Thread: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?
View Single Post
Old 10-09-2008, 12:27 PM   #4 (permalink)
tetonbob
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?
Ok, first thing is that if I understand you correctly, you're trying to delete the folder, C:\Windows\TEMP ? That's a legitimate folder, so you don't want to delete it.

perflib_perfdata* files are created by Windows or other applications. In use means that whatever application created it is still writing to the file. They are harmless. Temp file removers, such as CCleaner or CleanUp, will delete these upon reboot.

Next....

As stated in Step 1 of our pre-posting sticky...

http://www.techsupportforum.com/secu...oval-help.html

Quote:
If you have more than one AntiVirus installed

While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

Therefore, uninstall all but one AntiVirus application using the Add or Remove Programs in the Control Panel before posting your logs. Be sure to leave one up-to-date AntiVirus application installed. If you're unsure about what to do, do nothing, and wait for the advice of the Analyst who helps you.
I see you have more than one Anti-Virus program installed, Avast and AVG 7.5. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
Since AVG 7.5 will see it's end of life by year's end, I would suggest that be the one you uninstall.

-----------------------------------------------------------------------

I do see some signs of inactive infection.

Download HostsXpert.
  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • Click "Make Writable?" in the upper left corner.
  • Click "Restore MS Hosts file" and then click OK.
  • Close HostsXpert.
  • Note: If a custom Hosts file was in place, you'll have to edit those entries back in.

-----------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing)
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe

Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following folder if it exists:

C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1

This is a folder, likely named with two words, which begins with the letters CLOCKR

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------


Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following:

    C:\Documents and Settings\Benim\Application Data\inst.exe

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline