0468 3964 WudfRd - ok
23:20:14.0656 3964 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
23:20:14.0734 3964 \Device\Harddisk0\DR0 - ok
23:20:14.0781 3964 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR3
23:20:14.0781 3964 \Device\Harddisk1\DR3 - ok
23:20:14.0828 3964 Boot (0x1200) (9fe5d7b85c03ce8585db0aa2f7b72c32) \Device\Harddisk0\DR0\Partition0
23:20:14.0828 3964 \Device\Harddisk0\DR0\Partition0 - ok
23:20:14.0859 3964 Boot (0x1200) (e224ad94c5fbcde99b78ab1ad3adba1b) \Device\Harddisk0\DR0\Partition1
23:20:14.0859 3964 \Device\Harddisk0\DR0\Partition1 - ok
23:20:14.0890 3964 Boot (0x1200) (32dfc845ae2e4276bbec954c2680861c) \Device\Harddisk1\DR3\Partition0
23:20:14.0890 3964 \Device\Harddisk1\DR3\Partition0 - ok
23:20:14.0906 3964 ============================================================
23:20:14.0906 3964 Scan finished
23:20:14.0906 3964 ============================================================
23:20:14.0953 2456 Detected object count: 0
23:20:14.0953 2456 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 AM

Posted 16 December 2011 - 09:21 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Pidgeon

Pidgeon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 17 December 2011 - 09:14 AM

Hello, when I run ComboFix, an error window appeared, like this:

Posted Image

The error was related to PEV.3XE, and it occured between stage 1 and stage 2.

I closed the error window, and waited for the remaining stages to be completed.

ComboFix produced the following log:

