Infected: apps cannot write to directories

[spectrallypure]

Hi all! Please help to clean my system; it seems to be infected. The main symptom is that applications (principally, installers) seem unable to unpack their temporal files into well-known accessible locations like a user's temporal dir, the my documents folder or even the desktop.

For instance, when I try to open/save .ZIP attachments form Outlook messages in my "sent messages" folder (that is, messages and attachments that I have sent, and which I am certain are clean), the application is unable to open or save them irrespective of the location in which I try to save them. When I try to unzip files other files manually (for instance, from the windows explorer), though, I am able to unpack to the aforementioned locations, as normally.

Another example is that I tried to install some drivers that I downloaded from the laptop manufacturer (ASUS), and the installer complains that it is not able to unpack the required installation files. I have tried running the installer from several locations, even from a USB memory, and nothing, it is unable to unpack the installation temp files. Other applications, however, have been able to install themselves, like for instance Adobe Acrobat, which I installed yesterday.

I should point out that these problems existed since I inherited the laptop some weeks ago, and that since then I have installed Spybot and AVG and ran the online free scan from Kaspersky. Neither Spybot nor Kaspersky detected anything, and AVG eventually detected these viruses:

"Virus identified EICAR_Test"
C:\DOCUME~1\lagos\LOCALS~1\Temp\Av-test.txt
"Infected" "23/09/2008, 9.55.43"
"file" "C:\WINDOWS\system32\CF4598.exe"

"Virus identified Worm/VB.AIV"
"E:\System Volume Information\_restore{115CC607-5458-4830-B8AC-9534E132E5FE}\RP3\A0000087.exe"
"Moved to Virus Vault" "09/09/2008, 20.11.25"
"file" "C:\WINDOWS\System32\svchost.exe

but unfortunately it seems to fail to clean & remove them for good. I am including the logs from Hijackthis and Combofix in the following posts; I hope somebody can give me a hand with this.

Thanks in advance for any help!

Cheers,

Jorge.

[spectrallypure]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.44.49, on 23/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\lagos\Desktop\putty.exe
C:\Program Files\Attachmate\Reflection\Rx.exe
C:\Program Files\Attachmate\Reflection\Rxcs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172219139222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\Software\..\Telephony: DomainName = ismb.polito.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{44CB30CF-D5A7-47C4-A478-6A9BAA876F59}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

--
End of file - 9321 bytes

[spectrallypure]

