Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

kxvo.exe PLEASE HELP [RESOLVED]

Started by amm007 , Mar 05 2008 08:19 AM

  • This topic is locked This topic is locked

#316
amm007
Posted 01 September 2008 - 06:17 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
that's my removable hard disk.
  • 0

Advertisements

#317
kahdah
Posted 01 September 2008 - 06:46 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I will need to you show hidden files\folders so we can delete the file.
To Set:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK


Then go to Start> My Computer> F:\
Then Find and delete this file > F:\Autorun.inf

After that run the Hosts file expert again.
Then reboot and run the OT scan it tool again and you can attach the log herer for me to see.

Then also let me know of any redirections please.
  • 0

#318
amm007
Posted 01 September 2008 - 07:26 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
I still cant delete even after doing that. Redirection still present
  • 0

#319
kahdah
Posted 01 September 2008 - 07:31 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes they will be present until that file is gone.

See if you can delete it in safe mode.

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.


Let me know if goes or not?
  • 0

#320
amm007
Posted 01 September 2008 - 08:08 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
isnt it that file is generated from flash disifector? alright.ill follow the safe mode instructions
  • 0

#321
kahdah
Posted 01 September 2008 - 08:45 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Does it say that it is?
We haven't used Flash Disenfector for this computer since you reformated it.
  • 0

#322
amm007
Posted 04 September 2008 - 06:33 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
yes it is so.this is the removable hard disk which i haven't formatted. but it surprises me why it is undeletable when it should be. we used flash disinfector previously.
  • 0

#323
kahdah
Posted 05 September 2008 - 03:43 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes it is put there to prevent a re-infection I couldn't tell from herer that it was the flash drive disinfector folder.

Nothing is showing in your log.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#324
amm007
Posted 05 September 2008 - 08:07 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Logfile of random's system information tool (written by random/random)
Run by Adrian at 2008-09-05 22:06:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (67%) free of 38 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:45 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adrian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Adrian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1219513847656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

--
End of file - 6062 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-17 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-31 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-19 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-19 2055960]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-17 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-31 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe [2008-08-16 634160]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-31 1235736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2005-10-21 871936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-04-24 1448960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-31 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Adrian^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-17 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-05 22:06:20 ----D---- C:\rsit
2008-09-05 00:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 23:08:33 ----D---- C:\Program Files\Warcraft III
2008-09-04 20:29:27 ----D---- C:\Program Files\Garena
2008-09-04 20:29:07 ----D---- C:\Documents and Settings\Adrian\Application Data\InstallShield
2008-09-01 21:25:42 ----RASHD---- C:\autorun.inf
2008-09-01 20:41:27 ----D---- C:\WINDOWS\Prefetch
2008-09-01 20:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-01 20:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-01 20:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-01 20:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-01 20:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-01 20:37:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-01 20:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-01 20:37:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-01 20:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-01 20:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-01 20:31:55 ----D---- C:\WINDOWS\system32\en-us
2008-09-01 20:31:54 ----D---- C:\WINDOWS\system32\scripting
2008-09-01 20:31:52 ----D---- C:\WINDOWS\l2schemas
2008-09-01 20:31:51 ----D---- C:\WINDOWS\system32\en
2008-09-01 20:31:50 ----D---- C:\WINDOWS\system32\bits
2008-09-01 20:27:47 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-01 20:24:53 ----D---- C:\WINDOWS\network diagnostic
2008-09-01 20:17:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-31 20:50:18 ----D---- C:\Program Files\Trend Micro
2008-08-31 20:42:29 ----D---- C:\Avenger
2008-08-31 20:42:29 ----A---- C:\avenger.txt
2008-08-31 18:37:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-31 18:36:53 ----D---- C:\Program Files\Winamp Toolbar
2008-08-31 18:36:53 ----D---- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-08-31 18:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-08-31 18:36:26 ----D---- C:\Program Files\Winamp Remote
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-08-31 18:25:51 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-31 18:25:50 ----N---- C:\WINDOWS\system32\px.dll
2008-08-31 18:25:43 ----D---- C:\Program Files\Winamp
2008-08-31 18:25:43 ----D---- C:\Documents and Settings\Adrian\Application Data\Winamp
2008-08-31 18:25:34 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-31 18:25:23 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-31 18:25:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-31 18:25:03 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-31 18:25:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-31 18:24:45 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-08-31 18:24:22 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-31 18:24:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-31 18:24:07 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-31 18:24:05 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-31 18:24:03 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-31 18:24:03 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-31 18:24:03 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-31 18:24:03 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-31 18:24:03 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-31 18:24:03 ----N---- C:\WINDOWS\slrundll.exe
2008-08-31 18:23:59 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-31 18:23:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-31 18:23:54 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-31 18:23:52 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-31 18:23:51 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-31 18:23:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-31 18:23:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-31 18:23:49 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-31 18:23:47 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-31 18:23:44 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-31 18:23:40 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-08-31 18:23:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-31 18:23:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-31 18:23:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-31 18:23:31 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-31 18:23:30 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-31 18:23:30 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-31 18:23:27 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-31 18:23:27 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-31 18:23:06 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-31 18:23:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-31 18:23:06 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-31 18:23:06 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-31 18:23:03 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-31 18:22:51 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-31 18:22:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-31 18:22:42 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-31 18:22:42 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-31 18:22:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-31 18:22:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-31 18:22:21 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-31 18:22:20 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-31 18:22:16 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-31 18:22:10 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-31 18:22:03 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-31 18:22:03 ----A---- C:\WINDOWS\003054_.tmp