ComboFix 11-12-16.03 - Pidgeon 17/12/2011 4.14.43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1580 [GMT 1:00]
Eseguito da: c:\documents and settings\Pidgeon\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5C49-7C92-0300-000100000000}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components2\idmhelper.js
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components2\idmhelper2.js
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components2\idmmzcc.dll
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\install.js
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\install.rdf
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\Pidgeon\Dati applicazioni\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\Pidgeon\Dati applicazioni\Pidgeonlog.dat
c:\documents and settings\Pidgeon\System
c:\documents and settings\Pidgeon\System\win_qs8.jqx
c:\documents and settings\Pidgeon\usbsermpt.sys
c:\documents and settings\Pidgeon\usbsermptxp.sys
C:\DSC02799.JPG
C:\RECYCLE
c:\recycler\k-1-3542-4232123213-7676767-8888886
c:\windows\alcrmv.exe
c:\windows\iun6002.exe
c:\windows\system32\paqbonus.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\WinIo.sys
c:\windows\system32\winping.exe
c:\windows\system32\zlibwapi.dll
c:\windows\XSxS
D:\setup.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-17 al 2011-12-17 )))))))))))))))))))))))))))))))))))
.
.
2011-11-29 20:29 . 2011-11-29 20:29 -------- d-----w- c:\documents and settings\Pidgeon\Dati applicazioni\Malwarebytes
2011-11-29 20:29 . 2011-11-29 20:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-11-25 21:12 . 2011-11-25 21:12 -------- d-----w- c:\programmi\File comuni\Steam
2011-11-17 16:33 . 2011-11-17 16:33 -------- d-----w- c:\documents and settings\Pidgeon\Impostazioni locali\Dati applicazioni\ABBYY
2011-11-17 16:31 . 2011-11-17 16:31 -------- d-----w- c:\programmi\File comuni\Adobe
2011-11-17 16:31 . 2011-11-17 16:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ABBYY
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 19:35 . 2011-05-20 23:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2003-04-08 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 20:35 . 2003-04-08 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2011-11-04 12:42 . 2011-11-04 12:42 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-11-04 12:42 . 2010-11-12 01:19 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-11-04 12:42 . 2010-11-12 01:19 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-11-04 12:42 . 2010-10-08 14:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-11-04 12:42 . 2011-11-04 12:42 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-11-01 20:35 . 2008-07-02 00:28 81920 ------w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2003-04-08 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2003-04-08 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:34 . 2008-07-02 00:28 371200 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-04-08 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-04-08 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2003-04-08 12:00 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2002-09-09 13:34 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 22:04 . 2011-10-25 22:04 1499305 ----a-w- C:\orcad_tutor.zip
2011-10-18 11:13 . 2003-04-08 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-07-02 00:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2003-04-08 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2003-04-08 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2003-04-08 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2011-11-10 14:55 . 2011-09-29 10:59 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-12 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2011-11-12 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2003-04-08 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 68216 ----a-w- c:\programmi\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
c:\documents and settings\Pidgeon\Menu Avvio\Programmi\Esecuzione automatica\
HBCDMenu.lnk - d:\tools\HBCDMenu\HBCDMenu.bat [2011-7-1 46]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PDFCreator.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pidgeon^Menu Avvio^Programmi^Esecuzione automatica^Alliance background mode.lnk]
path=c:\documents and settings\Pidgeon\Menu Avvio\Programmi\Esecuzione automatica\Alliance background mode.lnk
backup=c:\windows\pss\Alliance background mode.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pidgeon^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Pidgeon\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
c:\programmi\install\Update_KB5767887647 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
c:\programmi\install\Update_KB5767887647 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-08-28 08:45 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2009-09-30 14:48 7924056 ----a-w- c:\programmi\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 17:29 39264 ----a-w- c:\progra~1\FILECO~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX610FW(Rete)]
2009-01-26 06:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFJE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2003-07-25 09:15 536576 ----a-w- c:\programmi\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-02-05 22:00 843776 ----a-w- c:\programmi\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 20:30 133104 ----atw- c:\documents and settings\Pidgeon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-13 07:43 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-28 23:00 28672 ----a-w- c:\programmi\Creative\SBLive\Program\ADGJDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 07:26 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-05-25 07:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 10:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2003-04-08 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2003-04-08 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2009-09-02 03:16 4643840 ----a-w- c:\programmi\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"RadClock"=2 (0x2)
"MDM"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"WinVNC4"=3 (0x3)
"DriveSitterService"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"matlabserver"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"O&O Defrag"=2 (0x2)
"niSvcLoc"=2 (0x2)
"NILM License Manager"=3 (0x3)
"NIDomainService"=2 (0x2)
"lkTimeSync"=2 (0x2)
"lkClassAds"=2 (0x2)
"LkCitadelServer"=2 (0x2)
"IDriverT"=3 (0x3)
"GatewayAgentService"=2 (0x2)
"gupdate"=2 (0x2)
"EpsonBidirectionalService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Default User\\Local Settings\\Temp\\aefl5y7k4d\\bittorrent.exe"=
"d:\\P._BitTorrent_6__M.lang._by_yerdenizden\\bittorrent.exe"=
"d:\\Programmi\\uTorrentPortable\\App\\utorrent\\utorrent.exe"=
"d:\\SkypePortable\\App\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Programmi\\uTorrentPortable\\App\\utorrent\\uSerenity.exe"=
"d:\\Spotify Installer\\spotify.exe"=
"d:\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sproute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\cdnsip.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\sip_upd_views.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\dfII\\bin\\allegro2dfII.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\paksi\\paksi.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\diacompare.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\a2olp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\3dviewer\\3dvu.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\3dviewer\\3didrc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\apd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\spectre\\bin\\spectre.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fpImportBrd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fasthenry.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sp2sp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\chsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\cktlab.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\cktsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\stream_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\rd_stream.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vedit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibchk.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibftb.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibgenxmpl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\gscald.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\genvhdltb.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\hdldirect.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lwbhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lwbxprobe.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ncrun.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\netassembler.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\testbench.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\writesdf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\rfpcbiff2hdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dlibx2iff.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pxl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pxlhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\olecs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\metadataStatic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\allegro2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\apd2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cap2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cap2xml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\compare2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2cap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2csv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2mentor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2viewlogic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2xml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\csv2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\csv2ptf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\diffengine.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\dml2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\fpga2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ibis2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lib2cellptf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\mentor2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\metadatagenx.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pinpak2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ptm2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\text2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\verilog2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vhdl2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\viewlogic2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xml2cap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xml2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xml2scr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\LibFlow.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\libexp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pdv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ptf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsqmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\lbsrun.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsserv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\hfsymmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\iff2hdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\iff2hdlui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\updloc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmcancel.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmci.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmco.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmdelete.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmexecute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmexport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmhistory.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmsetdefver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmsetname.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmstatus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmsubmit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmci.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmco.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmdelete.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmexecute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmexport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmhistory.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmsetdefver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmsetname.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmstatus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmsubmit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\Ercdx.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\c2econn.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\c2esch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\e2cconn.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\e2csch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\edif300ui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\edbconfig.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\designmanager.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ds.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\rfpcbtopologyimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\testpf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vdd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\da.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\ccpDfIICatUpdtr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\ccpVerilogUpdtr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\ccpVhdlUpdtr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsCopyShell.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\creferhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\creferui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cnskill.