ComboFix 08-09-20.05 - lagos 2008-09-23 9.55.35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.205 [GMT 2:00]
Running from: C:\Documents and Settings\lagos\Desktop\1.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 09:35 . 2008-09-23 09:35 <DIR> d-------- C:\Documents and Settings\lagos\Application Data\Corel
2008-09-23 09:28 . 2008-09-23 09:28 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-09-23 09:28 . 2008-09-23 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-09-22 18:29 . 2008-09-22 18:29 <DIR> d-------- C:\Documents and Settings\lagos\.ssh
2008-09-22 18:28 . 2008-09-22 18:28 <DIR> d-------- C:\Program Files\NX Client for Windows
2008-09-22 18:28 . 2008-09-22 18:29 <DIR> d-------- C:\Documents and Settings\lagos\.nx
2008-09-22 10:21 . 2008-09-22 10:21 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-22 10:21 . 2008-09-22 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-18 09:11 . 2008-09-22 10:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-18 09:02 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-18 08:59 . 2008-09-18 09:01 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-18 08:59 . 2008-09-18 08:59 <DIR> d-------- C:\WINDOWS\Logs
2008-09-18 08:51 . 2008-09-18 08:52 <DIR> d-------- C:\Program Files\Google
2008-09-18 08:51 . 2008-09-22 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-18 08:28 . 2008-09-18 08:28 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 16:58 . 2008-09-16 16:59 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-12 15:00 . 2008-09-18 09:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-09 17:40 . 2008-09-23 08:19 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-09 17:40 . 2008-09-09 17:40 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-09 17:40 . 2008-09-09 17:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-09 17:39 . 2008-09-09 17:39 <DIR> d-------- C:\Program Files\AVG
2008-09-09 17:39 . 2008-09-09 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-09 10:57 . 2008-09-09 10:57 <DIR> d-------- C:\000_Old_data
2008-09-09 10:50 . 2008-09-09 10:50 <DIR> d-------- C:\Program Files\MSECache
2008-09-09 10:46 . 2008-09-09 10:46 <DIR> d-------- C:\Program Files\Notepad++
2008-09-09 10:46 . 2008-09-09 10:47 <DIR> d-------- C:\Documents and Settings\lagos\Application Data\Notepad++
2008-09-09 10:11 . 2008-09-09 10:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 09:54 . 2006-08-29 16:27 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-08 14:44 . 2008-09-08 14:44 <DIR> d-------- C:\Program Files\LizardTech
2008-09-05 18:28 . 2008-09-05 18:28 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-05 14:20 . 2008-09-05 14:20 <DIR> d-------- C:\WINDOWS\Sun
2008-09-05 14:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-05 14:10 . 2008-09-05 14:11 <DIR> d-------- C:\Program Files\Java
2008-09-05 14:09 . 2008-09-05 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-05 12:38 . 2008-09-05 14:05 3,015 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-05 12:16 . 2008-04-14 02:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 12:16 . 2008-04-14 02:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-09-05 12:16 . 2008-04-14 02:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-09-05 12:16 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:14 . 2008-04-14 02:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 11:52 . 2008-09-05 14:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Program Files\Attachmate
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Attachmate
2008-09-05 10:17 . 2008-09-05 10:17 <DIR> d-------- C:\Program Files\WinSCP
2008-09-04 19:44 . 2008-09-22 18:30 <DIR> d-------- C:\Documents and Settings\lagos
2008-09-04 19:28 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-04 19:25 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-04 19:25 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-04 19:23 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 07:28 --------- d-----w C:\Program Files\Corel
2008-09-10 16:07 --------- d-----w C:\Program Files\gs
2008-09-08 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-07-19 14:17 88,761 ----a-w C:\WINDOWS\inf\pxiclean.exe
2004-03-15 15:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 07:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 08:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
2007-02-25 17:49 56 --sh--r C:\WINDOWS\system32\8484796E8A.sys
2007-11-29 07:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-09_10.38.31.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-18 07:02:40 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-09-18 07:02:40 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-09-18 07:02:41 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-09-18 07:02:20 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:22 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:23 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:24 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:25 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:26 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:27 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:27 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:28 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:41 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 07:02:42 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-09-18 07:02:42 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-09-18 07:02:43 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-09-18 07:02:44 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-09-18 07:02:38 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-09-18 06:52:59 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
- 2007-02-25 17:48:42 65,536 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\ARPPRODUCTICON.exe
+ 2008-09-23 07:32:52 65,536 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\ARPPRODUCTICON.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9_1.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9_1.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut90.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut90.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut900.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut900.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9000.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9000.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9001.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9001.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut901.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut901.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut902.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut902.exe
+ 2008-09-23 07:32:52 513,576 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut903_CC5820041A9C446BB9018F9ECF582DD1.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut91.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut91.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut910.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut910.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9100.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9100.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9101.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9101.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut911.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut911.exe
- 2007-02-25 17:48:42 45,056 -c--a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut912.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut912.exe
+ 2008-09-23 07:32:52 513,576 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut913_CC5820041A9C446BB9018F9ECF582DD1.exe
+ 2008-09-23 07:32:52 49,152 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut92_CC5820041A9C446BB9018F9ECF582DD1.exe
+ 2008-09-23 07:32:52 513,576 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut93_CC5820041A9C446BB9018F9ECF582DD1.exe
+ 2008-09-23 07:30:39 22,758 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\ARPPRODUCTICON.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut1.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut2.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut4.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut5.exe
+ 2008-09-23 07:30:39 65,536 ----a-r C:\WINDOWS\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut8.exe
+ 2008-09-09 08:51:08 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-09-22 08:20:33 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe
+ 2008-09-22 08:20:36 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-09-22 08:20:36 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-09-22 08:20:36 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Distiller.exe
+ 2008-09-22 08:20:36 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-09-22 08:20:33 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-09-18 07:12:44 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1040-7B44-A81200000003}\SC_Reader.exe
+ 2008-09-18 07:13:07 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
- 2007-02-25 17:48:34 65,536 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\ARPPRODUCTICON.exe
