Tech Support Forum - View Single Post - Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?

IT_Starter · 10-09-2008, 01:17 PM

Hi tetonbob, here are the logs:

VirusTotal:

Bestand inst.exe ontvangen op 2008.10.04 16:38:21 (CET)
Huidig status: Einde

Resultaat: 0/36 (0.00%)
Geformatteerd Resultaten afdrukken
Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 -
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.04 -
BitDefender 7.2 2008.10.04 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.04 -
DrWeb 4.44.0.09170 2008.10.04 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6127 2008.10.03 -
Ewido 4.0 2008.10.04 -
F-Prot 4.4.4.56 2008.10.03 -
F-Secure 8.0.14332.0 2008.10.04 -
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.04 -
Ikarus T3.1.1.34.0 2008.10.04 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.04 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.04 -
NOD32 3494 2008.10.03 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.04 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.04 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.04 -
Sophos 4.34.0 2008.10.04 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.04 -
TheHacker 6.3.1.0.100 2008.10.03 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.03 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -
Extra informatie
File size: 87608 bytes
MD5...: 254fbca565e049648b0cce2ceadf05d2
SHA1..: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c
SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7
SHA512: 9f587078ac71165f4b862f59ffa9279c92d3c84c19080b9f71d3c3a54964a5e0
a8a55d160f7fee7d505ccb41afea9f8720a475de2de50219037a435ccbc55709
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x402277
timedatestamp.....: 0x44a114a2 (Tue Jun 27 11:21:06 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xc1d4 0xd000 6.39 8b23740868f02bb731a1556e3e89ec4b
.rdata 0xe000 0x25c2 0x3000 4.48 1c4aa9b67a1e4fb62d587545d74e9148
.data 0x11000 0x2e48 0x2000 1.28 e79d5ce42e7132af5b6039889e4670ab
.rsrc 0x14000 0xb0 0x1000 3.06 cec9b95146f57b35474dc9da6c445146

( 6 imports )
> newdev.dll: UpdateDriverForPlugAndPlayDevicesW
> SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW
> KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, WriteConsoleW, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, GetModuleFileNameA, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA
> ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken
> SHELL32.dll: SHGetFolderPathW
> ole32.dll: CLSIDFromString

( 0 exports )
___________________________________

findlop:

Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\All Users\Application Data

04-10-2008 20:14 <DIR> Adobe
09-10-2008 20:49 <DIR> Avg7
19-06-2008 20:29 <DIR> EmailNotifier
04-04-2008 22:37 <DIR> FLEXnet
06-02-2007 16:18 <DIR> Google
09-10-2008 20:47 <DIR> Grisoft
10-02-2007 16:57 <DIR> Messenger Plus!
06-10-2008 22:37 <DIR> Microsoft Help
17-05-2008 17:21 <DIR> NCH Software
17-05-2008 17:21 <DIR> NCH Swift Sound
04-10-2008 20:18 <DIR> NOS
03-04-2008 13:19 <DIR> open download bows body
22-08-2005 13:04 <DIR> QuickTime
27-04-2005 22:15 <DIR> Support.com
06-10-2008 00:45 <DIR> TEMP
02-04-2008 18:20 <DIR> two setup mode load
06-04-2006 16:45 <DIR> Windows Genuine Advantage
21-03-2008 20:40 <DIR> WLInstaller
27-12-2005 16:22 <DIR> Zylom
0 bestand(en) 0 bytes
19 map(pen) 2.153.799.680 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\Benim\Application Data

08-10-2008 22:59 <DIR> Adobe
07-10-2008 20:15 <DIR> Ahead
07-10-2008 21:32 <DIR> Canneverbe_Limited
09-10-2008 20:03 <DIR> Help
17-09-2008 07:49 <DIR> Identities
08-10-2008 23:01 87.608 inst.exe
09-10-2008 17:37 <DIR> InterVideo
07-10-2008 22:33 <DIR> Macromedia
08-10-2008 23:01 7.887 pcouffin.cat
08-10-2008 23:01 1.144 pcouffin.inf
08-10-2008 23:01 33 pcouffin.log
08-10-2008 23:01 47.360 pcouffin.sys
08-10-2008 23:01 <DIR> Vso
06-10-2008 22:08 <DIR> WinRAR
5 bestand(en) 144.032 bytes
9 map(pen) 2.153.799.680 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\Default User\Application Data

27-04-2005 21:50 <DIR> .
27-04-2005 21:50 <DIR> ..
27-04-2005 21:50 62 desktop.ini
1 bestand(en) 62 bytes
2 map(pen) 2.153.799.680 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\LocalService\Application Data

Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AEE4AD0E94FF22AA.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\benims~1\applic~1\creati~1\mapi that show.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'benimsanane'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/01/2008 8:00:00
NextRun: 10/09/2008 22:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/08/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

_________________________________

Hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:09, on 9-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Benim\Bureaublad\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [UltraSMS] C:\Program Files\UltraSMS\UltraSMS.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice')
O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)