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\AppMgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\TransOLB.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\concept2cm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\concepthdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\genviewHDL.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\opfclean.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\opfgen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\partmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\tsttrans.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\update.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vhdlsplit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\nconcepthdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\section\\bin\\vlogports.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\copyproject.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\copyprojectui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\csnetlister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\section\\section.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\checkplus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\checkplusui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xil2cdshdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\PICRedrawhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\buildphysical.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cfg2vhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\concept2picvendor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\genpinlist.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pic5xlibs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pichdlimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\picnetlister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\picvendor2concept.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\placeroute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\sir2edf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\verifypnr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\verifysynthesis.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\alt2cds.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\act2cds.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\bom.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\bomhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\archcore.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\archiver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\archopen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsarchiver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\verilogimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsarchive.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsreportgen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\scm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\sipsimnetlister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsschgendocprog.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsxmltoschematic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sigxp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\lis2buf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\modeleditor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\modelintegrity.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\modelsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spc2dml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\specctra\\bin\\mbs2sp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\specctra\\bin\\sp2mbs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\specctra\\bin\\specctra.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spif.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spif_batch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\swap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\placement.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\l2a.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pads_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pcad_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\netin.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\explot.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\gloss.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\gbplot.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fill_ipf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\genrad.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\strip_ger.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\convert_ger.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ncroute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\nctape.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ipc356_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\iges_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\iges_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pdf_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\idx_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\idf_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\idf_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\netrev.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\baf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\genfeedformat.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\artwork.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\a2dxf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dxf2a.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\publishpdf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fsp\\bin\\fsp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\stmed.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\IndiceFileGeneration.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\MrkSrvr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\PSpiceEnc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\SimSrvr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\psp_cmd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\simmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\pspice.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\ModelEd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\Magneticdesigner.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\pspiceaa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\aconvmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dmlcheck.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\emvviewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ftsmerge.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibis2signoise.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibischk3.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibischk4.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibischk5.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\icmchk.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mergedml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\quad2signoise.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sigwave.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sigxsect.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spc2spc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\tlsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ts2dml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mkdeviceindex.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dml2brd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\brd2dml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dmlcrypt.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\aprepmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ashowmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\dfII\\bin\\skill.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\dfII\\bin\\skill_g.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\sch2cap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\mkdefcfg.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\versiontool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\regsvr32.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\PSpiceExplorerSrvr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pseteditor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cpmaccess.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\libaccess.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\projmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\conceptNmpListCheck.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\productServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\perl5\\bin\\perl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\perl5\\bin\\perlglob.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\perl5\\ntt\\cmd32.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\def2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\lef2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2def.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2lef.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2spef.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2strm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2verilog.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oaDMTurboServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oaFSLockD.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oaGetVersion.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\spef2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\strm2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\verilog2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\verilogAnnotate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\msbase\\vcredist_x86.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsRemote.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsRemshClient.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsNameServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\mpsinfo.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsRunHidden.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsServIpc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsMsgServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsmps.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\sipDiffViewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\bodygen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\newgenasym.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\emsChecker.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\emsMkError.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\msgHelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cmfeedback.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\consmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\clu.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\van.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\tcl\\bin\\tclsh80.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\tcl\\bin\\wish80.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\assistant.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\assistant_adp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\designer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\dumpcpp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\idc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\lconvert.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\linguist.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\lrelease.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\lupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\moc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\pixeltool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qcollectiongenerator.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qhelpconverter.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qhelpgenerator.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qmake.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qt3to4.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qtdemo.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\rcc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\uic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\uic3.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\xmlpatterns.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\java-rmi.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\java.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\javacpl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\javaw.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\javaws.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\jucheck.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\jureg.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\jusched.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\keytool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\kinit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\klist.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\ktab.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\orbd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\pack200.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\policytool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\rmid.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\rmiregistry.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\servertool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\ssvagent.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\tnameserv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\unpack200.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsinfo.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsOaPathUtil.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsUnzip.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdswhich.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsZip.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cds_root.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\clsAdminTool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\clsbd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dregprint.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\nmp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\nmppath.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\tclsh.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\tclsh84.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\wish.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\wish84.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\tutorial\\Captutor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\pstswp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\Capture.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\comp16.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\Pcadi.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdnshelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\cdnshelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\cdnshelpindexer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\indexer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\tagtest.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\topicgen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\_cdnshelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro_viewer_plus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pe_wordpad.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\smpd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\wmpiregister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mpiexec.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\wmpiexec.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\wmpiconfig.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\FSvia.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\FSviaSolver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\bem2d.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ems2d.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\il_allegro.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\j2script.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mbs2brd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mbs2lib.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\refresh_vs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\parallel.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fatten.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mcm_escapes.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\reftxt.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\gate_assign.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\extracta.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\report.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\zrouter.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pre_check.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\refresh_padstack.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\refresh_symbol.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\signoise.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sys_root.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile14.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile15.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\downrev14.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile13.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbdoctor15.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbfix11.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbdoctor14.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\downrev15.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbfix12.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbfix13.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pad_designer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\switchversion.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\batch_drc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\create_sym.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\plctxt.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\create_devices.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\convert_gerber.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dump_libraries.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\draw_check.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\bbvia.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro_batch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dbdoctor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dbdoctor_ui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dfa_dlg.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dfa_update.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\downrev_library.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\enved.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fpbrowse.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\qvupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\uprev.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dbstat.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\db_change_type.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\flash_convert.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\layer_compare.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\systemdump.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro_free_viewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\rollback.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\purge.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lrm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pcbCache.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\versionviewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\Licensing\\LicenseClientConfiguration.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\xcon2project.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\QPSetEditor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\UniversalBrowser.exe"=
"d:\\gjk\\BitComet_1.30\\BitComet.exe"=
"c:\\Documents and Settings\\Pidgeon\\Desktop\\MalwarebytesPortable\\App\\Malwarebytes\\mbam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21267:TCP"= 21267:TCP:BitComet 21267 TCP
"21267:UDP"= 21267:UDP:BitComet 21267 UDP
"16725:TCP"= 16725:TCP:BitComet 16725 TCP
"16725:UDP"= 16725:UDP:BitComet 16725 UDP
"23729:TCP"= 23729:TCP:BitComet 23729 TCP
"23729:UDP"= 23729:UDP:BitComet 23729 UDP
"26610:TCP"= 26610:TCP:BitComet 26610 TCP
"26610:UDP"= 26610:UDP:BitComet 26610 UDP
"11121:TCP"= 11121:TCP:BitComet 11121 TCP
"11121:UDP"= 11121:UDP:BitComet 11121 UDP
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [23/12/2010 20.00.32 98032]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/11/2010 2.19.19 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/11/2010 2.19.12 91440]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [18/06/2011 21.13.30 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [18/06/2011 21.13.32 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [18/06/2011 21.13.30 428200]
R2 Cadence License Manager;Cadence License Manager;d:\programmi\Cadence\LicenseManager\lmgrd.exe [25/10/2011 19.55.07 1379664]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [27/03/2009 10.24.02 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol V1.0;c:\windows\system32\drivers\s7snsrtx.sys [24/02/2009 17.39.58 73088]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [08/10/2010 15.57.54 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [04/11/2011 13.42.02 116016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 MBAMService;MBAMService;c:\documents and settings\Pidgeon\Desktop\MalwarebytesPortable\App\Malwarebytes\mbamservice.exe [31/08/2011 16.00.48 366152]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [24/02/2010 19.24.57 135664]
S3 isftrm;isftrm;c:\windows\system32\isftrm.sys [02/01/2011 16.59.39 4096]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [30/06/2009 15.45.20 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [30/06/2009 15.45.20 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [30/06/2009 15.45.20 42112]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Pidgeon\IMPOST~1\Temp\0000071d.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Pidgeon\IMPOST~1\Temp\0000071d.nmc\nse\bin\ndiskio.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21.22.06 34064]
S3 S5S7DRV;S5S7DRV;\??\d:\s5w\S5S7DRV.SYS --> d:\s5w\S5S7DRV.SYS [?]
S3 TridDev;USB Hybrid TV Device (TM6000);c:\windows\system32\drivers\Triddev.sys [18/06/2009 22.34.02 3584]
S3 TridVid;USB Hybrid TV Receiver (TM6000);c:\windows\system32\drivers\TridVid.sys [18/06/2009 22.34.02 190208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S3 ZQB;ZQB;c:\docume~1\Pidgeon\IMPOST~1\Temp\ZQB.exe --> c:\docume~1\Pidgeon\IMPOST~1\Temp\ZQB.exe [?]
S4 GatewayAgentService;O&O Gateway Agent Service;c:\programmi\OO Software\Shared\GatewayAgent\ooemcgats.exe [27/10/2008 13.19.20 320768]
S4 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [24/02/2010 19.24.57 135664]
S4 IS360service;IS360service;c:\programmi\IObit\IObit Security 360\is360srv.exe [15/08/2010 2.21.48 312152]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/07/2008 16.48.30 717296]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-16 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-24 18:24]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-24 18:24]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1604221776-725345543-1005Core.job
- c:\documents and settings\Pidgeon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-02 20:30]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1604221776-725345543-1005UA.job
- c:\documents and settings\Pidgeon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-02 20:30]
.
2011-12-17 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programmi\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
2011-12-17 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-07-24 16:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: &U????????????
IE: &U???????????? - c:\programmi\NamiRobot\Data\du.html
IE: Download with GetRight Pro - c:\programmi\GetRight\GRdownload.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\programmi\GetRight\GRbrowse.htm
IE: Scarica con IDM - c:\programmi\Internet Download Manager\IEExt.htm
IE: Scarica con IDM contenuti video FLV - c:\programmi\Internet Download Manager\IEGetVL.htm
IE: Scarica tutti i link con IDM - c:\programmi\Internet Download Manager\IEGetAll.htm
IE: Scarica tutto usando BitComet - d:\gjk\BitComet_1.30\BitComet.exe/AddAllLink.htm
IE: Scarica usando &BitComet - d:\gjk\BitComet_1.30\BitComet.exe/AddLink.htm
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 85.17.255.198 46.19.33.120
DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} - hxxp://www.amm.unibs.it/content/static/ecm/activex/Enable_Edit_In_Place.cab
FF - ProfilePath - c:\documents and settings\Pidgeon\Dati applicazioni\Mozilla\Firefox\Profiles\o7kbqkr3.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-109 - c:\programmi\LP\A72E\109.exe
MSConfigStartUp-AtiPTA - atiptaxx.exe
MSConfigStartUp-DriveSitter Pro - c:\programmi\DriveSitter\DriveSitter.exe
MSConfigStartUp-eFp5Q7ERYUB0bnQ - c:\documents and settings\Pidgeon\Dati applicazioni\dwme.exe
MSConfigStartUp-Grid Service - c:\program files\GridService\peer.exe
MSConfigStartUp-Hard Disk Sentinel - c:\docume~1\Pidgeon\IMPOST~1\Temp\HBCD\HDSentinel\HDSentinel.exe
MSConfigStartUp-JffL8gTZYVrOti38234A - c:\windows\system32\AV Security 2012v121.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-NI Background Service - c:\programmi\National Instruments\Shared\Update Service\BackgroundService.exe
MSConfigStartUp-POrAEHHCNGan - c:\documents and settings\All Users\Dati applicazioni\POrAEHHCNGan.exe
MSConfigStartUp-PureSync - c:\programmi\PureSync\PureSyncTray.exe
MSConfigStartUp-S7UB Start - c:\programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe
AddRemove-Functional Ear Trainer - Basic 1.2 - c:\programmi\Functional Ear Trainer - Basic\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 04:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-1604221776-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="DF3B6CA32A3312424BB4C7C01FC4EB626EA537CB25ADF554C02C4276BD97A8E4BC37145FBB866FD68DE7D182E08A2B5D1B03C1C546787F2D59F3C88D1C2FF71B6EE0AC61B37976C7274AAF25DEF47162BC3FFBDC9A8B88F3E62054058A80DF3D4172A578C888572802BD5868FDF684467A85FDE0D175095BEE45C35D27512D80B70A44762552544EBB8A941015A8BC202EE537A41367105DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555533110AEE8E8DECE23ABF1F545EDF8ABABEF6A27997037CD8EB114571897E4A0BE7E0FCCE199AB35486C6DD0A9B6AB1662606AFD3942D4A0D3DB73283CC11E7828E57ED7570D03803576B64A1C97526FEBFDF10D402CD1E803F7F79DAC522DAEE587A0AAD9B4B4607AB1344F7919F247B71C2CF1F7ED093588DD34A5C267DE7500650BA2ECA225C7DFEA214E1367A6F1E86D19CD1CEEE8DC04CC8D3048BD17C2366827A38890CBEDDED10B3A2DD59A87D68D8C44E1B8F1F7CBE8BAB37DB84ECF77DBB4139959B6CCA77B568C805710640EF72F80EC78BCE36637482B145F0E9C6B6FC2DC7E7C04259BDFB83F3B855BA94D8F7BAB590072C111A09991335CF769EA35B86E8C9E697A52DB3DD2FD1DE6390898C178B3C651F63D76616B767E3DBE82A4D0BB0B082F12142FC2CB5D00AF3C663EA51CFD65ACAC0EE9A8BCEC3A2664F51A96BBB6A33078617E7B2FE33147A0430C1F4DAF1A68CFDC8F4D8E19A38CE8B8D5EEE63F02DEFCECD36F0C0CD951132EF4F94A30C6029035E4FEEFF277E19F75788CBD49D6BDB19C9878EEC8490A0BEACC56D3E07185E659C643F2E315281E880B7B42EBFAE5ED8A2045EDFE6D3C3F714E272D90C495883CF7712B4CFD763E847A98FAB3E7834D051C591F865DC92B6C95359F870DE775081E39347F5AF81FAF1416729F3F562F0F270B1EADCF2910BC251BF8FEBCC86D1845182AC273EE21018A7838A5C4B336DF3D848BB52461F1F4E1C98724EA94F47CD96430D2B92AEBA8F79BDD2C6103C962BC450B51D81218DB9503A21B4F3ED67AAE466ADD3F14E886D5ABFB8F1E4115B2ECA0C32C15EA10EDEDE120784A4C9F8AFA3C0408BB26C63184AA2A212EFD0725F43C6162A032A85B7BCEDFC55BD89F59D9152AE68970F77145EE0923E25DD240E014930568C0F606340DBF822A926DC647F58D06A796B1C4C2213B4E3619EF3E21F50E197D045206702D259F7FBAE0E828D865E4B84EEEDC8641E64FC27B990E0B840896947CD7286F1779834A281886408969F40465EC20019E37C4C8664ED0D5373EEC86C0E7EAD089A9879C45F29C3DA85920F3B8AEA60460DAC3AA4D525E9E58EFF950F825011B11A47B2B9098"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\myokent.dll
.
- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\myokent.dll
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2011-12-17 04:31:36
ComboFix-quarantined-files.txt 2011-12-17 03:31
.
Pre-Run: 1.631.334.400 byte disponibili
Post-Run: 1.679.544.320 byte disponibili
.
- - End Of File - - 0642C359C657BD8AF6C0CCC7B2EDE5E7




