Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:07, on 3.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
D:\Työkalut & Ohjelmat\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svghost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
D:\Työkalut & Ohjelmat\TuneUp Utilities 2008\MemOptimizer.exe
D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSync2.exe
D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe
D:\Työkalut & Ohjelmat\Orbitdownloader\orbitdm.exe
D:\Työkalut & Ohjelmat\4t Tray Minimizer\4t-min.exe
D:\Työkalut & Ohjelmat\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\snmp.exe
D:\Työkalut & Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe
C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\hjt\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Työkalut & Ohjelmat\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet 0.97\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Työkalut & Ohjelmat\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Työkalut & Ohjelmat\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Windows Sound] svghost.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svghost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Työkalut & Ohjelmat\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WinSnap] D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe" /tray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Työkalut & Ohjelmat\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSN Webcam Recorder] "D:\Työkalut & Ohjelmat\MSN Webcam Recorder\ml20gui.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = ?
O4 - Global Startup: Orbit.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Työkalut & Ohjelmat\BitComet 0.97\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89FD55CC-0120-4934-AFBB-DBDEA858D686}: NameServer = 62.148.192.130,62.148.192.154
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Työkalut & Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe

--
End of file - 13825 bytes

Ongelmasta päätellen sul on Trojan.Win32.Virtumondo tyyppinen virus joten kannattaa ajaa Super Anti-Spyware Sekä Anti-Malware ja kaiken päälle lopuksi CCleaner

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

SDFix:


SDFix: Version 1.201
Run by Johtaja on to 03.07.2008 at 17:54

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Johtaja\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\system32\svghost.exe - Deleted
C:\WINDOWS\system32\winsecurityxp\mswinup.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 18:12:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Työkalut & Ohjelmat\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:cf,78,79,2a,6e,65,e4,5b,8f,1e,c4,99,32,ee,41,66,70,cb,8c,ae,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:26,67,62,40,87,f1,f8,d8,01,66,a0,01,39,89,8d,7b,36,a4,a3,08,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6e,cd,b8,e8,d7,3c,66,9f,0a,f9,0e,c0,4e,7e,f9,4f,80,..
"khjeh"=hex:48,9e,f5,26,ae,66,7a,82,f8,fb,4e,c8,e3,2b,b2,6e,1f,ce,21,0c,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:66,50,ea,85,e1,b4,3a,9e,fb,2a,08,b4,66,83,56,17,b4,e7,3e,01,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2bb70d58
"s2"=dword:23bb4873
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Työkalut & Ohjelmat\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:d8,ff,13,be,8e,9a,d1,ef,95,4d,31,fa,ba,2c,40,f9,fb,4d,18,96,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:26,67,62,40,87,f1,f8,d8,01,66,a0,01,39,89,8d,7b,36,a4,a3,08,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6e,cd,b8,e8,d7,3c,66,9f,0a,f9,0e,c0,4e,7e,f9,4f,80,..
"khjeh"=hex:48,9e,f5,26,ae,66,7a,82,f8,fb,4e,c8,e3,2b,b2,6e,1f,ce,21,0c,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:66,50,ea,85,e1,b4,3a,9e,fb,2a,08,b4,66,83,56,17,b4,e7,3e,01,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Työkalut & Ohjelmat\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:6c,57,52,04,e1,48,b6,f4,79,e0,86,e1,2f,84,37,6c,be,23,9f,cf,41,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:26,67,62,40,87,f1,f8,d8,01,66,a0,01,39,89,8d,7b,36,a4,a3,08,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6e,cd,b8,e8,d7,3c,66,9f,0a,f9,0e,c0,4e,7e,f9,4f,80,..
"khjeh"=hex:48,9e,f5,26,ae,66,7a,82,f8,fb,4e,c8,e3,2b,b2,6e,1f,ce,21,0c,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:66,50,ea,85,e1,b4,3a,9e,fb,2a,08,b4,66,83,56,17,b4,e7,3e,01,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Työkalut & Ohjelmat\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:d8,ff,13,be,8e,9a,d1,ef,95,4d,31,fa,ba,2c,40,f9,fb,4d,18,96,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:26,67,62,40,87,f1,f8,d8,01,66,a0,01,39,89,8d,7b,36,a4,a3,08,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6e,cd,b8,e8,d7,3c,66,9f,0a,f9,0e,c0,4e,7e,f9,4f,80,..
"khjeh"=hex:48,9e,f5,26,ae,66,7a,82,f8,fb,4e,c8,e3,2b,b2,6e,1f,ce,21,0c,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:66,50,ea,85,e1,b4,3a,9e,fb,2a,08,b4,66,83,56,17,b4,e7,3e,01,ec,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36361C48-D9AC-38F4-6A27-2F88212F1EE0}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Pelit\\Tom Clancy's rainbow six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="D:\\Pelit\\Tom Clancy's rainbow six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"D:\\Pelit\\Tom Clancy's rainbow six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="D:\\Pelit\\Tom Clancy's rainbow six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitnet.exe"="D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitdm.exe"="D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Johtaja\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 21 Jan 2008 88 ..SHR --- "C:\WINDOWS\system32\A843755FCC.sys"
Sat 26 Jan 2008 56 ..SHR --- "C:\WINDOWS\system32\CC5F7543A8.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 16 Apr 2008 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Wed 14 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sat 20 Jan 2007 2,547 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti9B.tmp"
Thu 15 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 1 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c909c63b4fa217757574b9dcdd658c3\BITD.tmp"
Tue 1 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7779524ce1b472c62f1b0f1a192676ad\BITE.tmp"
Tue 1 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9664ff6405d9e0e32778ca8618d4be26\BITC.tmp"
Tue 1 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9ec3943a72ea4aa7fb7b808e2b7554c8\BITB.tmp"
Sun 27 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT24.tmp"
Tue 1 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb1cc7c8ed3868a5a32ffb677fe0fde8\BITF.tmp"
Sat 30 Jun 2007 857 ...HR --- "C:\Documents and Settings\ghjf\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 1 Dec 2007 1,326 ...HR --- "C:\Documents and Settings\Johtaja\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!



HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:21, on 3.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\snmp.exe
D:\Työkalut & Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe
D:\Työkalut & Ohjelmat\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
D:\Työkalut & Ohjelmat\TuneUp Utilities 2008\MemOptimizer.exe
D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe
D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSync2.exe
D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Työkalut & Ohjelmat\MSN Webcam Recorder\ml20gui.exe
D:\Työkalut & Ohjelmat\Orbitdownloader\orbitdm.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
D:\Työkalut & Ohjelmat\4t Tray Minimizer\4t-min.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Työkalut & Ohjelmat\Orbitdownloader\orbitnet.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Työkalut & Ohjelmat\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet 0.97\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Työkalut & Ohjelmat\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Työkalut & Ohjelmat\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Työkalut & Ohjelmat\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WinSnap] D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe" /tray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Työkalut & Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Työkalut & Ohjelmat\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSN Webcam Recorder] "D:\Työkalut & Ohjelmat\MSN Webcam Recorder\ml20gui.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = ?
O4 - Global Startup: Orbit.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.97\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Työkalut & Ohjelmat\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Työkalut & Ohjelmat\BitComet 0.97\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89FD55CC-0120-4934-AFBB-DBDEA858D686}: NameServer = 62.148.192.130,62.148.192.154
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Työkalut & Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe

--
End of file - 13495 bytes

---

---

scannaa hjt:llä merkkaa paina Fix checked

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

tässä tulee :D


Malwarebytes' Anti-Malware 1.19
Database version: 918
Windows 5.1.2600 Service Pack 3

20:56:46 3.7.2008
mbam-log-7-3-2008 (20-56-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 204992
Time elapsed: 1 hour(s), 15 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Johtaja\DoctorWeb\Quarantine\A0045592.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF4376B6-F5E3-4900-ADE7-8D14FE17138E}\RP74\A0031491.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF4376B6-F5E3-4900-ADE7-8D14FE17138E}\RP74\A0032500.exe (Trojan.Agent) -> Quarantined and deleted successfully.

