|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
10-09-2008, 11:45 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2008
Posts: 7
OS:
|
Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?
tetonbob,
here is the log.txt Logfile of random's system information tool 1.04 (written by random/random) Run by Benim at 2008-10-09 19:38:59 Microsoft Windows XP Professional Service Pack 2 System drive C: has 2 GB (14%) free of 13 GB Total RAM: 255 MB (22% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40:33, on 9-10-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\WINDOWS\system32\lxcgcoms.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Documents and Settings\Benim\Bureaublad\RSIT.exe C:\Program Files\trend micro\Benim.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing) O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice') O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing) -- End of file - 8485 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AEE4AD0E94FF22AA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39E18B0E-8E43-4ED5-0990-8E41B0D626E4}] C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A491D208-B353-490F-B81A-A8A3DC97042D}] IeHelper Class - C:\WINDOWS\system32\smiehlp.dll [2005-02-10 36864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {014DA6C9-189F-421a-88CD-07CFE51CFF10} - My Search Bar - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL [] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-04-14 579584] "snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "DSS"=C:\WINDOWS\system32\wintcpmod.exe [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-05-09 5724184] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1 [] "DriverMax"=C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2008-10-02 5344600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MindSoft FreeRAM] C:\Program Files\MindSoft\MindSoft Utilities 2008\FreeRAM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean] C:\Cpqs\Scom\srmclean.exe [2001-07-25 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 "WMPNetworkSvc"=3 "TapiSrv"=3 "Schedule"=2 "RDSessMgr"=3 "BthServ"=2 "helpsvc"=2 C:\Documents and Settings\Benim\Menu Start\Programma's\Opstarten MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] WgaLogon.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:Bluetooth Application" "E:\Kazaa Lite K++\KazaaLite.kpp"="E:\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite" "E:\Emule Lite\Emule.exe"="E:\Emule Lite\Emule.exe:*:Disabled:eMule Lite" "C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Disabled:Paltalk Messenger 8.1" "C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Enabled:Wizard Bestanden en instellingen overzetten" "D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe" "C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX01.282\BlueSoleil.exe"="C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX01.282\BlueSoleil.exe:*:Enabled:Bluetooth Application" "C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX00.750\BlueSoleil.exe"="C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX00.750\BlueSoleil.exe:*:Enabled:Bluetooth Application" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe" "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen" "C:\WINDOWS\System32\lxcgcoms.exe"="C:\WINDOWS\System32\lxcgcoms.exe:LocalSubNet:Enabled:2300 Series" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03686ba2-8bca-11dd-975f-0040ca394f76}] shell\AutoRun\command - \StartPortableApps.exe ======List of files/folders created in the last 1 months====== 2008-10-09 19:39:11 ----D---- C:\Program Files\trend micro 2008-10-09 19:38:59 ----D---- C:\rsit 2008-10-09 18:41:07 ----D---- C:\Program Files\Innovative Solutions 2008-10-09 17:37:47 ----D---- C:\Documents and Settings\Benim\Application Data\InterVideo 2008-10-09 17:34:02 ----D---- C:\Program Files\InterVideo 2008-10-08 23:00:33 ----SHD---- C:\Config.Msi 2008-10-07 21:40:52 ----A---- C:\Documents and Settings\Benim\Application Data\inst.exe 2008-10-07 21:40:51 ----D---- C:\Documents and Settings\Benim\Application Data\Vso 2008-10-07 21:32:07 ----D---- C:\Documents and Settings\Benim\Application Data\Canneverbe_Limited 2008-10-07 20:15:51 ----D---- C:\Documents and Settings\Benim\Application Data\Ahead 2008-10-07 14:14:12 ----A---- C:\WINDOWS\ntbtlog.txt 2008-10-06 22:58:07 ----D---- C:\Wizards 2008-10-06 22:53:46 ----D---- C:\Program Files\The Game Creators 2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dswaved.dll 2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmusicd.dll 2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmsynthd.dll 2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmstyled.dll 2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmscripd.dll 2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmloaded.dll 2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmimed.dll 2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmcompod.dll 2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmbandd.dll 2008-10-06 22:35:37 ----A---- C:\WINDOWS\system32\dinput8d.dll 2008-10-06 22:35:36 ----A---- C:\WINDOWS\system32\d3dx9d_35.dll 2008-10-06 22:35:34 ----A---- C:\WINDOWS\system32\d3dx9d_33.dll 2008-10-06 22:35:33 ----A---- C:\WINDOWS\system32\d3dref9.dll 2008-10-06 22:35:33 ----A---- C:\WINDOWS\system32\d3dref8.dll 2008-10-06 22:35:33 ----A---- C:\WINDOWS\system32\d3dref.dll 2008-10-06 22:35:29 ----A---- C:\WINDOWS\system32\d3d9d.dll 2008-10-06 22:35:28 ----A---- C:\WINDOWS\system32\d3d8d.dll 2008-10-06 22:22:42 ----D---- C:\Program Files\Microsoft DirectX SDK (August 2007) 2008-10-06 22:22:10 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2008-10-06 22:22:05 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2008-10-06 22:22:04 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2008-10-06 22:21:56 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2008-10-06 22:21:39 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2008-10-06 22:21:37 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll 2008-10-06 22:21:23 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2008-10-06 22:21:22 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2008-10-06 22:21:08 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2008-10-06 22:20:59 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2008-10-06 22:20:52 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2008-10-06 22:20:42 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2008-10-06 22:20:41 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2008-10-06 22:20:12 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2008-10-06 22:20:07 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2008-10-06 22:20:01 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2008-10-06 22:19:55 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2008-10-06 22:19:53 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2008-10-06 22:19:52 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2008-10-06 22:19:49 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2008-10-06 22:19:47 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2008-10-06 22:19:45 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2008-10-06 22:19:42 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2008-10-06 22:19:39 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2008-10-06 22:19:28 ----D---- C:\Documents and Settings\Benim\Application Data\Macromedia 2008-10-06 22:19:24 ----D---- C:\Documents and Settings\Benim\Application Data\Adobe 2008-10-06 22:19:12 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2008-10-06 22:18:03 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2008-10-06 22:17:57 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2008-10-06 22:17:56 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2008-10-06 22:17:53 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2008-10-06 22:17:48 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2008-10-06 22:17:43 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2008-10-06 22:17:39 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2008-10-06 22:17:34 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2008-10-06 22:17:30 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2008-10-06 22:17:19 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2008-10-06 22:08:37 ----D---- C:\Documents and Settings\Benim\Application Data\WinRAR 2008-10-06 22:03:59 ----D---- C:\Documents and Settings\Benim\Application Data\AVG7 2008-10-06 00:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-04 20  14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS2008-10-04 20 12 ----D---- C:\Program Files\NOS2008-10-04 17:08:17 ----D---- C:\Program Files\Microsoft SQL Server 2008-10-04 16:37:46 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2008-10-04 16:37:46 ----D---- C:\Program Files\Common Files\Merge Modules 2008-10-04 16:37:44 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-04 16:31:59 ----D---- C:\Program Files\Microsoft SDKs 2008-10-03 16:14:23 ----N---- C:\WINDOWS\system32\spmsg.dll 2008-10-03 16:09:38 ----D---- C:\WINDOWS\SxsCaPendDel 2008-10-02 20:13:48 ----D---- C:\Program Files\HijackThis 2008-10-01 18:40:22 ----SHD---- C:\WINDOWS\Folder Settings 2008-10-01 17:13:42 ----SHD---- C:\Folder Settings 2008-10-01 16:39:31 ----D---- C:\Program Files\StyleFolder 2008-09-27 14:50:39 ----A---- C:\WINDOWS\VekaRom.INI 2008-09-26 14:31:58 ----D---- C:\Program Files\HP 2008-09-20 10:26:19 ----A---- C:\WINDOWS\ODBC.INI 2008-09-20 10:25:48 ----A---- C:\WINDOWS\system32\mdimon.dll 2008-09-20 10:22:32 ----D---- C:\Program Files\Common Files\L&H 2008-09-20 10:21:23 ----D---- C:\Program Files\Microsoft ActiveSync 2008-09-20 10:19:43 ----D---- C:\Program Files\Common Files\DESIGNER 2008-09-20 10:19:23 ----D---- C:\Program Files\Microsoft Works 2008-09-20 10:18:50 ----D---- C:\Program Files\Microsoft Visual Studio 2008-09-20 10:17:27 ----D---- C:\WINDOWS\SHELLNEW 2008-09-20 10:16:46 ----D---- C:\Program Files\Microsoft.NET 2008-09-20 10:16:45 ----D---- C:\Program Files\Microsoft Office 2008-09-20 10:16:45 ----D---- C:\Program Files\Common Files\ODBC 2008-09-20 10:13:27 ----RHD---- C:\MSOCache 2008-09-20 10:12:27 ----D---- C:\Program Files\MagicDisc 2008-09-17 07:49:08 ----D---- C:\Documents and Settings\Benim\Application Data\Identities 2008-09-17 07:48:50 ----ASH---- C:\Documents and Settings\Benim\Application Data\desktop.ini 2008-09-17 07:48:49 ----SD---- C:\Documents and Settings\Benim\Application Data\Microsoft ======List of files/folders modified in the last 1 months====== 2008-10-09 19:39:11 ----D---- C:\Program Files 2008-10-09 17:37:00 ----D---- C:\WINDOWS\temp 2008-10-09 17:34:01 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-09 17:25:47 ----RD---- C:\WINDOWS 2008-10-09 17:12:34 ----D---- C:\Program Files\Lx_cats 2008-10-09 17:11:52 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-09 17:11:51 ----HD---- C:\WINDOWS\inf 2008-10-08 23:02:35 ----D---- C:\Program Files\Common Files 2008-10-08 23:00:45 ----SHD---- C:\WINDOWS\Installer 2008-10-08 22:59:06 ----D---- C:\Program Files\Adobe 2008-10-07 21:41:19 ----D---- C:\WINDOWS\system32\drivers 2008-10-07 20:07:54 ----D---- C:\WINDOWS\system32 2008-10-06 23:19:07 ----ASH---- C:\boot.ini 2008-10-06 23:19:07 ----A---- C:\WINDOWS\win.ini 2008-10-06 23:19:07 ----A---- C:\WINDOWS\System.ini 2008-10-06 22:22:24 ----D---- C:\WINDOWS\system32\DirectX 2008-10-06 22:19:10 ----RSD---- C:\WINDOWS\assembly 2008-10-06 22:18:25 ----D---- C:\WINDOWS\Microsoft.NET 2008-10-06 22:02:40 ----D---- C:\Documents and Settings 2008-10-06 16:37:40 ----D---- C:\Program Files\Grisoft 2008-10-04 20:29:26 ----D---- C:\WINDOWS\Downloaded Installations 2008-10-04 20:18:42 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-04 20:14:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-10-04 20:14:39 ----D---- C:\Program Files\Common Files\Adobe 2008-10-04 20:14:25 ----D---- C:\WINDOWS\WinSxS 2008-10-04 17:23:29 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-10-04 16:56:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-04 16:44:36 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-10-03 16:18:47 ----D---- C:\WINDOWS\system32\XPSViewer 2008-10-03 16:18:34 ----D---- C:\WINDOWS\system32\en-us 2008-10-03 16:18:12 ----RSD---- C:\WINDOWS\Fonts 2008-10-03 16 57 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI2008-10-02 22:39:24 ----RHD---- C:\$VAULT$.AVG 2008-10-02 20:07:15 ----D---- C:\WINDOWS\system32\LogFiles 2008-10-02 12:19:36 ----A---- C:\WINDOWS\Okey+.ini 2008-10-01 18:40:26 ----ASHC---- C:\WINDOWS\desktop.ini 2008-09-27 08:48:29 ----D---- C:\Program Files\BitTorrent 2008-09-26 15 15 ----D---- C:\WINDOWS\security2008-09-26 14:46:26 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-25 07:12:47 ----SHD---- C:\WINDOWS\CSC 2008-09-20 10:17:43 ----D---- C:\Program Files\Common Files\System 2008-09-20 10:13:39 ----D---- C:\WINDOWS\system 2008-09-19 16:02:40 ----HD---- C:\WINDOWS\system32\GroupPolicy 2008-09-19 14:55:23 ----SHD---- C:\RECYCLER 2008-09-17 18:04:24 ----D---- C:\Program Files\eMule 2008-09-17 08:43:25 ----D---- C:\WINDOWS\system32\appmgmt 2008-09-17 07:49:15 ----AC---- C:\WINDOWS\OEWABLog.txt 2008-09-15 20:32:48 ----D---- C:\WINDOWS\Prefetch 2008-09-13 10:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-09-11 03:01:48 ----A---- C:\WINDOWS\imsins.BAK 2008-09-10 17:07:29 ----D---- C:\Program Files\Bonjour ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-01-07 821856] R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-14 4224] R1 Avg7RsXP;AVG7 Rezident Driver; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-14 27776] R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-04-05 10760] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 SMTCPMON;Secretmaker TCP monitoring driver; C:\WINDOWS\System32\drivers\smtcpmon.sys [2004-12-29 11729] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-14 4960] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R2 sm;SECUREMAKER driver; C:\WINDOWS\System32\drivers\sm.sys [2007-07-05 30208] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-03-19 96768] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-11-01 533696] R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys [] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [] S3 btaudio;Bluetooth-audioapparaat; C:\WINDOWS\system32\drivers\btaudio.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [] S3 BTDriver;Bluetooth virtuele-communicatiestuurprogramma; C:\WINDOWS\system32\DRIVERS\btport.sys [] S3 BthEnum;Stuurprogramma voor Bluetooth-aanvraagblok; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [] S3 BthPan;Bluetooth-apparaat (PAN - Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Poortstuurprogramma voor Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272640] S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio's; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944] S3 BTKRNL;Bluetooth bus-enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [] S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [] S3 btwmodem;Bluetooth-modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-12 30189] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [] S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [] S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 nm;Stuurprogramma voor Netwerkcontrole; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-07 47360] S3 PsSdk41;PsSdk41; \??\C:\WINDOWS\system32\Drivers\pssdk41.sys [] S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648] S3 RHDISK;RHDISK; \??\K:\_rohos\RHDISK.SYS [] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-09-07 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-04-09 301952] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [] S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva039;XDva039; \??\C:\WINDOWS\system32\XDva039.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-01-07 418816] R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-14 49664] R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-04-05 406528] R2 AVGFwSrv;AVG Firewall; C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe [2008-04-04 838656] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-16 491520] S2 Slave;RA Server; C:\WINDOWS\Slave.exe [] S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-04 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S4 NetTcpPortSharing;Net.Tcp service voor het delen van poorten; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504] -----------------EOF----------------- |
|
     
|
|
10-09-2008, 11:59 AM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,451
OS: 2000 Pro; XP Pro; XP Home
|
Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?
Original log posted 10-02-2008, 02:39 PM
Can't merge topics, or the old one will take precedence, and you'll not be able to reply, since only staff and Original Poster can reply to topics in this section of the forums. IT_Starter wrote: Hello can anyone help me I can't delete my temp folder in C:\windows i'm guessing maybe it's a virus or spyware because it keeps saying : "can't delete Perflib_Perfdata_5f0.dat check if it's in use by another application and try again" I can't find the application so i'm guessing it's a virus or spyware already run hijackthis here's my log: Logfile of HijackThis v1.99.1 Scan saved at 20:15:32, on 2-10-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\explorer.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing) =================================== I will take some time to review these logs, and have some instructions for you afterward.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
10-09-2008, 12:27 PM
|
#4 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,451
OS: 2000 Pro; XP Pro; XP Home
|
Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?
Ok, first thing is that if I understand you correctly, you're trying to delete the folder, C:\Windows\TEMP ? That's a legitimate folder, so you don't want to delete it.
perflib_perfdata* files are created by Windows or other applications. In use means that whatever application created it is still writing to the file. They are harmless. Temp file removers, such as CCleaner or CleanUp, will delete these upon reboot. Next.... As stated in Step 1 of our pre-posting sticky... http://www.techsupportforum.com/secu...oval-help.html Quote:
Any antivirus program must be removed via add/remove program. For any program that doesn't have an add/remove entry, you will have to do this: re-install the program -> reboot -> uninstallSince AVG 7.5 will see it's end of life by year's end, I would suggest that be the one you uninstall. ----------------------------------------------------------------------- I do see some signs of inactive infection. Download HostsXpert.
----------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing) O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe Close HijackThis now. --------------------------------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following folder if it exists: C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1 This is a folder, likely named with two words, which begins with the letters CLOCKR --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune.
For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Please go to: VirusTotal
--------------------------------------------------------------------------------------------- Download fl.zip Extract the contents to a new folder on your Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
|
10-09-2008, 01:17 PM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2008
Posts: 7
OS:
|
Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?
Hi tetonbob, here are the logs:
VirusTotal: Bestand inst.exe ontvangen op 2008.10.04 16:38:21 (CET) Huidig status: Einde Resultaat: 0/36 (0.00%) Geformatteerd Resultaten afdrukken Antivirus Versie Laatst geüpdatet Resultaat AhnLab-V3 2008.10.3.2 2008.10.03 - AntiVir 7.8.1.34 2008.10.04 - Authentium 5.1.0.4 2008.10.04 - Avast 4.8.1248.0 2008.10.04 - AVG 8.0.0.161 2008.10.04 - BitDefender 7.2 2008.10.04 - CAT-QuickHeal 9.50 2008.10.04 - ClamAV 0.93.1 2008.10.04 - DrWeb 4.44.0.09170 2008.10.04 - eSafe 7.0.17.0 2008.10.02 - eTrust-Vet 31.6.6127 2008.10.03 - Ewido 4.0 2008.10.04 - F-Prot 4.4.4.56 2008.10.03 - F-Secure 8.0.14332.0 2008.10.04 - Fortinet 3.113.0.0 2008.10.04 - GData 19 2008.10.04 - Ikarus T3.1.1.34.0 2008.10.04 - K7AntiVirus 7.10.484 2008.10.04 - Kaspersky 7.0.0.125 2008.10.04 - McAfee 5398 2008.10.04 - Microsoft 1.4005 2008.10.04 - NOD32 3494 2008.10.03 - Norman 5.80.02 2008.10.03 - Panda 9.0.0.4 2008.10.04 - PCTools 4.4.2.0 2008.10.04 - Prevx1 V2 2008.10.04 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.10.04 - Sophos 4.34.0 2008.10.04 - Sunbelt 3.1.1675.1 2008.09.27 - Symantec 10 2008.10.04 - TheHacker 6.3.1.0.100 2008.10.03 - TrendMicro 8.700.0.1004 2008.10.03 - VBA32 3.12.8.6 2008.10.03 - ViRobot 2008.10.4.1406 2008.10.04 - VirusBuster 4.5.11.0 2008.10.04 - Extra informatie File size: 87608 bytes MD5...: 254fbca565e049648b0cce2ceadf05d2 SHA1..: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7 SHA512: 9f587078ac71165f4b862f59ffa9279c92d3c84c19080b9f71d3c3a54964a5e0 a8a55d160f7fee7d505ccb41afea9f8720a475de2de50219037a435ccbc55709 PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x402277 timedatestamp.....: 0x44a114a2 (Tue Jun 27 11:21:06 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xc1d4 0xd000 6.39 8b23740868f02bb731a1556e3e89ec4b .rdata 0xe000 0x25c2 0x3000 4.48 1c4aa9b67a1e4fb62d587545d74e9148 .data 0x11000 0x2e48 0x2000 1.28 e79d5ce42e7132af5b6039889e4670ab .rsrc 0x14000 0xb0 0x1000 3.06 cec9b95146f57b35474dc9da6c445146 ( 6 imports ) > newdev.dll: UpdateDriverForPlugAndPlayDevicesW > SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW > KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, WriteConsoleW, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, GetModuleFileNameA, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA > ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken > SHELL32.dll: SHGetFolderPathW > ole32.dll: CLSIDFromString ( 0 exports ) ___________________________________ findlop: Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\All Users\Application Data 04-10-2008 20:14 <DIR> Adobe 09-10-2008 20:49 <DIR> Avg7 19-06-2008 20:29 <DIR> EmailNotifier 04-04-2008 22:37 <DIR> FLEXnet 06-02-2007 16:18 <DIR> Google 09-10-2008 20:47 <DIR> Grisoft 10-02-2007 16:57 <DIR> Messenger Plus! 06-10-2008 22:37 <DIR> Microsoft Help 17-05-2008 17:21 <DIR> NCH Software 17-05-2008 17:21 <DIR> NCH Swift Sound 04-10-2008 20:18 <DIR> NOS 03-04-2008 13:19 <DIR> open download bows body 22-08-2005 13:04 <DIR> QuickTime 27-04-2005 22:15 <DIR> Support.com 06-10-2008 00:45 <DIR> TEMP 02-04-2008 18:20 <DIR> two setup mode load 06-04-2006 16:45 <DIR> Windows Genuine Advantage 21-03-2008 20:40 <DIR> WLInstaller 27-12-2005 16:22 <DIR> Zylom 0 bestand(en) 0 bytes 19 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\Benim\Application Data 08-10-2008 22:59 <DIR> Adobe 07-10-2008 20:15 <DIR> Ahead 07-10-2008 21:32 <DIR> Canneverbe_Limited 09-10-2008 20:03 <DIR> Help 17-09-2008 07:49 <DIR> Identities 08-10-2008 23:01 87.608 inst.exe 09-10-2008 17:37 <DIR> InterVideo 07-10-2008 22:33 <DIR> Macromedia 08-10-2008 23:01 7.887 pcouffin.cat 08-10-2008 23:01 1.144 pcouffin.inf 08-10-2008 23:01 33 pcouffin.log 08-10-2008 23:01 47.360 pcouffin.sys 08-10-2008 23:01 <DIR> Vso 06-10-2008 22:08 <DIR> WinRAR 5 bestand(en) 144.032 bytes 9 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\Default User\Application Data 27-04-2005 21:50 <DIR> . 27-04-2005 21:50 <DIR> .. 27-04-2005 21:50 62 desktop.ini 1 bestand(en) 62 bytes 2 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\LocalService\Application Data Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'AEE4AD0E94FF22AA.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\benims~1\applic~1\creati~1\mapi that show.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'benimsanane' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 04/01/2008 8:00:00 NextRun: 10/09/2008 22:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/08/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 _________________________________ Hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:14:09, on 9-10-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Benim\Bureaublad\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing) O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing) O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [UltraSMS] C:\Program Files\UltraSMS\UltraSMS.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice') O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing) -- End of file - 7773 bytes ________________________________________ |
|
|
|
|
10-09-2008, 01:46 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,451
OS: 2000 Pro; XP Pro; XP Home
|
Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?
P2P - I see you have P2P software ( eMule, Kazaa Lite ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, |