I noticed that combofix moved some of my files to a quarantine folder, but I think some of them are harmless (for example, DSC02799.JPG).

After having ran fixTDSS, the redirects disappeared, and now I'm more than happy.

How do I know which files moved by combofix are malicious or not?

Thank you!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 AM

Posted 17 December 2011 - 11:47 AM

Hello

That file may not be harmful but it is in a very uncommon place for that type of file, I can replace the file if you wish but it will need to be moved once it is replaced


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Pidgeon

Pidgeon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 18 December 2011 - 07:22 PM

Hello, I started ComboFix with your script, and the "pev.3XE" error I mentioned in my previous post, appeared again (between Stage 1 and Stage 2).

When I closed the error window, ComboFix went ahead executing the remaining stages.

ComboFix produced the following log:

ComboFix 11-12-18.01 - Pidgeon 18/12/2011 23.39.42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1530 [GMT 1:00]
Eseguito da: c:\documents and settings\Pidgeon\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Pidgeon\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5C49-7C92-0300-000100000000}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-18 al 2011-12-18 )))))))))))))))))))))))))))))))))))
.
.
2011-12-14 21:47 . 2011-12-14 21:47 -------- d-----w- C:\mainWinast
2011-12-09 20:46 . 2011-12-09 20:46 -------- d-----w- C:\found.000
2011-12-09 19:10 . 2011-12-09 19:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-12-09 01:26 . 2011-12-09 01:26 -------- d-----w- c:\programmi\Hitman Pro 3.5
2011-12-07 18:36 . 2011-12-09 01:31 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-07 18:33 . 2011-12-07 18:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hitman Pro
2011-12-05 00:08 . 2011-12-05 06:47 -------- d-----w- c:\documents and settings\Pidgeon\DoctorWeb
2011-12-04 02:12 . 2011-12-04 02:22 -------- d-----w- C:\abc
2011-12-03 02:33 . 2011-12-04 02:05 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\TSVNCache
2011-11-29 20:29 . 2011-11-29 20:29 -------- d-----w- c:\documents and settings\Pidgeon\Dati applicazioni\Malwarebytes
2011-11-29 20:29 . 2011-11-29 20:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-11-25 21:12 . 2011-11-25 21:12 -------- d-----w- c:\programmi\File comuni\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 19:35 . 2011-05-20 23:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2003-04-08 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 20:35 . 2003-04-08 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2011-11-04 12:42 . 2011-11-04 12:42 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-11-04 12:42 . 2010-11-12 01:19 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-11-04 12:42 . 2010-11-12 01:19 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-11-04 12:42 . 2010-10-08 14:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-11-04 12:42 . 2011-11-04 12:42 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-11-01 20:35 . 2008-07-02 00:28 81920 ------w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2003-04-08 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2003-04-08 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:34 . 2008-07-02 00:28 371200 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-04-08 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-04-08 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2003-04-08 12:00 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2002-09-09 13:34 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 22:04 . 2011-10-25 22:04 1499305 ----a-w- C:\orcad_tutor.zip
2011-10-18 11:13 . 2003-04-08 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-07-02 00:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2003-04-08 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2003-04-08 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2003-04-08 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2011-11-10 14:55 . 2011-09-29 10:59 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-12 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2011-11-12 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2003-04-08 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 68216 ----a-w- c:\programmi\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
c:\documents and settings\Pidgeon\Menu Avvio\Programmi\Esecuzione automatica\
HBCDMenu.lnk - d:\tools\HBCDMenu\HBCDMenu.bat [2011-7-1 46]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PDFCreator.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pidgeon^Menu Avvio^Programmi^Esecuzione automatica^Alliance background mode.lnk]
path=c:\documents and settings\Pidgeon\Menu Avvio\Programmi\Esecuzione automatica\Alliance background mode.lnk
backup=c:\windows\pss\Alliance background mode.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pidgeon^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Pidgeon\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
c:\programmi\install\Update_KB5767887647 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
c:\programmi\install\Update_KB5767887647 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-08-28 08:45 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2009-09-30 14:48 7924056 ----a-w- c:\programmi\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 17:29 39264 ----a-w- c:\progra~1\FILECO~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX610FW(Rete)]
2009-01-26 06:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFJE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2003-07-25 09:15 536576 ----a-w- c:\programmi\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-02-05 22:00 843776 ----a-w- c:\programmi\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 20:30 133104 ----atw- c:\documents and settings\Pidgeon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-13 07:43 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-28 23:00 28672 ----a-w- c:\programmi\Creative\SBLive\Program\ADGJDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 07:26 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-05-25 07:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 10:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2003-04-08 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2003-04-08 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2009-09-02 03:16 4643840 ----a-w- c:\programmi\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"RadClock"=2 (0x2)
"MDM"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"WinVNC4"=3 (0x3)
"DriveSitterService"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"matlabserver"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"O&O Defrag"=2 (0x2)
"niSvcLoc"=2 (0x2)
"NILM License Manager"=3 (0x3)
"NIDomainService"=2 (0x2)
"lkTimeSync"=2 (0x2)
"lkClassAds"=2 (0x2)
"LkCitadelServer"=2 (0x2)
"IDriverT"=3 (0x3)
"GatewayAgentService"=2 (0x2)
"gupdate"=2 (0x2)
"EpsonBidirectionalService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Default User\\Local Settings\\Temp\\aefl5y7k4d\\bittorrent.exe"=
"d:\\P._BitTorrent_6__M.lang._by_yerdenizden\\bittorrent.exe"=
"d:\\Programmi\\uTorrentPortable\\App\\utorrent\\utorrent.exe"=
"d:\\Programmi\\uTorrentPortable\\App\\utorrent\\uSerenity.exe"=
"d:\\Spotify Installer\\spotify.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sproute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\cdnsip.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\sip_upd_views.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\dfII\\bin\\allegro2dfII.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\paksi\\paksi.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\diacompare.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\a2olp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\3dviewer\\3dvu.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\3dviewer\\3didrc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\apd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\spectre\\bin\\spectre.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fpImportBrd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fasthenry.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sp2sp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\chsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\cktlab.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\cktsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\stream_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\rd_stream.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vedit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibchk.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibftb.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibgenxmpl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\libutil\\hlibsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\gscald.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\genvhdltb.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\hdldirect.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lwbhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lwbxprobe.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ncrun.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\netassembler.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\testbench.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\writesdf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\rfpcbiff2hdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dlibx2iff.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pxl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pxlhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\olecs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\metadataStatic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\allegro2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\apd2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cap2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cap2xml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\compare2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2cap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2csv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2mentor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2viewlogic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\con2xml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\csv2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\csv2ptf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\diffengine.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\dml2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\fpga2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ibis2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lib2cellptf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\mentor2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\metadatagenx.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pinpak2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ptm2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\text2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\verilog2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vhdl2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\viewlogic2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xml2cap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xml2con.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xml2scr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\LibFlow.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\libexp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pdv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ptf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsqmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\lbsrun.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsserv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\hfsymmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\iff2hdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\iff2hdlui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\updloc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmcancel.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmci.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmco.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmdelete.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmexecute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmexport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmhistory.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmsetdefver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmsetname.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmstatus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmsubmit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\gdmupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmci.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmco.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmdelete.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmexecute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmexport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmhistory.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmsetdefver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmsetname.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmstatus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmsubmit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\32bit\\gdmupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\Ercdx.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\c2econn.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\c2esch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\e2cconn.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\e2csch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\edif300ui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\edbconfig.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\designmanager.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\ds.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\rfpcbtopologyimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\testpf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vdd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\da.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\ccpDfIICatUpdtr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\ccpVerilogUpdtr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\ccpVhdlUpdtr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsCopyShell.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\creferhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\creferui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cnskill.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\AppMgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\TransOLB.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\concept2cm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\concepthdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\genviewHDL.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\opfclean.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\opfgen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\partmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\tsttrans.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\update.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\vhdlsplit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\nconcepthdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\section\\bin\\vlogports.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\copyproject.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\copyprojectui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\csnetlister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\section\\section.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\checkplus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\checkplusui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\xil2cdshdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\PICRedrawhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\buildphysical.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cfg2vhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\concept2picvendor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\genpinlist.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pic5xlibs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pichdlimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\picnetlister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\picvendor2concept.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\placeroute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\sir2edf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\verifypnr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\verifysynthesis.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\alt2cds.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\act2cds.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\bom.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\bomhdl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\archcore.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\archiver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\archopen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsarchiver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\verilogimport.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsarchive.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsreportgen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\scm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\sipsimnetlister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsschgendocprog.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dsxmltoschematic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sigxp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\lis2buf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\modeleditor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\modelintegrity.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\modelsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spc2dml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\specctra\\bin\\mbs2sp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\specctra\\bin\\sp2mbs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\specctra\\bin\\specctra.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spif.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spif_batch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\swap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\placement.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\l2a.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pads_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pcad_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\netin.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\explot.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\gloss.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\gbplot.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fill_ipf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\genrad.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\strip_ger.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\convert_ger.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ncroute.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\nctape.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ipc356_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\iges_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\iges_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pdf_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\idx_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\idf_in.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\idf_out.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\netrev.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\baf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\genfeedformat.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\artwork.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\a2dxf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dxf2a.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\publishpdf.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fsp\\bin\\fsp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\stmed.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\IndiceFileGeneration.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\MrkSrvr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\PSpiceEnc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\SimSrvr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\psp_cmd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\simmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\pspice.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\ModelEd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\Magneticdesigner.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pspice\\pspiceaa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\aconvmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dmlcheck.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\emvviewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ftsmerge.