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

no voi juma... toi pitää pistää kyl rapidshareen... joutus liian moneen osaan pistään ton muuten... tuli kyl pitkä loki...

http://rapidshare.com/files/126881636/log.txt.html

eipä näy tuota lokia tuosta

hmph... no miten mä ton sit pistän? yritin jo tänne mut ei onnistunu...

kone yritti n. 2-3 tunnin ajan lähettää tuota lokia tänne... sen jälkeen tuli tälläinen ilmoitus:

http://img77.imageshack.us/my.php?image=nimetnki8.png

ComboFix 08-07-02.5 - Johtaja 2008-07-03 21:13:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1259 [GMT 3:00]
Running from: C:\Documents and Settings\Johtaja\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Johtaja\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 19:38 . 2008-07-03 19:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 19:38 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-03 19:38 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-02 17:59 . 2008-07-02 18:05 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\EditPlus 3
2008-07-01 11:53 . 2008-07-01 11:54 <DIR> d-------- C:\Python25
2008-06-30 22:51 . 2008-06-30 22:51 <DIR> d-------- C:\Program Files\MSBuild
2008-06-30 22:51 . 2008-06-30 22:51 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-30 22:49 . 2008-06-30 22:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-30 22:47 . 2008-06-30 23:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-30 22:47 . 2008-06-30 22:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-30 22:45 . 2008-06-30 22:45 <DIR> dr-h----- C:\MSOCache
2008-06-30 15:46 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-30 15:37 . 2008-07-02 16:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-22 22:34 . 2008-06-22 22:34 <DIR> d-------- C:\Program Files\WinPcap
2008-06-18 22:46 . 2008-06-18 22:46 <DIR> d-------- C:\Program Files\iTunes
2008-06-15 14:47 . 2008-07-03 20:02 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-06-14 02:30 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-13 03:38 . 2008-06-13 03:38 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\RealVNC
2008-06-13 02:50 . 2008-05-12 11:57 20,992 --a------ C:\WINDOWS\system32\vncmirror.dll
2008-06-13 02:50 . 2008-05-12 11:57 4,608 --a------ C:\WINDOWS\system32\drivers\vncmirror.sys
2008-06-13 01:52 . 2008-06-13 01:52 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\Nokia Multimedia Player
2008-06-12 20:10 . 2008-06-12 20:10 7,680 --a------ C:\WINDOWS\system32\drivers\RKL169.tmp.sys
2008-06-12 19:46 . 2008-06-12 19:46 7,680 --a------ C:\WINDOWS\system32\drivers\RKL159.tmp.sys
2008-06-12 19:39 . 2008-06-12 19:39 7,680 --a------ C:\WINDOWS\system32\drivers\RKL158.tmp.sys
2008-06-12 18:11 . 2008-06-17 09:48 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-12 16:34 . 2008-06-12 16:34 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\TeamViewer
2008-06-12 16:32 . 2008-06-12 16:32 <DIR> d-------- C:\Documents and Settings\Johtaja\temp
2008-06-11 22:56 . 2008-06-11 22:56 <DIR> d-------- C:\win xp service pack 3
2008-06-11 22:11 . 2008-06-11 22:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-11 17:47 . 2008-06-11 18:11 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\GrabPro
2008-06-11 11:43 . 2008-06-13 14:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:43 . 2008-06-13 14:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 11:41 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 18:07 . 2008-06-11 22:31 2,285,056 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-06-09 17:58 . 2008-06-09 18:02 <DIR> d--h----- C:\WINDOWS\Icons
2008-06-08 19:32 . 2008-06-08 19:33 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-08 19:32 . 2008-06-08 19:32 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\SystemRequirementsLab
2008-06-08 17:48 . 2008-06-08 17:48 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\TuneUp Software
2008-06-08 17:48 . 2008-06-08 17:48 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-08 17:48 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-08 17:47 . 2008-06-08 17:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-06-08 17:18 . 2008-06-08 17:18 19 --a------ C:\WINDOWS\info4.ini
2008-06-08 17:18 . 2008-06-08 17:18 19 --a------ C:\WINDOWS\info3.ini
2008-06-08 17:18 . 2008-06-08 17:18 19 --a------ C:\WINDOWS\info13.ini
2008-06-08 17:18 . 2008-06-08 17:18 19 --a------ C:\WINDOWS\info10.ini
2008-06-08 17:15 . 2008-06-08 17:15 <DIR> d-------- C:\Program Files\Common Files\ActiveXperts
2008-06-07 02:54 . 2008-06-07 02:54 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\Malwarebytes
2008-06-07 02:54 . 2008-06-07 02:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-07 01:17 . 2008-06-15 12:53 5,632 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-06-05 22:59 . 2008-06-05 22:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-06-04 14:03 . 2008-06-11 18:17 636 --a------ C:\WINDOWS\PhotoBrush.INI
2008-06-04 13:32 . 2008-06-04 13:32 <DIR> d-------- C:\Documents and Settings\Johtaja\.thumbnails
2008-06-04 13:31 . 2008-06-04 13:32 <DIR> d-------- C:\Documents and Settings\Johtaja\Application Data\gtk-2.0
2008-06-04 13:29 . 2008-06-04 13:34 <DIR> d-------- C:\Documents and Settings\Johtaja\.gimp-2.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 18:23 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\Orbit
2008-07-03 07:20 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-07-03 00:34 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\TeraCopy
2008-07-02 19:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-02 17:22 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\Vso
2008-07-01 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 18:16 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\dvdcss
2008-06-18 19:46 --------- d-----w C:\Program Files\iPod