--
End of file - 7773 bytes
________________________________________

10-09-2008, 01:17 PM	#5 (permalink)
IT_Starter Registered User Join Date: Oct 2008 Posts: 7 OS:	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? Hi tetonbob, here are the logs: VirusTotal: Bestand inst.exe ontvangen op 2008.10.04 16:38:21 (CET) Huidig status: Einde Resultaat: 0/36 (0.00%) Geformatteerd Resultaten afdrukken Antivirus Versie Laatst geüpdatet Resultaat AhnLab-V3 2008.10.3.2 2008.10.03 - AntiVir 7.8.1.34 2008.10.04 - Authentium 5.1.0.4 2008.10.04 - Avast 4.8.1248.0 2008.10.04 - AVG 8.0.0.161 2008.10.04 - BitDefender 7.2 2008.10.04 - CAT-QuickHeal 9.50 2008.10.04 - ClamAV 0.93.1 2008.10.04 - DrWeb 4.44.0.09170 2008.10.04 - eSafe 7.0.17.0 2008.10.02 - eTrust-Vet 31.6.6127 2008.10.03 - Ewido 4.0 2008.10.04 - F-Prot 4.4.4.56 2008.10.03 - F-Secure 8.0.14332.0 2008.10.04 - Fortinet 3.113.0.0 2008.10.04 - GData 19 2008.10.04 - Ikarus T3.1.1.34.0 2008.10.04 - K7AntiVirus 7.10.484 2008.10.04 - Kaspersky 7.0.0.125 2008.10.04 - McAfee 5398 2008.10.04 - Microsoft 1.4005 2008.10.04 - NOD32 3494 2008.10.03 - Norman 5.80.02 2008.10.03 - Panda 9.0.0.4 2008.10.04 - PCTools 4.4.2.0 2008.10.04 - Prevx1 V2 2008.10.04 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.10.04 - Sophos 4.34.0 2008.10.04 - Sunbelt 3.1.1675.1 2008.09.27 - Symantec 10 2008.10.04 - TheHacker 6.3.1.0.100 2008.10.03 - TrendMicro 8.700.0.1004 2008.10.03 - VBA32 3.12.8.6 2008.10.03 - ViRobot 2008.10.4.1406 2008.10.04 - VirusBuster 4.5.11.0 2008.10.04 - Extra informatie File size: 87608 bytes MD5...: 254fbca565e049648b0cce2ceadf05d2 SHA1..: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7 SHA512: 9f587078ac71165f4b862f59ffa9279c92d3c84c19080b9f71d3c3a54964a5e0 a8a55d160f7fee7d505ccb41afea9f8720a475de2de50219037a435ccbc55709 PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x402277 timedatestamp.....: 0x44a114a2 (Tue Jun 27 11:21:06 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xc1d4 0xd000 6.39 8b23740868f02bb731a1556e3e89ec4b .rdata 0xe000 0x25c2 0x3000 4.48 1c4aa9b67a1e4fb62d587545d74e9148 .data 0x11000 0x2e48 0x2000 1.28 e79d5ce42e7132af5b6039889e4670ab .rsrc 0x14000 0xb0 0x1000 3.06 cec9b95146f57b35474dc9da6c445146 ( 6 imports ) > newdev.dll: UpdateDriverForPlugAndPlayDevicesW > SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW > KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, WriteConsoleW, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, GetModuleFileNameA, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA > ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken > SHELL32.dll: SHGetFolderPathW > ole32.dll: CLSIDFromString ( 0 exports ) ___________________________________ findlop: Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\All Users\Application Data 04-10-2008 20:14 <DIR> Adobe 09-10-2008 20:49 <DIR> Avg7 19-06-2008 20:29 <DIR> EmailNotifier 04-04-2008 22:37 <DIR> FLEXnet 06-02-2007 16:18 <DIR> Google 09-10-2008 20:47 <DIR> Grisoft 10-02-2007 16:57 <DIR> Messenger Plus! 06-10-2008 22:37 <DIR> Microsoft Help 17-05-2008 17:21 <DIR> NCH Software 17-05-2008 17:21 <DIR> NCH Swift Sound 04-10-2008 20:18 <DIR> NOS 03-04-2008 13:19 <DIR> open download bows body 22-08-2005 13:04 <DIR> QuickTime 27-04-2005 22:15 <DIR> Support.com 06-10-2008 00:45 <DIR> TEMP 02-04-2008 18:20 <DIR> two setup mode load 06-04-2006 16:45 <DIR> Windows Genuine Advantage 21-03-2008 20:40 <DIR> WLInstaller 27-12-2005 16:22 <DIR> Zylom 0 bestand(en) 0 bytes 19 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\Benim\Application Data 08-10-2008 22:59 <DIR> Adobe 07-10-2008 20:15 <DIR> Ahead 07-10-2008 21:32 <DIR> Canneverbe_Limited 09-10-2008 20:03 <DIR> Help 17-09-2008 07:49 <DIR> Identities 08-10-2008 23:01 87.608 inst.exe 09-10-2008 17:37 <DIR> InterVideo 07-10-2008 22:33 <DIR> Macromedia 08-10-2008 23:01 7.887 pcouffin.cat 08-10-2008 23:01 1.144 pcouffin.inf 08-10-2008 23:01 33 pcouffin.log 08-10-2008 23:01 47.360 pcouffin.sys 08-10-2008 23:01 <DIR> Vso 06-10-2008 22:08 <DIR> WinRAR 5 bestand(en) 144.032 bytes 9 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\Default User\Application Data 27-04-2005 21:50 <DIR> . 27-04-2005 21:50 <DIR> .. 27-04-2005 21:50 62 desktop.ini 1 bestand(en) 62 bytes 2 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\LocalService\Application Data Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'AEE4AD0E94FF22AA.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\benims~1\applic~1\creati~1\mapi that show.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'benimsanane' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 04/01/2008 8:00:00 NextRun: 10/09/2008 22:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/08/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 _________________________________ Hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:14:09, on 9-10-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Benim\Bureaublad\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing) O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing) O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [UltraSMS] C:\Program Files\UltraSMS\UltraSMS.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice') O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing) -- End of file - 7773 bytes ________________________________________