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibis2signoise.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibischk3.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibischk4.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ibischk5.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\icmchk.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mergedml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\quad2signoise.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sigwave.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sigxsect.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\spc2spc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\tlsim.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ts2dml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mkdeviceindex.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dml2brd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\brd2dml.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dmlcrypt.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\aprepmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ashowmap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\dfII\\bin\\skill.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\dfII\\bin\\skill_g.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\sch2cap.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\mkdefcfg.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\versiontool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\regsvr32.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\PSpiceExplorerSrvr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pseteditor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\cpmaccess.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\libaccess.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\projmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\conceptNmpListCheck.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\productServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\perl5\\bin\\perl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\perl5\\bin\\perlglob.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\perl5\\ntt\\cmd32.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\def2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\lef2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2def.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2lef.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2spef.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2strm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oa2verilog.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oaDMTurboServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oaFSLockD.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\oaGetVersion.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\spef2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\strm2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\verilog2oa.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\OpenAccess\\bin\\win32\\opt\\verilogAnnotate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\msbase\\vcredist_x86.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsRemote.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsRemshClient.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsNameServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\mpsinfo.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsRunHidden.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsServIpc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsMsgServer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsmps.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\sipDiffViewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\bodygen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\newgenasym.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\emsChecker.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\emsMkError.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\msgHelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cmfeedback.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\consmgr.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\clu.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\van.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\tcl\\bin\\tclsh80.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\tcl\\bin\\wish80.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\assistant.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\assistant_adp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\designer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\dumpcpp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\idc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\lconvert.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\linguist.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\lrelease.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\lupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\moc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\pixeltool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qcollectiongenerator.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qhelpconverter.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qhelpgenerator.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qmake.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qt3to4.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\qtdemo.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\rcc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\uic.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\uic3.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\Qt\\bin\\xmlpatterns.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\java-rmi.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\java.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\javacpl.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\javaw.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\javaws.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\jucheck.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\jureg.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\jusched.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\keytool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\kinit.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\klist.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\ktab.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\orbd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\pack200.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\policytool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\rmid.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\rmiregistry.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\servertool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\ssvagent.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\tnameserv.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\jre\\bin\\unpack200.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsinfo.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsOaPathUtil.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsUnzip.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdswhich.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdsZip.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cds_root.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\clsAdminTool.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\clsbd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\dregprint.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\nmp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\nmppath.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\tclsh.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\tclsh84.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\wish.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\tcltk\\8.4\\bin\\wish84.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\tutorial\\Captutor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\pstswp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\Capture.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\comp16.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\capture\\Pcadi.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\cdnshelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\cdnshelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\cdnshelpindexer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\indexer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\tagtest.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\topicgen.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\cdnshelp\\bin\\_cdnshelp.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro_viewer_plus.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pe_wordpad.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\smpd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\wmpiregister.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mpiexec.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\wmpiexec.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\wmpiconfig.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\FSvia.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\FSviaSolver.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\bem2d.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\ems2d.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\il_allegro.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\j2script.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mbs2brd.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mbs2lib.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\refresh_vs.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\parallel.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fatten.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\mcm_escapes.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\reftxt.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\gate_assign.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\extracta.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\report.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\zrouter.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pre_check.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\refresh_padstack.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\refresh_symbol.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\signoise.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\sys_root.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile14.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile15.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\downrev14.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\techfile13.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbdoctor15.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbfix11.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbdoctor14.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\downrev15.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbfix12.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\vc5\\dbfix13.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\pad_designer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\switchversion.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\batch_drc.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\create_sym.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\plctxt.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\create_devices.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\convert_gerber.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dump_libraries.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\draw_check.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\bbvia.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro_batch.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dbdoctor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dbdoctor_ui.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dfa_dlg.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dfa_update.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\downrev_library.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\enved.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\fpbrowse.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\qvupdate.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\uprev.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\dbstat.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\db_change_type.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\flash_convert.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\layer_compare.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\systemdump.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\pcb\\bin\\allegro_free_viewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\rollback.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\purge.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\lrm.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\pcbCache.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\versionviewer.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\Licensing\\LicenseClientConfiguration.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\bin\\xcon2project.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\QPSetEditor.exe"=
"d:\\Programmi\\Cadence\\SPB_16.5\\tools\\fet\\bin\\UniversalBrowser.exe"=
"d:\\gjk\\BitComet_1.30\\BitComet.exe"=
"c:\\Documents and Settings\\Pidgeon\\Desktop\\MalwarebytesPortable\\App\\Malwarebytes\\mbam.exe"=
"d:\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21267:TCP"= 21267:TCP:BitComet 21267 TCP
"21267:UDP"= 21267:UDP:BitComet 21267 UDP
"16725:TCP"= 16725:TCP:BitComet 16725 TCP
"16725:UDP"= 16725:UDP:BitComet 16725 UDP
"23729:TCP"= 23729:TCP:BitComet 23729 TCP
"23729:UDP"= 23729:UDP:BitComet 23729 UDP
"26610:TCP"= 26610:TCP:BitComet 26610 TCP
"26610:UDP"= 26610:UDP:BitComet 26610 UDP
"11121:TCP"= 11121:TCP:BitComet 11121 TCP
"11121:UDP"= 11121:UDP:BitComet 11121 UDP
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [23/12/2010 20.00.32 98032]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/11/2010 2.19.19 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/11/2010 2.19.12 91440]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [18/06/2011 21.13.30 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [18/06/2011 21.13.32 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [18/06/2011 21.13.30 428200]
R2 Cadence License Manager;Cadence License Manager;d:\programmi\Cadence\LicenseManager\lmgrd.exe [25/10/2011 19.55.07 1379664]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [27/03/2009 10.24.02 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol V1.0;c:\windows\system32\drivers\s7snsrtx.sys [24/02/2009 17.39.58 73088]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [08/10/2010 15.57.54 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [04/11/2011 13.42.02 116016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 MBAMService;MBAMService;c:\documents and settings\Pidgeon\Desktop\MalwarebytesPortable\App\Malwarebytes\mbamservice.exe [31/08/2011 16.00.48 366152]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [24/02/2010 19.24.57 135664]
S3 isftrm;isftrm;c:\windows\system32\isftrm.sys [02/01/2011 16.59.39 4096]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [30/06/2009 15.45.20 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [30/06/2009 15.45.20 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [30/06/2009 15.45.20 42112]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Pidgeon\IMPOST~1\Temp\0000071d.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Pidgeon\IMPOST~1\Temp\0000071d.nmc\nse\bin\ndiskio.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21.22.06 34064]
S3 S5S7DRV;S5S7DRV;\??\d:\s5w\S5S7DRV.SYS --> d:\s5w\S5S7DRV.SYS [?]
S3 TridDev;USB Hybrid TV Device (TM6000);c:\windows\system32\drivers\Triddev.sys [18/06/2009 22.34.02 3584]
S3 TridVid;USB Hybrid TV Receiver (TM6000);c:\windows\system32\drivers\TridVid.sys [18/06/2009 22.34.02 190208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S3 ZQB;ZQB;c:\docume~1\Pidgeon\IMPOST~1\Temp\ZQB.exe --> c:\docume~1\Pidgeon\IMPOST~1\Temp\ZQB.exe [?]
S4 GatewayAgentService;O&O Gateway Agent Service;c:\programmi\OO Software\Shared\GatewayAgent\ooemcgats.exe [27/10/2008 13.19.20 320768]
S4 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [24/02/2010 19.24.57 135664]
S4 IS360service;IS360service;c:\programmi\IObit\IObit Security 360\is360srv.exe [15/08/2010 2.21.48 312152]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/07/2008 16.48.30 717296]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - BlackBox
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-18 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-24 18:24]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-24 18:24]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1604221776-725345543-1005Core.job
- c:\documents and settings\Pidgeon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-02 20:30]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1604221776-725345543-1005UA.job
- c:\documents and settings\Pidgeon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-02 20:30]
.
2011-12-18 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programmi\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
2011-12-17 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-07-24 16:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: &U????????????
IE: &U???????????? - c:\programmi\NamiRobot\Data\du.html
IE: Download with GetRight Pro - c:\programmi\GetRight\GRdownload.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\programmi\GetRight\GRbrowse.htm
IE: Scarica con IDM - c:\programmi\Internet Download Manager\IEExt.htm
IE: Scarica con IDM contenuti video FLV - c:\programmi\Internet Download Manager\IEGetVL.htm
IE: Scarica tutti i link con IDM - c:\programmi\Internet Download Manager\IEGetAll.htm
IE: Scarica tutto usando BitComet - d:\gjk\BitComet_1.30\BitComet.exe/AddAllLink.htm
IE: Scarica usando &BitComet - d:\gjk\BitComet_1.30\BitComet.exe/AddLink.htm
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 85.17.255.198 46.19.33.120
DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} - hxxp://www.amm.unibs.it/content/static/ecm/activex/Enable_Edit_In_Place.cab
FF - ProfilePath - c:\documents and settings\Pidgeon\Dati applicazioni\Mozilla\Firefox\Profiles\o7kbqkr3.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 23:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-1604221776-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="DF3B6CA32A3312424BB4C7C01FC4EB626EA537CB25ADF554C02C4276BD97A8E4BC37145FBB866FD68DE7D182E08A2B5D1B03C1C546787F2D59F3C88D1C2FF71B6EE0AC61B37976C7274AAF25DEF47162BC3FFBDC9A8B88F3E62054058A80DF3D4172A578C888572802BD5868FDF684467A85FDE0D175095BEE45C35D27512D80B70A44762552544EBB8A941015A8BC202EE537A41367105DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555533110AEE8E8DECE23ABF1F545EDF8ABABEF6A27997037CD8EB114571897E4A0BE7E0FCCE199AB35486C6DD0A9B6AB1662606AFD3942D4A0D3DB73283CC11E7828E57ED7570D03803576B64A1C97526FEBFDF10D402CD1E803F7F79DAC522DAEE587A0AAD9B4B4607AB1344F7919F247B71C2CF1F7ED093588DD34A5C267DE7500650BA2ECA225C7DFEA214E1367A6F1E86D19CD1CEEE8DC04CC8D3048BD17C2366827A38890CBEDDED10B3A2DD59A87D68D8C44E1B8F1F7CBE8BAB37DB84ECF77DBB4139959B6CCA77B568C805710640EF72F80EC78BCE36637482B145F0E9C6B6FC2DC7E7C04259BDFB83F3B855BA94D8F7BAB590072C111A09991335CF769EA35B86E8C9E697A52DB3DD2FD1DE6390898C178B3C651F63D76616B767E3DBE82A4D0BB0B082F12142FC2CB5D00AF3C663EA51CFD65ACAC0EE9A8BCEC3A2664F51A96BBB6A33078617E7B2FE33147A0430C1F4DAF1A68CFDC8F4D8E19A38CE8B8D5EEE63F02DEFCECD36F0C0CD951132EF4F94A30C6029035E4FEEFF277E19F75788CBD49D6BDB19C9878EEC8490A0BEACC56D3E07185E659C643F2E315281E880B7B42EBFAE5ED8A2045EDFE6D3C3F714E272D90C495883CF7712B4CFD763E847A98FAB3E7834D051C591F865DC92B6C95359F870DE775081E39347F5AF81FAF1416729F3F562F0F270B1EADCF2910BC251BF8FEBCC86D1845182AC273EE21018A7838A5C4B336DF3D848BB52461F1F4E1C98724EA94F47CD96430D2B92AEBA8F79BDD2C6103C962BC450B51D81218DB9503A21B4F3ED67AAE466ADD3F14E886D5ABFB8F1E4115B2ECA0C32C15EA10EDEDE120784A4C9F8AFA3C0408BB26C63184AA2A212EFD0725F43C6162A032A85B7BCEDFC55BD89F59D9152AE68970F77145EE0923E25DD240E014930568C0F606340DBF822A926DC647F58D06A796B1C4C2213B4E3619EF3E21F50E197D045206702D259F7FBAE0E828D865E4B84EEEDC8641E64FC27B990E0B840896947CD7286F1779834A281886408969F40465EC20019E37C4C8664ED0D5373EEC86C0E7EAD089A9879C45F29C3DA85920F3B8AEA60460DAC3AA4D525E9E58EFF950F825011B11A47B2B9098"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\myokent.dll
.
- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\myokent.dll
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\myokent.dll
c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
c:\programmi\TortoiseSVN\bin\TortoiseStub.dll
c:\programmi\TortoiseSVN\bin\TortoiseSVN.dll
c:\programmi\TortoiseSVN\bin\intl3_tsvn.dll
c:\programmi\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2011-12-18 23:48:58
ComboFix-quarantined-files.txt 2011-12-18 22:48
ComboFix2.txt 2011-12-17 03:31
.
Pre-Run: 1.369.931.776 byte disponibili
Post-Run: 1.363.054.592 byte disponibili
.
- - End Of File - - 3FF3CFDE4C3A87A4A9261942826DF0B4




If I want to restore "DSC02799.JPG", could I simply move "C:\Qoobox\Quarantine\C\DSC02799.JPG.vir" to "C:\", renaming it back to "DSC02799.JPG"?

However, after having executed fixTDSS, the Google redirects disappeared.

Edited by Pidgeon, 18 December 2011 - 07:23 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 AM

Posted 18 December 2011 - 11:46 PM

Hello

If I want to restore "DSC02799.JPG", could I simply move "C:\Qoobox\Quarantine\C\DSC02799.JPG.vir" to "C:\", renaming it back to "DSC02799.JPG"?
Yes that will work - but don't put it back on the c drive that is why it was removed is because of the location


I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Pidgeon

Pidgeon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 19 December 2011 - 01:42 PM

Here is the content of "C:\Qoobox\Add-Remove Programs.txt":

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Advanced File Organizer 3.01
Advanced PDF Password Recovery
Advanced SystemCare 3
Aggiornamento della protezione per Windows XP (KB2393802)
Aggiornamento della protezione per Windows XP (KB2412687)
Aggiornamento della protezione per Windows XP (KB2476490)
Aggiornamento della protezione per Windows XP (KB2476687)
Aggiornamento della protezione per Windows XP (KB2478960)
Aggiornamento della protezione per Windows XP (KB2478971)
Aggiornamento della protezione per Windows XP (KB2479628)
Aggiornamento della protezione per Windows XP (KB2479943)
Aggiornamento della protezione per Windows XP (KB2481109)
Aggiornamento della protezione per Windows XP (KB2482017)
Aggiornamento della protezione per Windows XP (KB2483185)
Aggiornamento della protezione per Windows XP (KB2485376)
Aggiornamento della protezione per Windows XP (KB2485663)
Aggiornamento della protezione per Windows XP (KB2497640)
Aggiornamento della protezione per Windows XP (KB2503658)
Aggiornamento della protezione per Windows XP (KB2503665)
Aggiornamento della protezione per Windows XP (KB2506212)
Aggiornamento della protezione per Windows XP (KB2506223)
Aggiornamento della protezione per Windows XP (KB2507618)
Aggiornamento della protezione per Windows XP (KB2507938)
Aggiornamento della protezione per Windows XP (KB2508272)
Aggiornamento della protezione per Windows XP (KB2508429)
Aggiornamento della protezione per Windows XP (KB2509553)
Aggiornamento della protezione per Windows XP (KB2510581)
Aggiornamento della protezione per Windows XP (KB2511455)
Aggiornamento della protezione per Windows XP (KB2524375)
Aggiornamento della protezione per Windows XP (KB2530548)
Aggiornamento della protezione per Windows XP (KB2535512)
Aggiornamento della protezione per Windows XP (KB2536276-v2)
Aggiornamento della protezione per Windows XP (KB2536276)
Aggiornamento della protezione per Windows XP (KB2544521)
Aggiornamento della protezione per Windows XP (KB2544893-v2)
Aggiornamento della protezione per Windows XP (KB2544893)
Aggiornamento della protezione per Windows XP (KB2555917)
Aggiornamento della protezione per Windows XP (KB2559049)
Aggiornamento della protezione per Windows XP (KB2562937)
Aggiornamento della protezione per Windows XP (KB2566454)
Aggiornamento della protezione per Windows XP (KB2567053)
Aggiornamento della protezione per Windows XP (KB2567680)
Aggiornamento della protezione per Windows XP (KB2570222)
Aggiornamento della protezione per Windows XP (KB2570947)
Aggiornamento della protezione per Windows XP (KB2586448)
Aggiornamento della protezione per Windows XP (KB2592799)
Aggiornamento della protezione per Windows XP (KB2618444)
Aggiornamento della protezione per Windows XP (KB2618451)
Aggiornamento della protezione per Windows XP (KB2619339)
Aggiornamento della protezione per Windows XP (KB2620712)
Aggiornamento della protezione per Windows XP (KB2624667)
Aggiornamento della protezione per Windows XP (KB2633171)
Aggiornamento della protezione per Windows XP (KB2639417)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento della sicurezza per Microsoft Windows (KB2564958)
Aggiornamento per Windows XP (KB2492386)
Aggiornamento per Windows XP (KB2541763)
Aggiornamento per Windows XP (KB2607712)
Aggiornamento per Windows XP (KB2616676-v2)
Aggiornamento per Windows XP (KB2641690)
Aggiornamento per Windows XP (KB971029)
Aggiornamento rapido per Windows XP (KB2570791)
Aggiornamento rapido per Windows XP (KB2633952)
Album Art Downloader XUI 0.37.1
Apple Application Support
Apple Software Update
Archivio informatico per il concorso notarile 2008
Artisteer 2
ASIO4ALL
µTorrent
Audioscrobbler for foobar2000 (remove only)
AutoUpdate
Avanquest update
Avira AntiVir Premium
Bit Che
Bome's Mouse Keyboard 2.00
BySoft FreeRAM 4.0
Cadence License Manager 11.90
Cadence SPB/OrCAD 16.5
CCleaner
CD Catalog Expert 9.30.807.11
CDRWIN 5
Creative System Information
Data Lifeguard Tools
Defraggler
Derive 6 Trial Edition
Disclib 2.0 [build: 50]
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
Edirol Hyper Canvas VSTi DXi 1.6.0
Edraw Flowchart 5.1
eMedia Piano and Keyboard Method
Epson FAX Utility
Epson PC-FAX Driver
Epson Printer Software Downloader
EPSON Scan
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Manuale
EPSON SX610FW Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
Eraser
Exact Audio Copy 0.99pb5
FasterPing
ffdshow v1.1.3406 [2010-05-05]
Fighter Factory Ultimate
FLAC 1.2.1b (remove only)
Folder-Snap 1.4.2.106
foobar2000 v1.1.7
Foxit PDF Editor
Foxit Reader
Functional Ear Trainer
Game Booster 2
GetRight
Ghdl
Google Chrome
Google Earth Plug-in
Google Update Helper
GreedyTorrent v1.01 beta build 170
Guidua (remove only)
HD Tune Pro v4.61
Hex Workshop v5.1
HijackThis 2.0.2
Hitman Pro 3.5
HostsMan 3.2.70 Beta6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
IDroo 1.0.0.154
International Volleyball 2009
Internet Download Manager
IObit Security 360
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 21
Java™ 6 Update 4
JGsoft PowerGREP 4 DEMO 4.2.0
LottoExcel Plus 2008
LyX 2.0.1-1
MathType 6
MATLAB R2007b
MegaLink 1.29
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended - Language Pack (ITA)
Microsoft .NET Framework 4 Extended ITA Language Pack
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MIDI Yoke
MiKTeX 2.9
Minilyrics(remove only)
MOBILedit! Support Libraries
MOBILedit! ver. 5.0.0.983
Monkey's Audio
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Motorola USB Drivers v2.9
Mozilla Firefox 8.0 (x86 it)
Mozilla Thunderbird (8.0)
MP3 to SWF Converter 2.6 build 918
MPLAB Tools v8.46
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musitek SmartScore X Professional Edition v10.1.1
National Instruments Software
NI EULA Depot
NI LabWindows/CVI 8.1.1 Run-Time Engine
NI Logos 4.9.1
NI Logos XT Support
NI Math Kernel Libraries
NI MDF Support
NI TDMS
NI Uninstaller
NVIDIA Driver grafico 275.33
NVIDIA Install Application
O&O Defrag Server
OpenAL
Oracle VM VirtualBox 4.1.6
Orca
P2K Advanced Editor
Pacchetto di compatibilità per Office System 2007
Pannello di controllo NVIDIA 275.33
Passware Kit Forensic 10.1
PDF Password Remover v3.0
PDFCreator
pdfsam
Platform
Platinum Hide IP
Process Lasso
Proteus 7 Professional
ProxySwitcher Standard
QuickSFV (Remove only)
QuickTime
Realtek AC'97 Audio
Recuva
RSDLite
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Show Hidden Files 3.0
Simple Port Forwarding
Skype™ 4.2
SmartDraw 2010
smartmontools
SopCast 3.2.9
SoulSeek 157 NS 13e
Sound Blaster Live!
SuperCat 4.5
swMSM
SyncToy 2.1 (x86)
System Requirements Lab
Teach Me Piano Deluxe
TortoiseSVN 1.5.6.14908 (32 bit)
Trader's Little Helper 2.7.0
TT-Dynamic-Range 1.1
Tweak UI
UltraISO Premium V9.36
Unity Web Player
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
URL Helper
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.18
VIA Manager Piattaforma
VIA Rhine-Family Fast-Ethernet Adapter
Visual CD
VLC media player 1.0.5
VNC Enterprise Edition E4.4.3
VNC Mirror Driver 1.8.0
vShare.tv plugin 1.3
WD Align - Powered by Acronis
WD Diagnostics
WD Spindown or Stop Utility for External Drive, v1.00
WebFldrs XP
WhereIsIt? 2010
WhoCrashed 3.01
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinHTTrack Website Copier 3.42-3
WinPcap 4.0.2
WinRAR 4.01 beta 1 (32-bit)
XML Paper Specification Shared Components Language Pack 1.0
Youtube Downloader HD v. 2.6

Edited by Pidgeon, 19 December 2011 - 01:42 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 AM