2008-06-15 15:05 --------- d-----w C:\Program Files\QuickTime
2008-06-15 15:01 --------- d-----w C:\Program Files\Apple Software Update
2008-06-14 11:00 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-14 11:00 47,360 ----a-w C:\Documents and Settings\Johtaja\Application Data\pcouffin.sys
2008-06-12 15:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-06-12 09:33 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\OpenOffice.org2
2008-06-09 08:53 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\uTorrent
2008-06-09 08:53 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\LimeWire
2008-06-08 14:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 18:40 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\Eltima Software
2008-06-05 19:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-05 19:59 22,328 ----a-w C:\Documents and Settings\Johtaja\Application Data\PnkBstrK.sys
2008-06-02 19:44 --------- d-----w C:\Program Files\StuffPlug3
2008-06-01 11:48 --------- d-----w C:\Documents and Settings\Johtaja\Application Data\Ahead
2008-06-01 00:20 --------- d-----w C:\Program Files\Astonsoft
2008-05-29 11:40 --------- d-----w C:\Program Files\uTorrent
2008-05-28 12:05 --------- d-----w C:\Program Files\Universal Document Converter
2008-05-25 11:33 --------- d-----w C:\Program Files\vso
2008-05-17 09:54 --------- d-----w C:\Program Files\EA Games
2008-05-16 19:18 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 02:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 02:41 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 02:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 02:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 02:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 02:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2007-08-10 20:33 47,360 ----a-w C:\Documents and Settings\ghjf\Application Data\pcouffin.sys
2007-08-05 14:09 94,208 ----a-w C:\Documents and Settings\ghjf\Application Data\ezplay.sys
2007-08-04 12:00 81,920 ----a-w C:\Documents and Settings\ghjf\Application Data\ezpinst.exe
2007-07-18 13:42 64,007 ----a-w C:\Program Files\Firefox Setup 2.0.0.5.exe
2007-06-08 21:18 60,488,734 ----a-w C:\Program Files\openofficeorg3.cab
2007-06-08 21:18 3,107,691 ----a-w C:\Program Files\openofficeorg4.cab
2007-06-08 21:15 15,241,445 ----a-w C:\Program Files\openofficeorg2.cab
2007-06-08 21:14 4,849,664 ----a-w C:\Program Files\openofficeorg22.msi
2007-06-08 21:14 217 ----a-w C:\Program Files\setup.ini
2007-06-08 21:14 17,937,115 ----a-w C:\Program Files\openofficeorg1.cab
2007-06-08 21:14 1,821,008 ----a-w C:\Program Files\instmsiw.exe
2007-06-08 21:14 1,707,856 ----a-w C:\Program Files\instmsia.exe
2007-02-02 20:36 21,822,168 ----a-w C:\Program Files\AdbeRdr80_en_US.exe
2007-01-27 15:48 1,951,432 ----a-w C:\Program Files\ppviewer.exe
2007-01-18 16:18 87,608 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-01-18 16:18 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2008-01-21 16:49 88 --sh--r C:\WINDOWS\system32\A843755FCC.sys
2008-01-26 12:41 56 --sh--r C:\WINDOWS\system32\CC5F7543A8.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-07_ 2.31.54.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-19 11:28:13 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-06-11 19:16:59 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-04-26 15:53:40 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-06-30 19:51:34 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
- 2007-08-19 11:31:43 111,616 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2008-06-11 19:25:32 111,616 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2007-08-19 11:28:13 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-06-11 19:16:56 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-08-19 11:28:13 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-11 19:16:59 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-30 19:51:33 65,536 ----a-w C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
- 2007-08-19 11:31:43 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2008-06-11 19:24:57 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2007-08-19 11:31:43 1,740,800 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2008-06-11 19:25:23 1,740,800 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2007-08-19 11:31:43 180,224 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2008-06-11 19:25:27 180,224 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2007-08-19 11:31:43 811,008 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2008-06-11 19:25:11 811,008 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2007-08-19 11:31:43 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2008-06-11 19:24:57 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2007-08-19 11:31:43 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2008-06-11 19:24:49 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2007-08-19 11:31:43 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2008-06-11 19:25:06 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2007-08-19 11:31:43 139,264 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2008-06-11 19:25:00 139,264 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2007-08-19 11:31:43 348,160 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2008-06-11 19:25:03 348,160 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2007-08-19 11:31:43 16,896 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2008-06-11 19:25:04 16,896 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2007-08-19 11:31:43 258,048 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2008-06-11 19:25:05 258,048 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2007-08-19 11:31:43 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2008-06-11 19:24:44 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2007-08-19 11:31:43 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2008-06-11 19:25:33 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2007-08-19 11:31:43 331,776 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2008-06-11 19:24:54 331,776 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2008-06-30 19:51:36 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-06-30 19:51:31 1,215,328 ----a-w C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2008-06-30 19:51:31 82,784 ----a-w C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
- 2007-08-19 11:28:14 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-11 19:17:03 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-08-19 11:28:14 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-11 19:17:03 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-08-19 11:28:14 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-11 19:17:03 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-30 19:51:21 31,560 ----a-w C:\WINDOWS\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
- 2007-08-19 11:28:14 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-06-11 19:17:03 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-06-05 19:58:12 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-06-15 11:24:19 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-06-05 19:58:12 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-06-15 11:24:20 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-06-05 19:58:12 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-06-15 11:24:20 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-06-05 19:58:08 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-15 11:24:20 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-06-05 19:58:13 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-06-15 11:24:20 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-06-05 19:58:13 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-06-15 11:24:21 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-06-05 19:58:14 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-06-15 11:24:21 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-06-05 19:58:14 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-06-15 11:24:21 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-06-05 19:58:11 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-15 11:24:19 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2007-08-19 11:28:13 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-11 19:16:56 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-08-19 11:31:43 40,960 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-06-11 19:25:35 40,960 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-06-30 19:51:34 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-06-30 19:51:21 16,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2008-06-30 19:49:32 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-06-30 19:50:10 1,612,592 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2008-06-30 19:50:11 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-06-30 19:50:11 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-06-30 19:51:22 404,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2008-06-30 19:50:13 88,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-06-30 19:50:13 146,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2008-06-30 19:51:05 17,208 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2008-06-30 19:50:12 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-06-30 19:50:12 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-06-30 19:50:12 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-06-30 19:50:12 232,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2008-06-30 19:50:11 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-06-30 19:50:13 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-06-30 19:51:33 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-06-30 19:50:11 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-06-30 19:50:12 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2007-08-19 11:28:13 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-06-11 19:16:55 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-08-19 11:28:13 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-11 19:16:57 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-08-19 11:28:13 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-06-11 19:16:58 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
- 2007-08-19 11:28:13 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-06-11 19:16:54 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-08-19 11:28:13 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-06-11 19:16:55 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-08-19 11:28:13 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-06-11 19:16:55 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-04-26 15:53:39 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-06-30 19:51:33 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
- 2007-08-19 11:28:14 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-06-11 19:17:04 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2008-04-26 15:53:40 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-06-30 19:51:34 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-06-30 19:50:12 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-30 19:49:31 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2008-06-30 19:49:34 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-06-30 19:50:22 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-06-30 19:51:22 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-06-30 19:51:22 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2008-06-30 19:51:07 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Offi