Infected: apps cannot write to directories

[spectrallypure]

Hi all! Please help to clean my system; it seems to be infected. The main symptom is that applications (principally, installers) seem unable to unpack their temporal files into well-known accessible locations like a user's temporal dir, the my documents folder or even the desktop.

For instance, when I try to open/save .ZIP attachments form Outlook messages in my "sent messages" folder (that is, messages and attachments that I have sent, and which I am certain are clean), the application is unable to open or save them irrespective of the location in which I try to save them. When I try to unzip files other files manually (for instance, from the windows explorer), though, I am able to unpack to the aforementioned locations, as normally.

Another example is that I tried to install some drivers that I downloaded from the laptop manufacturer (ASUS), and the installer complains that it is not able to unpack the required installation files. I have tried running the installer from several locations, even from a USB memory, and nothing, it is unable to unpack the installation temp files. Other applications, however, have been able to install themselves, like for instance Adobe Acrobat, which I installed yesterday.

I should point out that these problems existed since I inherited the laptop some weeks ago, and that since then I have installed Spybot and AVG and ran the online free scan from Kaspersky. Neither Spybot nor Kaspersky detected anything, and AVG eventually detected these viruses:

"Virus identified EICAR_Test"
C:\DOCUME~1\lagos\LOCALS~1\Temp\Av-test.txt
"Infected" "23/09/2008, 9.55.43"
"file" "C:\WINDOWS\system32\CF4598.exe"

"Virus identified Worm/VB.AIV"
"E:\System Volume Information\_restore{115CC607-5458-4830-B8AC-9534E132E5FE}\RP3\A0000087.exe"
"Moved to Virus Vault" "09/09/2008, 20.11.25"
"file" "C:\WINDOWS\System32\svchost.exe

but unfortunately it seems to fail to clean & remove them for good. I am including the logs from Hijackthis and Combofix in the following posts; I hope somebody can give me a hand with this.

Thanks in advance for any help!

Cheers,

Jorge.

[spectrallypure]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.44.49, on 23/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\lagos\Desktop\putty.exe
C:\Program Files\Attachmate\Reflection\Rx.exe
C:\Program Files\Attachmate\Reflection\Rxcs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172219139222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\Software\..\Telephony: DomainName = ismb.polito.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{44CB30CF-D5A7-47C4-A478-6A9BAA876F59}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

--
End of file - 9321 bytes

[spectrallypure]