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-31 18:22:01 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-31 18:21:57 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-31 18:21:57 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-31 18:21:57 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-31 18:21:57 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-31 18:21:57 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-31 18:21:57 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-31 18:21:57 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-31 18:21:55 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-31 18:21:55 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-31 18:21:55 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-31 18:21:51 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-31 18:21:45 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-31 18:21:44 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-31 18:21:43 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-31 18:21:42 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-31 18:21:42 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-31 18:21:34 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-25 14:26:35 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-25 12:33:15 ----D---- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-24 10:44:53 ----D---- C:\Documents and Settings\Adrian\Application Data\BitTorrent
2008-08-24 10:43:47 ----D---- C:\Program Files\DNA
2008-08-24 10:43:47 ----D---- C:\Documents and Settings\Adrian\Application Data\DNA
2008-08-24 10:43:45 ----D---- C:\Program Files\BitTorrent
2008-08-24 08:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-08-24 08:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-24 08:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-24 08:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-24 08:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-08-24 08:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-24 08:53:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-08-24 08:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-08-24 08:53:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-24 08:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-24 08:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-24 08:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$
2008-08-24 08:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-08-24 08:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-24 08:49:34 ----D---- C:\Program Files\MSXML 4.0
2008-08-24 08:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-08-24 05:48:10 ----D---- C:\Program Files\Mozilla Firefox
2008-08-24 05:18:48 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-24 01:57:10 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-24 01:57:09 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-24 01:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-08-24 01:57:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-24 01:49:44 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-19 11:56:13 ----D---- C:\Documents and Settings\Adrian\Application Data\WinRAR
2008-08-19 11:55:20 ----D---- C:\Program Files\WinRAR
2008-08-19 09:41:16 ----D---- C:\backup
2008-08-19 09:33:21 ----D---- C:\Documents and Settings\Adrian\Application Data\Ahead
2008-08-19 09:29:10 ----D---- C:\Program Files\Nero
2008-08-19 09:29:10 ----D---- C:\Program Files\Common Files\Ahead
2008-08-19 09:25:11 ----HD---- C:\$AVG8.VAULT$
2008-08-19 09:20:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-19 09:19:42 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-19 09:18:33 ----D---- C:\Program Files\Common Files\Adobe
2008-08-19 09:18:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-19 09:18:25 ----D---- C:\Program Files\Adobe
2008-08-19 09:09:10 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 09:09:00 ----D---- C:\Documents and Settings\Adrian\Application Data\AVGTOOLBAR
2008-08-19 09:08:49 ----D---- C:\Program Files\AVG
2008-08-19 09:08:48 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 23:57:41 ----N---- C:\WINDOWS\system32\autorun.exe
2008-08-18 23:51:59 ----D---- C:\WINDOWS\SoftwareDistribution
2008-08-18 23:51:58 ----SD---- C:\WINDOWS\system32\Microsoft
2008-08-18 23:47:00 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-18 23:46:27 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-08-18 23:46:27 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-08-18 23:46:27 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-08-18 23:46:26 ----A---- C:\WINDOWS\system32\wups.dll
2008-08-18 23:46:26 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-08-18 23:46:26 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-08-18 23:46:25 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-08-18 23:46:25 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-08-18 23:46:05 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-08-18 23:46:05 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-08-18 23:40:34 ----A---- C:\WINDOWS\system32\irclass.dll
2008-08-18 23:40:33 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-08-18 23:40:09 ----RA---- C:\WINDOWS\SET23.tmp
2008-08-18 23:40:06 ----RA---- C:\WINDOWS\SET17.tmp
2008-08-18 23:40:04 ----RA---- C:\WINDOWS\SET16.tmp
2008-08-18 23:30:49 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-08-18 23:27:50 ----SHD---- C:\WINDOWS\Installer
2008-08-18 23:27:47 ----D---- C:\Documents and Settings\Adrian\Application Data\Identities
2008-08-18 23:27:42 ----HD---- C:\Program Files\Uninstall Information
2008-08-18 23:27:28 ----ASH---- C:\Documents and Settings\Adrian\Application Data\desktop.ini