Posted 19 December 2011 - 03:21 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 21
Java™ 6 Update 4


and click on remove



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Pidgeon

Pidgeon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 20 December 2011 - 08:52 AM

Hello Gringo, here is the log From MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versione database: 8402

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20/12/2011 14.32.19
mbam-log-2011-12-20 (14-32-19).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 180501
Tempo impiegato: 3 minuti, 30 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)




Report from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.39.05, on 20/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
D:\Tools\HBCDMenu\HBCDMenu.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
D:\Programmi\Cadence\LicenseManager\lmgrd.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmi\Cadence\LicenseManager\lmgrd.exe
D:\Programmi\Cadence\LicenseManager\cdslmd.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Pidgeon\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\gjk\BitComet_1.30\tools\bitcometbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - Startup: HBCDMenu.lnk = D:\Tools\HBCDMenu\HBCDMenu.bat
O8 - Extra context menu item: Download with GetRight Pro - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Scarica con IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Scarica con IDM contenuti video FLV - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Scarica tutti i link con IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://D:\gjk\BitComet_1.30\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://D:\gjk\BitComet_1.30\BitComet.exe/AddLink.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\gjk\BitComet_1.30\tools\bitcometbho.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1290179278984
O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://www.amm.unibs.it/content/static/ecm/activex/Enable_Edit_In_Place.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267370458984
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Cadence License Manager - Flexera Software, Inc. - D:\Programmi\Cadence\LicenseManager\lmgrd.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ZQB - Unknown owner - C:\DOCUME~1\Pidgeon\IMPOST~1\Temp\ZQB.exe (file missing)

--
End of file - 7431 bytes




I've a question, I don't know if it's virus-related.

When I use my pendrive, if I try to remove it using Windows safe remove, I get an error message saying that the pendrive is in use.

However, by using Unlocker, it seems that no processes are using my pendrive, but I'm still unable to remove it through the safe way.

I've no Google redirects.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 AM

Posted 20 December 2011 - 01:38 PM

Greetings

Try running this on the pen drive - http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
      O4 - Startup: HBCDMenu.lnk = D:\Tools\HBCDMenu\HBCDMenu.bat
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Pidgeon

Pidgeon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 21 December 2011 - 07:38 AM

Here is ESET Online Scanner log:

C:\Documents and Settings\Pidgeon\Desktop\v7.0.1.5.x86.rar a variant of Win32/HackTool.Patcher.T application
C:\Documents and Settings\Pidgeon\Desktop\AV 2012\Virus.rar multiple threats
C:\Documents and Settings\Pidgeon\Desktop\Desktop\bomes[1].mouse.keyboard.v2.00.beta.6.crack-tsrh.zip probably a variant of Win32/Agent.NBXOOXD trojan
C:\Documents and Settings\Pidgeon\Desktop\Torrents\MP3_To_SWF_Converter_v2.6_Build_918.rar a variant of Win32/HackTool.Patcher.A application
C:\Documents and Settings\Pidgeon\Desktop\Torrents\Rapidshare_Account_Checker_Version_3.4.rar probably a variant of Win32/TrojanDownloader.Small.MEVBSA trojan
C:\Documents and Settings\Pidgeon\Desktop\Torrents\RW_Rapid_Program___Kodlar.rar probably a variant of Win32/Agent.MYVDYTH trojan
C:\Documents and Settings\Pidgeon\Desktop\Torrents\TutorialsRapidshare.rar probably a variant of Win32/Agent.RZMZNS trojan
C:\Documents and Settings\Pidgeon\Desktop\Torrents\Rapidshare Account Checker Version 3.4\Rapidshare account checker.exe probably a variant of Win32/TrojanDownloader.Small.MEVBSA trojan
C:\Documents and Settings\Pidgeon\Desktop\Torrents\RS-Email-Check-0cm4n\RapidShare Account Checker.exe probably a variant of Win32/PSW.Agent.GRRMQAA trojan
C:\Documents and Settings\Pidgeon\Desktop\Torrents\RW Rapid Program + Kodlar\Ilk Önce Bunu Çalistir.exe probably a variant of Win32/Agent.MYVDYTH trojan
C:\Documents and Settings\Pidgeon\Desktop\Trojan\msn\backup_1.rar multiple threats
C:\Programmi\Bome's Mouse Keyboard\crack.exe probably a variant of Win32/Agent.NBXOOXD trojan
C:\Programmi\Edraw Flowchart\ssloader.e32 a variant of Win32/KeyLogger.Ardamax.NAS application
C:\Programmi\PDF Password Remover v3.0\winDecrypt.exe probably a variant of Win32/PSWTool.PdfCracker.A application
C:\Programmi\Unlocker\eBay_shortcuts_1016.exe Win32/Adware.ADON application
C:\Sito\Artisteer.Standard.Edition.v2.4.0.25435.Portable.rar a variant of Win32/HackTool.Patcher.N application
C:\Sito\TiirSit.26594.rar a variant of Win32/HackTool.Patcher.N application
D:\7.6_SP4.rar multiple threats
D:\account_checker_pack{viruses}.rar a variant of Win32/Spy.Delf.OMW trojan
D:\artisteer.2.4.0.27666-loader.rar a variant of Win32/HackTool.Patcher.N application
D:\C.rar MSIL/Spy.Agent.F trojan
D:\keygen.rar a variant of Win32/Injector.ITQ trojan
D:\KillProcess.exe a variant of Win32/KillProcess.A application
D:\Proteus_7.6.rar Win32/HackTool.Patcher.A application
D:\rapidrar_com_Artisteer.2.4.0.24559.Multilingual-pirateaccess.info.rar a variant of Win32/HackTool.Patcher.N application
D:\StreamingStar.URL.Helper.v3.03.WinAll.Incl.Keygen-CRD.rar a variant of Win32/Keygen.AL application
D:\Triton.zip probably a variant of Win32/Agent.IHVUBOZ trojan
D:\updpxe32.rar a variant of Win32/Kryptik.FWJ trojan
D:\Fix\EvID4226Patch223d-en\EvID4226Patch.exe Win32/Tool.EvID4226 application
D:\Hirens.BootCD.14.0\MyBootCD\CD\HBCD\Boot\konboot.gz Win32/PSWTool.KonBoot.A application
D:\Moleskinsoft.Clone.Remover.v3.0.1.MULTILINGUAL.Cracked-F4CG\f4cg.rar Win32/HackTool.Patcher.A application
D:\Moleskinsoft.Clone.Remover.v3.0.1.MULTILINGUAL.Cracked-F4CG\f4cr301a.zip Win32/HackTool.Patcher.A application
D:\N - CD\giochi\files\Flatout\Trainer\blhfo11sntrn4.zip probably a variant of Win32/Agent.DIIZIM trojan
D:\N - CD\programmi\Bome's Mouse Keyboard v2\file5.zip probably a variant of Win32/Agent.NBXOOXD trojan
D:\N - CD\programmi\The All-Seeing Eye 2.6\The_All-Seeing_Eye_v2.6-DIGERATI.ZIP a variant of Win32/HackTool.Patcher.A application
D:\N - CD\underground\hacking\programmi\SF Exploitation Framework\SF_Framework_Beta.0.2-bin.exe probably a variant of Win32/TrojanClicker.Delf.HZMOQO trojan
D:\Tools\MSN\MSNFix.zip Win32/PrcView application
D:\Tools\Protected Storage PassView\pspv.exe Win32/PassView.163 application
D:\Tools\SmartSniff\smsniff.exe a variant of Win32/Sniffer.SniffPass.B application
D:\Tools\tcpz_20090409\tcpz.exe a variant of Win32/TCPZ.F application
D:\Triton\Triton.exe probably a variant of Win32/Agent.IHVUBOZ trojan
D:\Università\Corsi\Laboratorio di Informatica\labinfo2008\gruppo00.tgz Linux/Exploit.Vmsplice.I trojan




Update: after having used Panda USB Vaccine, now I'm able to safely remove my pendive!

Edited by Pidgeon, 21 December 2011 - 08:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users