ComboFix 08-09-20.05 - lagos 2008-09-23 9.55.35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.205 [GMT 2:00]
Running from: C:\Documents and Settings\lagos\Desktop\1.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 09:35 . 2008-09-23 09:35 <DIR> d-------- C:\Documents and Settings\lagos\Application Data\Corel
2008-09-23 09:28 . 2008-09-23 09:28 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-09-23 09:28 . 2008-09-23 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-09-22 18:29 . 2008-09-22 18:29 <DIR> d-------- C:\Documents and Settings\lagos\.ssh
2008-09-22 18:28 . 2008-09-22 18:28 <DIR> d-------- C:\Program Files\NX Client for Windows
2008-09-22 18:28 . 2008-09-22 18:29 <DIR> d-------- C:\Documents and Settings\lagos\.nx
2008-09-22 10:21 . 2008-09-22 10:21 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-22 10:21 . 2008-09-22 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-18 09:11 . 2008-09-22 10:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-18 09:02 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-18 08:59 . 2008-09-18 09:01 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-18 08:59 . 2008-09-18 08:59 <DIR> d-------- C:\WINDOWS\Logs
2008-09-18 08:51 . 2008-09-18 08:52 <DIR> d-------- C:\Program Files\Google
2008-09-18 08:51 . 2008-09-22 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-18 08:28 . 2008-09-18 08:28 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 16:58 . 2008-09-16 16:59 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-12 15:00 . 2008-09-18 09:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-09 17:40 . 2008-09-23 08:19 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-09 17:40 . 2008-09-09 17:40 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-09 17:40 . 2008-09-09 17:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-09 17:39 . 2008-09-09 17:39 <DIR> d-------- C:\Program Files\AVG
2008-09-09 17:39 . 2008-09-09 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-09 10:57 . 2008-09-09 10:57 <DIR> d-------- C:\000_Old_data
2008-09-09 10:50 . 2008-09-09 10:50 <DIR> d-------- C:\Program Files\MSECache
2008-09-09 10:46 . 2008-09-09 10:46 <DIR> d-------- C:\Program Files\Notepad++
2008-09-09 10:46 . 2008-09-09 10:47 <DIR> d-------- C:\Documents and Settings\lagos\Application Data\Notepad++
2008-09-09 10:11 . 2008-09-09 10:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 09:54 . 2006-08-29 16:27 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-08 14:44 . 2008-09-08 14:44 <DIR> d-------- C:\Program Files\LizardTech
2008-09-05 18:28 . 2008-09-05 18:28 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-05 14:20 . 2008-09-05 14:20 <DIR> d-------- C:\WINDOWS\Sun
2008-09-05 14:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-05 14:10 . 2008-09-05 14:11 <DIR> d-------- C:\Program Files\Java
2008-09-05 14:09 . 2008-09-05 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-05 12:38 . 2008-09-05 14:05 3,015 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-05 12:16 . 2008-04-14 02:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 12:16 . 2008-04-14 02:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-09-05 12:16 . 2008-04-14 02:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-09-05 12:16 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:14 . 2008-04-14 02:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 11:52 . 2008-09-05 14:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Program Files\Attachmate
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Attachmate
2008-09-05 10:17 . 2008-09-05 10:17 <DIR> d-------- C:\Program Files\WinSCP
2008-09-04 19:44 . 2008-09-22 18:30 <DIR> d-------- C:\Documents and Settings\lagos
2008-09-04 19:28 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-04 19:25 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-04 19:25 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-04 19:23 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 07:28 --------- d-----w C:\Program Files\Corel
2008-09-10 16:07 --------- d-----w C:\Program Files\gs
2008-09-08 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-07-19 14:17 88,761 ----a-w C:\WINDOWS\inf\pxiclean.exe
2004-03-15 15:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 07:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 08:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
2007-02-25 17:49 56 --sh--r C:\WINDOWS\system32\8484796E8A.sys
2007-11-29 07:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-09_10.38.31.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-18 07:02:40 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-09-18 07:02:40 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-09-18 07:02:41 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-09-18 07:02:20 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:22 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:23 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:24 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:25 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:26 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:27 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:27 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:28 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:41 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:42 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-09-18 07:02:42 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-09-18 07:02:43 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-09-18 07:02:44 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-09-18 07:02:38 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
- 2007-02-25 17:48:42 65,536 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\ARPPRODUCTICON.exe
+ 2008-09-23 07:32:52 65,536 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\ARPPRODUCTICON.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9_1.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9_1.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut90.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut90.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut900.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut900.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9000.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9000.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9001.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9001.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut901.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut901.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut902.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut902.exe
+ 2008-09-23 07:32:52 513,576 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut903_CC5820041A9C446BB9018F9ECF582DD1.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut91.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut91.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut910.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut910.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9100.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9100.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9101.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9101.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut911.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut911.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut912.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut912.exe
+ 2008-09-23 07:32:52 513,576 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut913_CC5820041A9C446BB9018F9ECF582DD1.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut92_CC5820041A9C446BB9018F9ECF582DD1.exe
+ 2008-09-23 07:32:52 513,576 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut93_CC5820041A9C446BB9018F9ECF582DD1.exe
+ 2008-09-23 07:30:39 22,758 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\ARPPRODUCTICON.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut1.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut2.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut4.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut5.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut8.exe
+ 2008-09-09 08:51:08 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-09-22 08:20:33 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe
+ 2008-09-22 08:20:36 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-09-22 08:20:36 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-09-22 08:20:36 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Distiller.exe
+ 2008-09-22 08:20:36 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-09-22 08:20:33 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-09-18 07:12:44 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1040-7B44-A81200000003}\SC_Reader.exe
+ 2008-09-18 07:13:07 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
- 2007-02-25 17:48:34 65,536 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\ARPPRODUCTICON.exe
+ 2008-09-23 07:32:37 65,536 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\ARPPRODUCTICON.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1028.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1028.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1031.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1031.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1036.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1036.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1040.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1040.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1041.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1041.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1042.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1042.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1043.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1043.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1046.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1046.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1053.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1053.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_2052.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_2052.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_3082.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_3082.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:31:54 65,536 ----a-r C:\WINDOWS\Installer\{ECE923A3-A411-4494-B6E6-78F13B71BEBF}\ARPPRODUCTICON.exe
+ 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-09-29 04:56:38 28,248 ----a-r C:\WINDOWS\system32\AdobePDF.dll
+ 2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-19 16:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 13:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
+ 2008-03-05 13:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
+ 2008-05-30 12:11:46 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
+ 2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-19 16:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 07:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
+ 2008-02-05 21:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
+ 2008-05-30 12:11:46 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
+ 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-19 16:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 13:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
+ 2008-03-05 13:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
+ 2008-05-30 12:11:46 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
+ 2008-09-09 15:40:18 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-09-05 12:01:54 256,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-22 08:29:09 277,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-05 09:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2006-10-22 21:37:38 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2006-10-22 21:37:52 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2006-10-22 21:37:38 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADReGP.dll
+ 2006-10-22 21:37:52 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.DLL
+ 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-10-22 01:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
+ 2008-03-05 14:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
+ 2008-05-30 12:17:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
+ 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2007-10-22 01:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
+ 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 13:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-20 18:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-19 22:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
+ 2008-03-05 14:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
+ 2008-05-30 12:18:52 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
+ 2008-05-30 12:17:30 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
+ 2008-03-05 14:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
+ 2008-05-30 12:19:18 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
- 2007-02-25 17:47:04 1,230,336 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2008-09-23 07:29:40 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
- 2007-02-25 17:47:04 82,432 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2008-09-23 07:29:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-06-05 13:47:40 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 13:47:48 1,080,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 13:47:50 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 13:47:50 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-23 282624]
"niDevMon"="C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2006-07-18 58880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-09 1235736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-09-22 295606]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-22 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logoff\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logon\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys [2006-07-13 557568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-09 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-09 231704]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2006-02-13 31334]
R2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2006-02-13 199783]
R2 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 mxssvr;NI Configuration Manager;C:\Program Files\National Instruments\MAX\nimxs.exe [2006-07-15 5728]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.dll [2006-07-04 37376]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffrk.dll [2006-07-04 21504]
R2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nidaq32k.sys [2006-07-04 674304]
R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2006-07-13 159232]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2006-07-04 50688]
R2 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfk.dll [2006-07-20 200704]
R2 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgk.dll [2006-07-10 979456]
R2 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrk.dll [2006-07-20 370176]
R2 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslk.dll [2006-07-16 81920]
R2 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplk.dll [2006-02-15 101376]
R2 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdrk.dll [2006-07-10 815616]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.dll [2006-07-04 30208]
R2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2006-07-16 20480]
R2 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdk.dll [2006-07-10 246784]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2006-07-18 71680]
R2 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldk.dll [2006-07-10 395776]
R2 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcdk.dll [2006-07-10 965632]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.dll [2006-07-04 111616]
R2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2006-07-16 496640]
R2 NITaggerService;National Instruments Variable Engine;C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2006-07-25 696320]
R2 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrk.dll [2006-07-20 1746432]
R2 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.dll [2006-07-16 19968]
R3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2006-07-16 171520]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2006-07-13 171008]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2006-07-13 248832]
R3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2006-07-16 137728]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2006-07-16 51712]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2006-07-13 218112]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2006-07-13 38912]
R3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2006-07-16 506880]
R3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2006-07-16 240128]
R3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2006-07-16 790528]
S2 lmgrd;Flexlm;C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [ ]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsark.dll [2006-07-20 648192]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2006-07-20 500224]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2006-06-05 14464]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-06-05 151683]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftk.dll [2006-07-16 164864]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nismbusk.sys [2006-07-18 51200]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2006-07-16 43008]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrk.dll [2006-07-20 1026560]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2006-06-06 163328]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2006-07-16 111616]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWK.sys [2006-07-14 8704]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciK.sys [2006-07-14 48128]
S3 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiK.sys [2006-07-14 10752]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2006-07-20 434688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\lagos\Application Data\Mozilla\Firefox\Profiles\u4o82t6h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/advanced_search?hl=en
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 10:02:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-23 10:08:28
ComboFix-quarantined-files.txt 2008-09-23 08:08:16
ComboFix2.txt 2008-09-09 08:38:53

Pre-Run: 24.490.844.160 bytes free
Post-Run: 24,544,473,088 bytes free

428 --- E O F --- 2008-09-11 01:03:02

[katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

Please can you post the contents of ComboFix2.txt, it should be in C:\Qoobox\ComboFix2.txt

[spectrallypure]

Hello Katana! Thanks so much for your helping me! I am attaching the requested log files.

Thanks again for your help,

Jorge.

[spectrallypure]

ComboFix 08-09-05.10 - lagos 2008-09-09 10.31.51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.237 [GMT 2:00]
Running from: C:\Documents and Settings\lagos\Desktop\Antimalware\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\d019905\Cookies\d019905@serving-sys[2].txt
C:\WINDOWS\ufdata2000.log
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-09 10:11 . 2008-09-09 10:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 09:54 . 2006-08-29 16:27 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-09 09:50 . 2008-09-09 09:50 <DIR> d-------- C:\WINDOWS\LastGood
2008-09-08 14:44 . 2008-09-08 14:44 <DIR> d-------- C:\Program Files\LizardTech
2008-09-05 18:28 . 2008-09-05 18:28 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-05 14:20 . 2008-09-05 14:20 <DIR> d-------- C:\WINDOWS\Sun
2008-09-05 14:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-05 14:10 . 2008-09-05 14:11 <DIR> d-------- C:\Program Files\Java
2008-09-05 14:09 . 2008-09-05 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-05 12:38 . 2008-09-05 14:05 3,015 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-05 12:16 . 2008-04-14 02:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 12:16 . 2008-04-14 02:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-09-05 12:16 . 2008-04-14 02:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-09-05 12:16 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:14 . 2008-04-14 02:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 11:52 . 2008-09-05 14:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Program Files\Attachmate
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Attachmate
2008-09-05 10:17 . 2008-09-05 10:17 <DIR> d-------- C:\Program Files\WinSCP
2008-09-04 19:44 . 2008-09-05 10:45 <DIR> d-------- C:\Documents and Settings\lagos
2008-09-04 19:28 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-04 19:25 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-04 19:25 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-04 19:23 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-07-19 14:17 88,761 ----a-w C:\WINDOWS\inf\pxiclean.exe
2004-03-15 15:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 07:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 08:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
2007-02-25 17:49 56 --sh--r C:\WINDOWS\system32\8484796E8A.sys
2007-11-29 07:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-23 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"niDevMon"="C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2006-07-18 58880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-22 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logoff\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logon\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys [2006-07-13 557568]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2006-02-13 31334]
R2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2006-02-13 199783]
R2 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 mxssvr;NI Configuration Manager;C:\Program Files\National Instruments\MAX\nimxs.exe [2006-07-15 5728]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.dll [2006-07-04 37376]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffrk.dll [2006-07-04 21504]
R2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nidaq32k.sys [2006-07-04 674304]
R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2006-07-13 159232]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2006-07-04 50688]
R2 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfk.dll [2006-07-20 200704]
R2 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgk.dll [2006-07-10 979456]
R2 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrk.dll [2006-07-20 370176]
R2 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslk.dll [2006-07-16 81920]
R2 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplk.dll [2006-02-15 101376]
R2 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdrk.dll [2006-07-10 815616]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.dll [2006-07-04 30208]
R2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2006-07-16 20480]
R2 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdk.dll [2006-07-10 246784]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2006-07-18 71680]
R2 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldk.dll [2006-07-10 395776]
R2 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcdk.dll [2006-07-10 965632]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.dll [2006-07-04 111616]
R2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2006-07-16 496640]
R2 NITaggerService;National Instruments Variable Engine;C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2006-07-25 696320]
R2 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrk.dll [2006-07-20 1746432]
R2 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.dll [2006-07-16 19968]
R3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2006-07-16 171520]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2006-07-13 171008]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2006-07-13 248832]
R3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2006-07-16 137728]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2006-07-16 51712]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2006-07-13 218112]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2006-07-13 38912]
R3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2006-07-16 506880]
R3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2006-07-16 240128]
R3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2006-07-16 790528]
S2 lmgrd;Flexlm;C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [ ]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsark.dll [2006-07-20 648192]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2006-07-20 500224]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2006-06-05 14464]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-06-05 151683]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftk.dll [2006-07-16 164864]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nismbusk.sys [2006-07-18 51200]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2006-07-16 43008]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrk.dll [2006-07-20 1026560]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2006-06-06 163328]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2006-07-16 111616]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWK.sys [2006-07-14 8704]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciK.sys [2006-07-14 48128]
S3 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiK.sys [2006-07-14 10752]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2006-07-20 434688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\lagos\Application Data\Mozilla\Firefox\Profiles\u4o82t6h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/advanced_search?hl=en
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 10:35:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-09 10:38:52
ComboFix-quarantined-files.txt 2008-09-09 08:38:49

Pre-Run: 25,395,437,568 bytes free
Post-Run: 25,900,326,912 bytes free

174 --- E O F --- 2008-09-05 15:14:42