2008-08-18 23:27:27 ----SD---- C:\Documents and Settings\Adrian\Application Data\Microsoft
2008-08-18 23:26:42 ----SHD---- C:\System Volume Information
2008-08-18 23:26:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-08-18 23:23:23 ----D---- C:\WINDOWS\system32\xircom
2008-08-18 23:23:23 ----D---- C:\Program Files\xerox
2008-08-18 23:23:23 ----D---- C:\Program Files\microsoft frontpage
2008-08-18 23:23:00 ----A---- C:\WINDOWS\control.ini
2008-08-18 23:23:00 ----A---- C:\AUTOEXEC.BAT
2008-08-18 23:22:54 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-18 23:22:50 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-08-18 23:22:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-18 23:22:07 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-18 23:22:02 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-08-18 23:21:48 ----D---- C:\WINDOWS\srchasst
2008-08-18 23:21:42 ----D---- C:\WINDOWS\system32\Macromed
2008-08-18 23:21:42 ----D---- C:\WINDOWS\system32\DirectX
2008-08-18 23:21:32 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-08-18 23:21:32 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-08-18 23:21:31 ----D---- C:\Program Files\Movie Maker
2008-08-18 23:21:11 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-08-18 23:21:11 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-08-18 23:21:11 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-08-18 23:21:11 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-08-18 23:21:10 ----A---- C:\WINDOWS\system32\atrace.dll
2008-08-18 23:21:00 ----A---- C:\WINDOWS\system32\desktop.ini
2008-08-18 23:21:00 ----A---- C:\WINDOWS\desktop.ini
2008-08-18 23:20:45 ----D---- C:\WINDOWS\system32\Restore
2008-08-18 23:20:45 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-08-18 23:20:45 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-08-18 23:20:45 ----A---- C:\WINDOWS\system32\srclient.dll
2008-08-18 23:20:44 ----D---- C:\Program Files\Windows Media Player
2008-08-18 23:20:43 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-08-18 23:20:43 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-08-18 23:20:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-08-18 23:20:43 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-08-18 23:20:43 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-08-18 23:20:43 ----A---- C:\WINDOWS\system32\ils.dll
2008-08-18 23:20:42 ----A---- C:\WINDOWS\system32\msconf.dll
2008-08-18 23:20:35 ----D---- C:\Program Files\NetMeeting
2008-08-18 23:20:34 ----D---- C:\WINDOWS\PCHEALTH
2008-08-18 23:20:34 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-08-18 23:20:34 ----A---- C:\WINDOWS\system32\acctres.dll
2008-08-18 23:20:33 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-08-18 23:20:31 ----D---- C:\Program Files\Common Files\Services
2008-08-18 23:20:29 ----A---- C:\WINDOWS\system32\inetres.dll
2008-08-18 23:20:29 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-08-18 23:20:24 ----D---- C:\Program Files\Outlook Express
2008-08-18 23:20:23 ----SD---- C:\WINDOWS\Tasks
2008-08-18 23:20:23 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-08-18 23:20:23 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-08-18 23:20:23 ----A---- C:\WINDOWS\system32\mstask.dll
2008-08-18 23:20:22 ----A---- C:\WINDOWS\system32\isign32.dll
2008-08-18 23:20:22 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-08-18 23:20:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-08-18 23:20:22 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-08-18 23:20:22 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-08-18 23:20:18 ----D---- C:\Program Files\Common Files\MSSoap
2008-08-18 23:20:11 ----D---- C:\Program Files\Common Files\System
2008-08-18 23:20:08 ----D---- C:\Program Files\Internet Explorer
2008-08-18 23:19:41 ----D---- C:\Program Files\ComPlus Applications
2008-08-18 23:19:40 ----A---- C:\WINDOWS\vbaddin.ini
2008-08-18 23:19:40 ----A---- C:\WINDOWS\vb.ini
2008-08-18 23:19:36 ----D---- C:\WINDOWS\Registration
2008-08-18 23:19:29 ----HD---- C:\Program Files\WindowsUpdate
2008-08-18 23:19:29 ----D---- C:\Program Files\Online Services
2008-08-18 23:19:22 ----D---- C:\Program Files\Messenger
2008-08-18 23:19:12 ----D---- C:\Program Files\MSN
2008-08-18 23:19:04 ----D---- C:\Program Files\MSN Gaming Zone
2008-08-18 23:19:04 ----A---- C:\WINDOWS\system32\write.exe
2008-08-18 23:18:54 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-08-18 23:18:53 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-08-18 23:18:53 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-08-18 23:18:53 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-08-18 23:18:52 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-08-18 23:18:52 ----A---- C:\WINDOWS\system32\hticons.dll
2008-08-18 23:18:52 ----A---- C:\WINDOWS\system32\avwav.dll
2008-08-18 23:18:52 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-08-18 23:18:52 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-08-18 23:18:50 ----D---- C:\Program Files\Windows NT
2008-08-18 23:18:50 ----A---- C:\WINDOWS\system32\winchat.exe
2008-08-18 23:18:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-08-18 23:18:42 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-08-18 23:18:41 ----A---- C:\WINDOWS\system32\getuname.dll
2008-08-18 23:18:40 ----A---- C:\WINDOWS\system32\charmap.exe
2008-08-18 23:18:40 ----A---- C:\WINDOWS\system32\calc.exe
2008-08-18 23:18:39 ----A---- C:\WINDOWS\system32\spider.exe
2008-08-18 23:18:39 ----A---- C:\WINDOWS\system32\sol.exe
2008-08-18 23:18:38 ----A---- C:\WINDOWS\system32\winmine.exe
2008-08-18 23:18:38 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-08-18 23:18:38 ----A---- C:\WINDOWS\system32\freecell.exe
2008-08-18 23:18:37 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-08-18 23:18:37 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-08-18 23:18:37 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-08-18 23:18:37 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-08-18 23:18:36 ----A---- C:\WINDOWS\system32\reset.exe
2008-08-18 23:18:36 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-08-18 23:18:36 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-08-18 23:18:36 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-08-18 23:18:36 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-08-18 23:18:36 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\tskill.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\tscon.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\shadow.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-08-18 23:18:35 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\regini.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\msg.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\logoff.exe
2008-08-18 23:18:34 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-08-18 23:18:33 ----D---- C:\WINDOWS\system32\MsDtc
2008-08-18 23:18:33 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-08-18 23:18:33 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-08-18 23:18:33 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-08-18 23:18:32 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-08-18 23:18:32 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-08-18 23:18:32 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-08-18 23:18:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-08-18 23:18:31 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-08-18 23:18:31 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-08-18 23:18:31 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-08-18 23:18:29 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-08-18 23:18:29 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-08-18 23:18:29 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-08-18 23:18:29 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-08-18 23:18:28 ----D---- C:\WINDOWS\system32\Com
2008-08-18 23:18:28 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-08-18 23:18:28 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-08-18 23:18:28 ----A---- C:\WINDOWS\system32\colbact.dll
2008-08-18 23:18:27 ----A---- C:\WINDOWS\system32\stclient.dll
2008-08-18 23:18:27 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-08-18 23:18:27 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-08-18 23:18:26 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-08-18 23:18:26 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-08-18 23:18:26 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-08-18 23:18:25 ----A---- C:\WINDOWS\system32\comuid.dll
2008-08-18 23:18:25 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-08-18 23:18:25 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-08-18 23:18:10 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-08-18 23:18:10 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-08-18 23:18:09 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-08-18 23:18:09 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-08-18 23:18:09 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-08-18 16:34:02 ----D---- C:\WINDOWS\Provisioning
2008-08-18 16:34:02 ----D---- C:\WINDOWS\PeerNet
2008-08-18 16:34:02 ----D---- C:\WINDOWS\ehome
2008-08-18 16:17:23 ----A---- C:\WINDOWS\system32\h323log.txt
2008-08-18 16:12:20 ----A---- C:\WINDOWS\imsins.BAK
2008-08-18 16:12:16 ----D---- C:\Program Files\Common Files\ODBC
2008-08-18 16:12:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-18 16:12:16 ----A---- C:\WINDOWS\ODBCINST.INI
2008-08-18 16:12:11 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-08-18 16:12:10 ----RD---- C:\Program Files
2008-08-18 16:12:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-18 16:12:10 ----D---- C:\Program Files\Common Files
2008-08-18 16:11:49 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-08-18 16:11:48 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-08-18 16:11:43 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2008-08-18 16:11:42 ----A---- C:\WINDOWS\system32\storprop.dll
2008-08-18 16:11:36----ASH----C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-08-18 16:11:05 ----RA---- C:\WINDOWS\SET7.tmp
2008-08-18 16:11:02 ----RA---- C:\WINDOWS\SET3.tmp
2008-08-18 16:10:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-08-18 16:10:57 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-18 16:10:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-18 16:10:37 ----A---- C:\WINDOWS\setuplog.txt
2008-08-18 16:10:34 ----D---- C:\Documents and Settings
2008-08-18 16:09:50 ----SH---- C:\boot.ini
2008-08-18 16:06:52 ----D---- C:\Program Files\ChikkaV4
2008-08-18 16:06:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-18 16:06:20 ----RSD---- C:\WINDOWS\Fonts
2008-08-18 16:06:20 ----RD---- C:\WINDOWS\Web
2008-08-18 16:06:20 ----HD---- C:\WINDOWS\inf
2008-08-18 16:06:20 ----D---- C:\WINDOWS\WinSxS
2008-08-18 16:06:20 ----D---- C:\WINDOWS\twain_32
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Temp
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\wins
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\wbem
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\usmt
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\spool
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\ShellExt
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\Setup
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\ras
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\oobe
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\npp
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\mui
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\IME
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\icsxml
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\ias
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\export
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\drivers
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\dhcp
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\config
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\3com_dmi
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\3076
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\2052
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1054
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1042
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1041
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1037
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1033
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1031
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1028
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32\1025
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system32
2008-08-18 16:06:20 ----D---- C:\WINDOWS\system
2008-08-18 16:06:20 ----D---- C:\WINDOWS\security
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Resources
2008-08-18 16:06:20 ----D---- C:\WINDOWS\repair
2008-08-18 16:06:20 ----D---- C:\WINDOWS\mui
2008-08-18 16:06:20 ----D---- C:\WINDOWS\msapps
2008-08-18 16:06:20 ----D---- C:\WINDOWS\msagent
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Media
2008-08-18 16:06:20 ----D---- C:\WINDOWS\java
2008-08-18 16:06:20 ----D---- C:\WINDOWS\ime
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Help
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Driver Cache
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Debug
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Cursors
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Connection Wizard
2008-08-18 16:06:20 ----D---- C:\WINDOWS\Config
2008-08-18 16:06:20 ----D---- C:\WINDOWS\AppPatch
2008-08-18 16:06:20 ----D---- C:\WINDOWS\addins
2008-08-18 16:06:20 ----D---- C:\WINDOWS
2008-08-18 15:38:04 ----D---- C:\WINDOWS\system32\Lang
2008-08-18 15:34:24 ----D---- C:\Documents and Settings\Adrian\Application Data\Macromedia
2008-08-18 15:32:17 ----D---- C:\Documents and Settings\Adrian\Application Data\Adobe
2008-08-18 15:32:16 ----SHD---- C:\RECYCLER
2008-08-18 15:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-18 14:15:32 ----A---- C:\YServer.txt
2008-08-18 14:15:24 ----D---- C:\Program Files\Yahoo!
2008-08-18 10:43:52 ----D---- C:\Documents and Settings\Adrian\Application Data\Mozilla
2008-08-18 10:43:40 ----SH---- C:\WINDOWS\system32\Smab0.dll
2008-08-18 10:43:40 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2008-08-18 10:43:40 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2008-08-18 10:43:31 ----D---- C:\Program Files\Microsoft Encarta
2008-08-18 10:43:20 ----D---- C:\Program Files\eRightSoft
2008-08-18 10:41:05 ----D---- C:\WINDOWS\Lhsp
2008-08-18 10:40:48 ----D---- C:\WINDOWS\speech
2008-08-18 10:28:18 ----A---- C:\WINDOWS\ODBC.INI
2008-08-18 10:27:59 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-08-18 10:26:59 ----D---- C:\Program Files\Common Files\L&H
2008-08-18 10:26:40 ----D---- C:\Program Files\Microsoft ActiveSync
2008-08-18 10:26:21 ----D---- C:\WINDOWS\pss
2008-08-18 10:26:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-08-18 10:26:02 ----D---- C:\Program Files\Microsoft Works
2008-08-18 10:25:55 ----D---- C:\Program Files\Microsoft Visual Studio
2008-08-18 10:25:42 ----D---- C:\WINDOWS\SHELLNEW
2008-08-18 10:24:29 ----D---- C:\Program Files\Microsoft.NET
2008-08-18 10:24:29 ----D---- C:\Program Files\Microsoft Office
2008-08-18 10:21:44 ----RHD---- C:\MSOCache
2008-08-18 10:17:53 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-08-18 10:16:37 ----RSD---- C:\WINDOWS\assembly
2008-08-18 10:16:36 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-18 10:16:35 ----D---- C:\WINDOWS\system32\URTTemp
2008-08-18 10:16:19 ----D---- C:\Program Files\ATI Technologies
2008-08-18 09:04:38 ----R---- C:\WINDOWS\system32\RtlCPAPI.dll
2008-08-18 09:04:38 ----R---- C:\WINDOWS\system32\ChCfg.exe
2008-08-18 09:04:24 ----D---- C:\WINDOWS\system32\RTCOM
2008-08-18 09:04:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-08-18 09:03:56 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-08-18 09:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-08-18 09:03:53 ----R---- C:\WINDOWS\SoundMan.exe
2008-08-18 09:03:53 ----A---- C:\WINDOWS\SkyTel.exe
2008-08-18 09:03:52 ----R---- C:\WINDOWS\RtlUpd.exe
2008-08-18 09:03:48 ----R---- C:\WINDOWS\RTLCPL.exe
2008-08-18 09:03:41 ----R---- C:\WINDOWS\RTHDCPL.exe
2008-08-18 09:03:39 ----R---- C:\WINDOWS\MicCal.exe
2008-08-18 09:03:37 ----R---- C:\WINDOWS\Alcmtr.exe
2008-08-18 09:03:31 ----R---- C:\WINDOWS\alcwzrd.exe
2008-08-18 09:03:30 ----D---- C:\Program Files\Realtek
2008-08-18 09:03:19 ----R---- C:\WINDOWS\RtlExUpd.dll
2008-08-18 09:01:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-18 09:01:29 ----D---- C:\Program Files\AMD
2008-08-18 09:01:10 ----N---- C:\WINDOWS\system32\nvuide.exe
2008-08-18 09:01:09 ----RA---- C:\WINDOWS\system32\NVCOI.DLL
2008-08-18 09:01:08 ----RA---- C:\WINDOWS\system32\idecoiins.dll
2008-08-18 09:01:08 ----RA---- C:\WINDOWS\system32\idecoi.dll
2008-08-18 09:01:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-18 08:59:43 ----RA---- C:\WINDOWS\system32\fdco_l2052.dll
2008-08-18 08:59:43 ----RA---- C:\WINDOWS\system32\fdco_l1046.dll
2008-08-18 08:59:43 ----RA---- C:\WINDOWS\system32\fdco_l1042.dll
2008-08-18 08:59:43 ----RA---- C:\WINDOWS\system32\fdco_l1041.dll
2008-08-18 08:59:43 ----RA---- C:\WINDOWS\system32\fdco_l1040.dll
2008-08-18 08:59:43 ----RA---- C:\WINDOWS\system32\fdco_l1036.dll
2008-08-18 08:59:43 ----RA---- C:\WINDOWS\system32\fdco_l1034.dll
2008-08-18 08:59:42 ----RA---- C:\WINDOWS\system32\fdco1ins.dll
2008-08-18 08:59:42 ----RA---- C:\WINDOWS\system32\fdco1.dll
2008-08-18 08:59:42 ----RA---- C:\WINDOWS\system32\fdco_l1031.dll
2008-08-18 08:59:42 ----RA---- C:\WINDOWS\system32\fdco_l1028.dll
2008-08-18 08:59:40 ----D---- C:\WINDOWS\NV19001268.TMP
2008-08-18 08:59:40 ----A---- C:\WINDOWS\system32\nvunrm.exe
2008-08-18 08:59:39 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2008-08-18 08:59:39 ----RA---- C:\WINDOWS\system32\bdco1ins.dll
2008-08-18 08:59:39 ----RA---- C:\WINDOWS\system32\bdco1.dll
2008-08-18 08:59:38 ----RA---- C:\WINDOWS\system32\nvusmb.exe
2008-08-18 08:58:20 ----RA---- C:\WINDOWS\system32\NVUNINST.EXE
2008-08-18 08:58:10 ----D---- C:\Program Files\Common Files\InstallShield
2008-07-14 19:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-07-03 17:14:02 ----N---- C:\WINDOWS\system32\xpsp3res.dll

List of drivers

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2005-10-15 29440]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2005-10-15 22016]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [2004-05-05 239488]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2005-10-15 101760]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2005-10-15 670208]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-19 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]

-----------------EOF-----------------
  • 0

#325
amm007
Posted 05 September 2008 - 08:07 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
info.txt logfile of random's system information tool 2008-09-05 22:06:49

Uninstall list

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Chikka Txt Messenger V4-->C:\PROGRA~1\ChikkaV4\Uninstaller.exe
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Encarta Premium Suite 2005-->MsiExec.exe /I{055A00C0-64A6-4248-A026-9745C1E9E159}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Demo-->MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SUPER © Version 2008.bld.30 (Mar 22, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Hosts File

127.0.0.1 localhost

Security center information

AV: AVG Anti-Virus Free

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
  • 0

Advertisements

#326
kahdah
Posted 05 September 2008 - 08:52 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Auotrun.inf
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========
Then run the Hosts expert again then reboot and see if no more redirects.
  • 0

#327
amm007
Posted 05 September 2008 - 06:59 PM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
File/Folder C:\Auotrun.inf not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09062008_085842
  • 0

#328
amm007
Posted 05 September 2008 - 07:00 PM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
reboots still present, btw.
  • 0

#329
kahdah
Posted 05 September 2008 - 07:12 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That is why you needed to reformat all of your drives.
The infecton is an autorun that runs from whatever infected drive it is on and jumps to the other drive.

Nothing is showing in your logs still.

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#330
amm007
Posted 06 September 2008 - 05:14 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 06, 2008 05:43:40
Records in database: 1196376
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 45194
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:33:56

No malware has been detected. The scan area is clean.

The selected area was scanned.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP