Author Topic: Unknown files appearing on my c drive??? (Read 663 times)

ydrog3 · « **on:** February 14, 2007, 11:23:43 PM »

Recently, when I open up my c drive some weird files keep showing up, I dont know their origin, but, here are a couple names
of the folders,

0cd3f4372abaa3d7d2a560eee3
4d6cbd236715b24f2403f6074d4e
4d6f14022eb02bca6c657c46d522

within each folder, theres a notepad log, containing something like,

(this is only a portion, its much longer)

=== Verbose logging started: 11/02/2007 3:01:48 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI © (50:A4) [03:01:48:251]: Resetting cached policy values
MSI © (50:A4) [03:01:48:251]: Machine policy value 'Debug' is 0
MSI © (50:A4) [03:01:48:251]: ******* RunEngine:
******* Product: c:\9a443483b902f985f0e844\msxml.msi
******* Action:
******* CommandLine: **********
MSI © (50:A4) [03:01:48:251]: Client-side and UI is none or basic: Running entire install on the server.
MSI © (50:A4) [03:01:48:251]: Grabbed execution mutex.
MSI © (50:A4) [03:01:48:551]: Cloaking enabled.
MSI © (50:A4) [03:01:48:551]: Attempting to enable all disabled priveleges before calling Install on Server
MSI © (50:A4) [03:01:48:561]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (F0:84) [03:01:48:711]: Grabbed execution mutex.
MSI (s) (F0:50) [03:01:48:711]: Resetting cached policy values
MSI (s) (F0:50) [03:01:48:711]: Machine policy value 'Debug' is 0
MSI (s) (F0:50) [03:01:48:711]: ******* RunEngine:
******* Product: c:\9a443483b902f985f0e844\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (F0:50) [03:01:49:012]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (F0:50) [03:01:49:322]: End dialog not enabled
MSI (s) (F0:50) [03:01:49:322]: Original package ==> c:\9a443483b902f985f0e844\msxml.msi
MSI (s) (F0:50) [03:01:49:322]: Package we're running from ==> c:\WINDOWS\Installer\1a45db5.msi
MSI (s) (F0:50) [03:01:49:392]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F0:50) [03:01:49:392]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F0:50) [03:01:49:452]: MSCOREE not loaded loading copy from system32
MSI (s) (F0:50) [03:01:49:693]: Machine policy value 'DisablePatch' is 0
MSI (s) (F0:50) [03:01:49:693]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (F0:50) [03:01:49:693]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (F0:50) [03:01:49:693]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (F0:50) [03:01:49:733]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F0:50) [03:01:49:733]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F0:50) [03:01:49:733]: Transforms are not secure.
MSI (s) (F0:50) [03:01:49:733]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\9a443483b902f985f0e844 CLIENTUILEVEL=3 CLIENTPROCESSID=5456
MSI (s) (F0:50) [03:01:49:733]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (F0:50) [03:01:49:733]: Product Code passed to Engine.Initialize: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (F0:50) [03:01:49:733]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (F0:50) [03:01:49:733]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (F0:50) [03:01:49:733]: Product registered: entering maintenance mode
MSI (s) (F0:50) [03:01:49:733]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
MSI (s) (F0:50) [03:01:49:733]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (s) (F0:50) [03:01:49:743]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (F0:50) [03:01:49:743]: Specifed source is not already in a list.
MSI (s) (F0:50) [03:01:49:743]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (F0:50) [03:01:49:753]: Machine policy value 'DisableBrowse' is 0
MSI (s) (F0:50) [03:01:49:753]: Machine policy value 'AllowLockdownBrowse' is 0
MSI (s) (F0:50) [03:01:49:753]: Adding new sources is allowed.
MSI (s) (F0:50) [03:01:49:753]: Package name retrieved from configuration data: 'msxml.msi'
MSI (s) (F0:50) [03:01:49:753]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI (s) (F0:50) [03:01:49:843]: Note: 1: 2729
MSI (s) (F0:50) [03:01:49:933]: Note: 1: 2729
MSI (s) (F0:50) [03:01:49:933]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (F0:50) [03:01:49:933]: Machine policy value 'DisableMsi' is 0
MSI (s) (F0:50) [03:01:49:933]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:50) [03:01:49:933]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:50) [03:01:49:993]: Product {37477865-A3F1-4772-AD43-AAFC6BCFF99F} is admin assigned: LocalSystem owns the publish key.
MSI (s) (F0:50) [03:01:49:993]: Product {37477865-A3F1-4772-AD43-AAFC6BCFF99F} is managed.
MSI (s) (F0:50) [03:01:49:993]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (F0:50) [03:01:49:993]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (F0:50) [03:01:49:993]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\9a443483b902f985f0e844'.