+ 2008-09-23 07:32:37 65,536 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\ARPPRODUCTICON.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1028.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1028.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1031.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1031.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1036.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1036.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1040.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1040.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1041.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1041.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1042.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1042.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1043.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1043.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1046.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1046.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1053.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1053.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_2052.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:36 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_2052.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
- 2007-02-25 17:48:34 34,304 -c--a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_3082.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:32:37 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_3082.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-09-23 07:31:54 65,536 ----a-r C:\WINDOWS\Installer\{ECE923A3-A411-4494-B6E6-78F13B71BEBF}\ARPPRODUCTICON.exe
+ 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-09-29 04:56:38 28,248 ----a-r C:\WINDOWS\system32\AdobePDF.dll
+ 2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-19 16:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 13:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
+ 2008-03-05 13:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
+ 2008-05-30 12:11:46 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
+ 2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-19 16:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 07:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
+ 2008-02-05 21:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
+ 2008-05-30 12:11:46 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
+ 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-19 16:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 13:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
+ 2008-03-05 13:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
+ 2008-05-30 12:11:46 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
+ 2008-09-09 15:40:18 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-09-05 12:01:54 256,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-22 08:29:09 277,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-05 09:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2006-10-22 21:37:38 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2006-10-22 21:37:52 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2006-10-22 21:37:38 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADReGP.dll
+ 2006-10-22 21:37:52 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.DLL
+ 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-10-22 01:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
+ 2008-03-05 14:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
+ 2008-05-30 12:17:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
+ 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2007-10-22 01:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
+ 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 13:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-20 18:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-19 22:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
+ 2008-03-05 14:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
+ 2008-05-30 12:18:52 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
+ 2008-05-30 12:17:30 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
+ 2008-03-05 14:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
+ 2008-05-30 12:19:18 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
- 2007-02-25 17:47:04 1,230,336 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2008-09-23 07:29:40 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
- 2007-02-25 17:47:04 82,432 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2008-09-23 07:29:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-06-05 13:47:40 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 13:47:48 1,080,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 13:47:50 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 13:47:50 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-23 282624]
"niDevMon"="C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2006-07-18 58880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-09 1235736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-09-22 295606]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-22 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logoff\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logon\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys [2006-07-13 557568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-09 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-09 231704]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2006-02-13 31334]
R2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2006-02-13 199783]
R2 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 mxssvr;NI Configuration Manager;C:\Program Files\National Instruments\MAX\nimxs.exe [2006-07-15 5728]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.dll [2006-07-04 37376]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffrk.dll [2006-07-04 21504]
R2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nidaq32k.sys [2006-07-04 674304]
R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2006-07-13 159232]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2006-07-04 50688]
R2 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfk.dll [2006-07-20 200704]
R2 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgk.dll [2006-07-10 979456]
R2 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrk.dll [2006-07-20 370176]
R2 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslk.dll [2006-07-16 81920]
R2 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplk.dll [2006-02-15 101376]
R2 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdrk.dll [2006-07-10 815616]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.dll [2006-07-04 30208]
R2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2006-07-16 20480]
R2 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdk.dll [2006-07-10 246784]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2006-07-18 71680]
R2 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldk.dll [2006-07-10 395776]
R2 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcdk.dll [2006-07-10 965632]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.dll [2006-07-04 111616]
R2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2006-07-16 496640]
R2 NITaggerService;National Instruments Variable Engine;C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2006-07-25 696320]
R2 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrk.dll [2006-07-20 1746432]
R2 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.dll [2006-07-16 19968]
R3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2006-07-16 171520]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2006-07-13 171008]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2006-07-13 248832]
R3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2006-07-16 137728]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2006-07-16 51712]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2006-07-13 218112]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2006-07-13 38912]
R3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2006-07-16 506880]
R3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2006-07-16 240128]
R3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2006-07-16 790528]
S2 lmgrd;Flexlm;C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [ ]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsark.dll [2006-07-20 648192]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2006-07-20 500224]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2006-06-05 14464]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-06-05 151683]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftk.dll [2006-07-16 164864]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nismbusk.sys [2006-07-18 51200]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2006-07-16 43008]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrk.dll [2006-07-20 1026560]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2006-06-06 163328]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2006-07-16 111616]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWK.sys [2006-07-14 8704]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciK.sys [2006-07-14 48128]
S3 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiK.sys [2006-07-14 10752]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2006-07-20 434688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\lagos\Application Data\Mozilla\Firefox\Profiles\u4o82t6h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/advanced_search?hl=en
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 10:02:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-23 10:08:28
ComboFix-quarantined-files.txt 2008-09-23 08:08:16
ComboFix2.txt 2008-09-09 08:38:53

Pre-Run: 24.490.844.160 bytes free
Post-Run: 24,544,473,088 bytes free

428 --- E O F --- 2008-09-11 01:03:02

[katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

Please can you post the contents of ComboFix2.txt, it should be in C:\Qoobox\ComboFix2.txt

[spectrallypure]

Hello Katana! Thanks so much for your helping me! I am attaching the requested log files.

Thanks again for your help,

Jorge.

[spectrallypure]

ComboFix 08-09-05.10 - lagos 2008-09-09 10.31.51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.237 [GMT 2:00]
Running from: C:\Documents and Settings\lagos\Desktop\Antimalware\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\d019905\Cookies\d019905@serving-sys[2].txt
C:\WINDOWS\ufdata2000.log
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-09 10:11 . 2008-09-09 10:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 09:54 . 2006-08-29 16:27 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-09 09:50 . 2008-09-09 09:50 <DIR> d-------- C:\WINDOWS\LastGood
2008-09-08 14:44 . 2008-09-08 14:44 <DIR> d-------- C:\Program Files\LizardTech
2008-09-05 18:28 . 2008-09-05 18:28 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-05 14:20 . 2008-09-05 14:20 <DIR> d-------- C:\WINDOWS\Sun
2008-09-05 14:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-05 14:10 . 2008-09-05 14:11 <DIR> d-------- C:\Program Files\Java
2008-09-05 14:09 . 2008-09-05 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-05 12:38 . 2008-09-05 14:05 3,015 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-05 12:35 . 2008-09-05 12:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-05 12:16 . 2008-04-14 02:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 12:16 . 2008-04-14 02:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-09-05 12:16 . 2008-04-14 02:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-09-05 12:16 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:14 . 2008-04-14 02:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 11:52 . 2008-09-05 14:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Program Files\Attachmate
2008-09-05 10:20 . 2008-09-05 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Attachmate
2008-09-05 10:17 . 2008-09-05 10:17 <DIR> d-------- C:\Program Files\WinSCP
2008-09-04 19:44 . 2008-09-05 10:45 <DIR> d-------- C:\Documents and Settings\lagos
2008-09-04 19:28 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-04 19:25 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-04 19:25 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-04 19:23 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-07-19 14:17 88,761 ----a-w C:\WINDOWS\inf\pxiclean.exe
2004-03-15 15:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 07:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 08:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
2007-02-25 17:49 56 --sh--r C:\WINDOWS\system32\8484796E8A.sys
2007-11-29 07:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-23 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"niDevMon"="C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2006-07-18 58880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-22 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logoff\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-484061587-839522115-18208\Scripts\Logon\0\0]
"Script"=\\polito.it\netlogon\Script03.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys [2006-07-13 557568]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2006-02-13 31334]
R2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2006-02-13 199783]
R2 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 mxssvr;NI Configuration Manager;C:\Program Files\National Instruments\MAX\nimxs.exe [2006-07-15 5728]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.dll [2006-07-04 37376]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffrk.dll [2006-07-04 21504]
R2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nidaq32k.sys [2006-07-04 674304]
R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2006-07-13 159232]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2006-07-04 50688]
R2 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfk.dll [2006-07-20 200704]
R2 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgk.dll [2006-07-10 979456]
R2 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrk.dll [2006-07-20 370176]
R2 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslk.dll [2006-07-16 81920]
R2 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplk.dll [2006-02-15 101376]
R2 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdrk.dll [2006-07-10 815616]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.dll [2006-07-04 30208]
R2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2006-07-16 20480]
R2 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdk.dll [2006-07-10 246784]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2006-07-18 71680]
R2 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldk.dll [2006-07-10 395776]
R2 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcdk.dll [2006-07-10 965632]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.dll [2006-07-04 111616]
R2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2006-07-16 496640]
R2 NITaggerService;National Instruments Variable Engine;C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2006-07-25 696320]
R2 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrk.dll [2006-07-20 1746432]
R2 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.dll [2006-07-16 19968]
R3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2006-07-16 171520]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2006-07-13 171008]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2006-07-13 248832]
R3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2006-07-16 137728]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2006-07-16 51712]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2006-07-13 218112]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2006-07-13 38912]
R3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2006-07-16 506880]
R3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2006-07-16 240128]
R3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2006-07-16 790528]
S2 lmgrd;Flexlm;C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [ ]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsark.dll [2006-07-20 648192]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2006-07-20 500224]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2006-06-05 14464]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-06-05 151683]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftk.dll [2006-07-16 164864]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nismbusk.sys [2006-07-18 51200]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2006-07-16 43008]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrk.dll [2006-07-20 1026560]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2006-06-06 163328]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2006-07-16 111616]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWK.sys [2006-07-14 8704]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciK.sys [2006-07-14 48128]
S3 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiK.sys [2006-07-14 10752]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2006-07-20 434688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\lagos\Application Data\Mozilla\Firefox\Profiles\u4o82t6h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/advanced_search?hl=en
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 10:35:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-09 10:38:52
ComboFix-quarantined-files.txt 2008-09-09 08:38:49

Pre-Run: 25,395,437,568 bytes free
Post-Run: 25,900,326,912 bytes free

174 --- E O F --- 2008-09-05 15:14:42

[spectrallypure]

Logfile of random's system information tool 1.04 (written by random/random)
Run by lagos at 2008-10-06 08:30:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (45%) free of 47 GB
Total RAM: 503 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.31.55, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\lagos\Desktop\Antimalware\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\lagos.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172219139222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\Software\..\Telephony: DomainName = ismb.polito.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{44CB30CF-D5A7-47C4-A478-6A9BAA876F59}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

--
End of file - 9594 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Supporto di collegamento per Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-18 651248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-03-23 282624]
"niDevMon"=C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [2006-07-18 58880]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
Avvio veloce di Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe"="C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe:*:Enabled:LabVIEW 8.2 Development System"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NX Client for Windows\nxclient.exe"="C:\Program Files\NX Client for Windows\nxclient.exe:*:Enabled:nxclient"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\StarNet\X-Win32 8.1\xwin32.exe"="C:\Program Files\StarNet\X-Win32 8.1\xwin32.exe:*:Enabled:X-Win32 PC X Server"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Program Files\StarNet\X-Win32\Xwin32.exe"="C:\Program Files\StarNet\X-Win32\Xwin32.exe:*:Enabled:X-Win32 X-Server"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe"="C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe:*:Enabled:LabVIEW 8.2 Development System"
"C:\Program Files\Attachmate\Reflection\Rx.exe"="C:\Program Files\Attachmate\Reflection\Rx.exe:*:Enabled:Reflection X"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hppniprint01.exe"="C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hppniprint64.exe"="C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe"
"C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hppnicifs01.exe"="C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hpntwkexe.exe"="C:\Documents and Settings\lagos\My Documents\Installers\lj2605dn\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.scr - open -
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2008-10-06 08:30:58 ----D---- C:\rsit
2008-10-06 08:22:14 ----D---- C:\WINDOWS\pss
2008-10-03 19:01:56 ----A---- C:\WINDOWS\system32\AddPort.ini
2008-10-03 18:57:57 ----A---- C:\WINDOWS\hpntwksetup.ini
2008-10-03 18:53:57 ----HD---- C:\Config.Msi
2008-10-03 18:53:17 ----D---- C:\Program Files\HP
2008-10-03 18:02:26 ----D---- C:\Program Files\Hewlett-Packard
2008-09-29 10:01:46 ----D---- C:\Documents and Settings\lagos\Application Data\WinEdt
2008-09-29 10:00:54 ----D---- C:\Program Files\WinEdt Team
2008-09-23 12:58:13 ----D---- C:\Program Files\IrfanView
2008-09-23 10:08:38 ----D---- C:\WINDOWS\temp
2008-09-23 10:08:34 ----A---- C:\ComboFix.txt
2008-09-23 09:53:58 ----D---- C:\1
2008-09-23 09:35:35 ----D---- C:\Documents and Settings\lagos\Application Data\Corel
2008-09-23 09:28:48 ----D---- C:\Program Files\Common Files\Corel
2008-09-23 09:28:47 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2008-09-22 18:28:28 ----D---- C:\Program Files\NX Client for Windows
2008-09-22 10:21:23 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-22 10:21:13 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-09-18 09:11:48 ----D---- C:\Program Files\Common Files\Adobe
2008-09-18 09:11:48 ----D---- C:\Program Files\Adobe
2008-09-18 09:03:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-18 09:03:40 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-18 09:03:40 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-18 09:03:38 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-18 09:03:38 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-18 09:03:37 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-18 09:03:35 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-18 09:03:35 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-18 09:03:35 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-18 09:03:34 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-18 09:03:32 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-18 09:03:32 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-18 09:03:31 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-18 09:03:29 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-18 09:03:28 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-18 09:03:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-18 09:03:25 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-18 09:03:25 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-18 09:03:24 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-18 09:03:23 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-09-18 09:03:21 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-09-18 09:03:21 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-18 09:03:19 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-09-18 09:03:18 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-18 09:03:16 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-09-18 09:03:16 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-18 09:03:15 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-18 09:03:13 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-09-18 09:03:13 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-09-18 09:03:11 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-09-18 09:03:11 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-18 09:03:07 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-09-18 09:03:04 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-09-18 09:03:01 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-09-18 09:02:57 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-09-18 09:02:57 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-18 09:02:53 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-09-18 09:02:52 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-09-18 09:02:51 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-09-18 09:02:50 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-09-18 09:02:49 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-09-18 09:02:49 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-18 09:02:48 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-09-18 09:02:47 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-18 09:02:46 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-18 09:02:46 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-18 09:02:45 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-18 09:02:44 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-18 09:02:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-18 09:02:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-18 09:02:35 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-18 09:02:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-18 09:02:33 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-18 09:02:33 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-18 09:02:32 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-18 09:02:29 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-18 08:59:23 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-18 08:59:14 ----D---- C:\WINDOWS\Logs
2008-09-18 08:53:20 ----D---- C:\Documents and Settings\lagos\Application Data\Google
2008-09-18 08:51:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-18 08:51:40 ----D---- C:\Program Files\Google
2008-09-18 08:28:45 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-16 16:58:59 ----HD---- C:\$AVG8.VAULT$
2008-09-11 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 17:40:24 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-09 17:39:58 ----D---- C:\Program Files\AVG
2008-09-09 17:39:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-09 10:57:24 ----D---- C:\000_Old_data
2008-09-09 10:50:33 ----D---- C:\Program Files\MSECache
2008-09-09 10:46:58 ----D---- C:\Program Files\Notepad++
2008-09-09 10:46:58 ----D---- C:\Documents and Settings\lagos\Application Data\Notepad++
2008-09-09 10:31:20 ----D---- C:\WINDOWS\erdnt
2008-09-09 10:30:37 ----AD---- C:\QooBox
2008-09-09 10:30:30 ----A---- C:\WINDOWS\zip.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\VFind.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\swsc.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\swreg.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\sed.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\grep.exe
2008-09-09 10:30:30 ----A---- C:\WINDOWS\fdsv.exe
2008-09-09 10:30:18 ----D---- C:\Combo-Fix
2008-09-09 10:11:23 ----D---- C:\Program Files\Trend Micro
2008-09-09 09:54:41 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-09 09:54:33 ----A---- C:\WINDOWS\AS_Debug.txt
2008-09-08 14:44:27 ----D---- C:\Program Files\LizardTech

======List of files/folders modified in the last 1 months======

2008-10-06 08:31:06 ----D---- C:\WINDOWS\Prefetch
2008-10-06 08:29:19 ----RASH---- C:\boot.ini
2008-10-06 08:25:53 ----SHD---- C:\WINDOWS\Installer
2008-10-06 08:24:54 ----D---- C:\Program Files\MSN Messenger
2008-10-06 08:23:29 ----D---- C:\Program Files\Mozilla Firefox
2008-10-06 08:22:14 ----D---- C:\WINDOWS
2008-10-06 06:40:04 ----D---- C:\WINDOWS\security
2008-10-03 19:58:15 ----A---- C:\WINDOWS\pxisys.ini
2008-10-03 19:58:15 ----A---- C:\WINDOWS\pxiesys.ini
2008-10-03 19:57:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-03 19:49:30 ----HD---- C:\WINDOWS\inf
2008-10-03 19:34:43 ----D---- C:\WINDOWS\system32
2008-10-03 18:56:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-03 18:56:03 ----D---- C:\WINDOWS\system32\drivers
2008-10-03 18:53:17 ----RD---- C:\Program Files
2008-09-26 11:54:02 ----SD---- C:\Documents and Settings\lagos\Application Data\Microsoft
2008-09-23 11:07:57 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-23 10:07:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-23 10:01:58 ----A---- C:\WINDOWS\system.ini
2008-09-23 09:59:16 ----D---- C:\WINDOWS\AppPatch
2008-09-23 09:59:16 ----D---- C:\Program Files\Common Files
2008-09-23 09:30:41 ----D---- C:\WINDOWS\WinSxS
2008-09-23 09:29:55 ----RSD---- C:\WINDOWS\Fonts
2008-09-23 09:28:47 ----D---- C:\Program Files\Corel
2008-09-22 10:21:42 ----D---- C:\Documents and Settings\lagos\Application Data\Adobe
2008-09-22 10:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-18 11:23:30 ----D---- C:\WINDOWS\Help
2008-09-18 09:03:44 ----D---- C:\WINDOWS\system32\DirectX
2008-09-18 09:02:44 ----RSD---- C:\WINDOWS\assembly
2008-09-11 03:00:43 ----A---- C:\WINDOWS\imsins.BAK
2008-09-10 18:07:09 ----D---- C:\Program Files\gs
2008-09-09 17:39:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-09 10:50:56 ----D---- C:\Program Files\Microsoft Office
2008-09-09 10:30:56 ----D---- C:\Documents and Settings\lagos\Application Data\Mozilla
2008-09-09 10:30:39 ----SHD---- C:\System Volume Information
2008-09-09 10:30:39 ----D---- C:\WINDOWS\system32\Restore
2008-09-09 09:50:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-08 14:44:27 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-08 09:38:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-09 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-09 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [1997-04-09 20768]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 gpib420;GPIB Analyzer; C:\WINDOWS\System32\drivers\gpib420.sys [2006-02-13 31334]
R2 GpibPrtK;Gpib Port; C:\WINDOWS\System32\drivers\gpibprtk.sys [2006-02-13 199783]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lvalarmk;lvalarmk; C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 niarbk;niarbk; C:\WINDOWS\system32\drivers\niarbk.dll [2006-07-04 37376]
R2 nibffrk;nibffrk; C:\WINDOWS\system32\drivers\nibffrk.dll [2006-07-04 21504]
R2 Nidaq32k;Nidaq32k; C:\WINDOWS\system32\drivers\Nidaq32k.sys [2006-07-04 674304]
R2 nidimk;nidimk; C:\WINDOWS\system32\drivers\nidimk.dll [2006-07-13 159232]
R2 nidmmk;NI DMM and Data Logger Kernel Driver; C:\WINDOWS\system32\drivers\nidmmk.dll [2006-07-04 50688]
R2 nidmxfk;nidmxfk; C:\WINDOWS\system32\drivers\nidmxfk.dll [2006-07-20 200704]
R2 nidwgk;nidwgk; C:\WINDOWS\system32\drivers\nidwgk.dll [2006-07-10 979456]
R2 niemrk;niemrk; C:\WINDOWS\system32\drivers\niemrk.dll [2006-07-20 370176]
R2 nifslk;nifslk; C:\WINDOWS\system32\drivers\nifslk.dll [2006-07-16 81920]
R2 nigplk;nigplk; C:\WINDOWS\system32\drivers\nigplk.dll [2006-02-15 101376]
R2 nihsdrk;nihsdrk; C:\WINDOWS\system32\drivers\nihsdrk.dll [2006-07-10 815616]
R2 nimdsk;nimdsk; C:\WINDOWS\system32\drivers\nimdsk.dll [2006-07-04 30208]
R2 nimxpk;nimxpk; C:\WINDOWS\system32\drivers\nimxpk.dll [2006-07-16 20480]
R2 nipsdk;nipsdk; C:\WINDOWS\system32\drivers\nipsdk.dll [2006-07-10 246784]
R2 nipxirmk;nipxirmk; C:\WINDOWS\system32\drivers\nipxirmk.dll [2006-07-18 71680]
R2 nisldk;nisldk; C:\WINDOWS\system32\drivers\nisldk.dll [2006-07-10 395776]
R2 nisrcdk;nisrcdk; C:\WINDOWS\system32\drivers\nisrcdk.dll [2006-07-10 965632]
R2 nistck;nistck; C:\WINDOWS\system32\drivers\nistck.dll [2006-07-04 111616]
R2 niswdk;niswdk; C:\WINDOWS\system32\drivers\niswdk.dll [2006-07-16 496640]
R2 nixsrk;nixsrk; C:\WINDOWS\system32\drivers\nixsrk.dll [2006-07-20 1746432]
R2 usb6xxxk;usb6xxxk; C:\WINDOWS\system32\drivers\usb6xxxk.dll [2006-07-16 19968]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nicdrk;nicdrk; C:\WINDOWS\system32\drivers\nicdrk.dll [2006-07-16 171520]
R3 nimdbgk;nimdbgk; C:\WINDOWS\system32\drivers\nimdbgk.dll [2006-07-13 171008]
R3 nimru2k;nimru2k; C:\WINDOWS\system32\drivers\nimru2k.dll [2006-07-13 248832]
R3 nimsdrk;nimsdrk; C:\WINDOWS\system32\drivers\nimsdrk.dll [2006-07-16 137728]
R3 nimstsk;nimstsk; C:\WINDOWS\system32\drivers\nimstsk.dll [2006-07-16 51712]
R3 nimxdfk;nimxdfk; C:\WINDOWS\system32\drivers\nimxdfk.dll [2006-07-13 218112]
R3 niorbk;niorbk; C:\WINDOWS\system32\drivers\niorbk.dll [2006-07-13 38912]
R3 niscdk;niscdk; C:\WINDOWS\system32\drivers\niscdk.dll [2006-07-16 506880]
R3 nisdigk;nisdigk; C:\WINDOWS\system32\drivers\nisdigk.dll [2006-07-16 240128]
R3 nitiork;nitiork; C:\WINDOWS\system32\drivers\nitiork.dll [2006-07-16 790528]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-02-25 202480]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\1\catchme.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nidsark;nidsark; C:\WINDOWS\system32\drivers\nidsark.dll [2006-07-20 648192]
S3 niesrk;niesrk; C:\WINDOWS\system32\drivers\niesrk.dll [2006-07-20 500224]
S3 nimslk;nimslk; C:\WINDOWS\system32\drivers\nimslk.dll [2006-06-05 14464]
S3 nimsrlk;nimsrlk; C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-06-05 151683]
S3 nisftk;nisftk; C:\WINDOWS\system32\drivers\nisftk.dll [2006-07-16 164864]
S3 nismbusk;nismbusk; C:\WINDOWS\system32\drivers\nismbusk.sys [2006-07-18 51200]
S3 nispdk;nispdk; C:\WINDOWS\system32\drivers\nispdk.dll [2006-07-16 43008]
S3 nissrk;nissrk; C:\WINDOWS\system32\drivers\nissrk.dll [2006-07-20 1026560]
S3 nistc2k;nistc2k; C:\WINDOWS\system32\drivers\nistc2k.dll [2006-06-06 163328]
S3 nistcrk;nistcrk; C:\WINDOWS\system32\drivers\nistcrk.dll [2006-07-16 111616]
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWK.sys [2006-07-14 8704]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciK.sys [2006-07-14 48128]
S3 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiK.sys [2006-07-14 10752]
S3 niwfrk;niwfrk; C:\WINDOWS\system32\drivers\niwfrk.dll [2006-07-20 434688]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-09 231704]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [1997-04-09 50176]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-18 137200]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2006-06-19 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2006-07-25 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2006-07-25 57344]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2006-07-15 5728]
R2 nidevldu;nidevldu; C:\WINDOWS\system32\nipalsm.exe [2005-09-22 5728]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2006-07-25 200704]
R2 nipxirmu;nipxirmu; C:\WINDOWS\system32\nipalsm.exe [2005-09-22 5728]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2006-02-06 49152]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2006-07-25 696320]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-22 654848]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 lmgrd;Flexlm; C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2006-06-27 1007616]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2004-12-02 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

[spectrallypure]

info.txt logfile of random's system information tool 1.04 2008-10-06 08:32:02

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8 Professional - Italiano, Español, Nederlands-->msiexec /I {AC76BA86-1040-7D00-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A81200000003}
Attachmate Reflection X 14.0.4 Evaluation-->MsiExec.exe /I{31A9F049-2143-4730-8DF9-F53340C071BA}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CorelDRAW Graphics Suite X3-->C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} C:\DOCUME~1\lagos\LOCALS~1\Temp\CGSX3.log
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
Crystal10-->MsiExec.exe /I{91FD3E1D-FE00-4ECB-8379-204704812A9D}
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPL Ghostscript 8.56-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.56\uninstal.txt"
GPL Ghostscript 8.63-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.63\uninstal.txt"
GPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
GSview 4.8-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GSview 4.9-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IT-->MsiExec.exe /I{E67517F1-8EAA-44AB-9544-268433A78B24}
IVI Shared Components-->CleanupUtility.exe /fromARP
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
MATLAB R2006b-->C:\Program Files\MATLAB\R2006b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2006b\
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MiKTeX 2.6-->"C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
National Instruments Software-->"C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
Nero 7-->MsiExec.exe /I{C0794D51-7A5E-4186-8416-AD8D61F01033}
NI EULA Depot-->MsiExec.exe /I{BFFA28AF-B61D-4308-8DE9-2BCFB508DD4B}
NI MDF Support-->MsiExec.exe /I{689E9894-FADF-41DA-836E-BCAAE52C7EA1}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NX Client for Windows 3.2.0-13-->"C:\Program Files\NX Client for Windows\unins000.exe"
Orcad Family Release 9.2 Standalone-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Orcad\Uninst_Standalone.isu"
Protel 99 SE Trial Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB490160-A606-11D3-9B22-00A0C971727F}\setup.exe"
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{A511414C-4846-4630-8AC0-B156D8CB1FC0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinEdt-->"C:\Program Files\WinEdt Team\WinEdt\unins000.exe"
WinSCP 4.1.2 beta-->"C:\Program Files\WinSCP\unins000.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
X-Win32-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\StarNet\X-Win32\Uninst.isu"

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\MiKTeX 2.6\miktex\bin;C:\Program Files\MATLAB\R2006b\bin;C:\Program Files\MATLAB\R2006b\bin\win32;C:\Program Files\IVI\bin;C:\VXIPNP\WinNT\Bin;C:\Program Files\Attachmate\Reflection
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CDS_LIC_FILE"=27001@apollo14
"CONCEPT_INST_DIR"=%CDSROOT%
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES
"VXIPNPPATH"=C:\VXIPNP\
"NIDAQmxSwitchDir"=C:\Program Files\National Instruments\NI-DAQ\Switch\

-----------------EOF-----------------

[katana]

Quick question, is this machine connected to a business/office network at all ?

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\Software\..\Telephony: DomainName = ismb.polito.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{44CB30CF-D5A7-47C4-A478-6A9BAA876F59}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ismb.polito.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{04159B8B-C134-4DA0-8C97-313B82CB92B5}: NameServer = 130.192.3.21,130.192.3.24

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

[spectrallypure]

Quick question, is this machine connected to a business/office network at all ?

Yep. It's a lab laptop used for field experiments; as such we don't have any support for it, unluckily.

I performed the Kaspersky scan overnight; please find below the resulting report. As in other ocassions, Kaspersky doesn't find any infections! :|

Cheers,

Jorge.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 06, 2008 13:05:11
Records in database: 1294374
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 264479
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 06:52:06

No malware has been detected. The scan area is clean.

The selected area was scanned.