MSI (s) (F0:50) [03:01:49:993]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (F0:50) [03:01:49:993]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '5456'.
MSI (s) (F0:50) [03:01:49:993]: TRANSFORMS property is now:
MSI (s) (F0:50) [03:01:49:993]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '1033'.
MSI (s) (F0:50) [03:01:49:993]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (F0:50) [03:01:50:063]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (F0:50) [03:01:50:063]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (F0:50) [03:01:50:063]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (F0:50) [03:01:50:063]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (F0:50) [03:01:50:063]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (F0:50) [03:01:50:063]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (F0:50) [03:01:50:073]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (F0:50) [03:01:50:073]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (F0:50) [03:01:50:073]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (F0:50) [03:01:50:073]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (F0:50) [03:01:50:073]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (F0:50) [03:01:50:253]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (F0:50) [03:01:50:304]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (F0:50) [03:01:50:304]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (F0:50) [03:01:50:314]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (F0:50) [03:01:50:314]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (F0:50) [03:01:50:314]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools
MSI (s) (F0:50) [03:01:50:344]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (F0:50) [03:01:50:344]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (F0:50) [03:01:50:344]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (F0:50) [03:01:50:344]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (F0:50) [03:01:50:374]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (F0:50) [03:01:50:374]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (s) (F0:50) [03:01:50:424]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (F0:50) [03:01:50:464]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (F0:50) [03:01:50:464]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Gord Whiffen'.
MSI (s) (F0:50) [03:01:50:464]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (F0:50) [03:01:50:464]: PROPERTY CHANGE: Adding Installed property. Its value is '00:00:00'.
MSI (s) (F0:50) [03:01:50:464]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\1a45db5.msi'.
MSI (s) (F0:50) [03:01:50:464]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\9a443483b902f985f0e844\msxml.msi'.
MSI (s) (F0:50) [03:01:50:464]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (F0:50) [03:01:50:464]: Machine policy value 'DisableRollback' is 0
MSI (s) (F0:50) [03:01:50:464]: User policy value 'DisableRollback' is 0
MSI (s) (F0:50) [03:01:50:464]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 11/02/2007 3:01:50 ===
MSI (s) (F0:50) [03:01:50:464]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (F0:50) [03:01:50:464]: Doing action: INSTALL
MSI (s) (F0:50) [03:01:50:484]: Running ExecuteSequence
MSI (s) (F0:50) [03:01:50:484]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 3:01:50: INSTALL.

***********************************

I've ran my updated virus check, but it doesnt see anything, so I thought I'd throw up a HIJack this log, to see if I've missed something,

thanks, for any feedback, heres the log,

Logfile of HijackThis v1.99.1
Scan saved at 11:22:03 PM, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System320THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firegraphic.com\Firegraphic 6\Firegraphic.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lakeheadu.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System320THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB45D259-B4DC-41CE-A038-FEAA629C664A}: NameServer = 216.211.26.14 216.211.26.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

guestolo · « **Reply #1 on:** February 17, 2007, 10:00:45 AM »

They look like randomly generated folders for Windows updates
Here's an example of such update
http://support.microsoft.com/?kbid=927978

They are safe, but take note
Although it is optional, you can remove the log file and the folder.

TheTechGuide Forum

News:

Author Topic: Unknown files appearing on my c drive??? (Read 663 times)

ydrog3

Unknown files appearing on my c drive???

guestolo

Unknown files appearing on my c drive???