| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 97147 | 2009-02-05 16:20:00 | Perflib_Perfdata_xxx.dat files appearing in Windows\Temp | Shadowdrive (14589) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 745314 | 2009-02-05 16:20:00 | Hello . I've noticed on the 29th of January, that Perflib_Perfdata_xxx . dat (the xxx part changes as a new file gets created on each reboot; each file is 16 KB) files have appeared in my C:\Windows\Temp folder . I haven't found much about them by googling, apparently they are supposed to be caused by Disk Monitoring Tools, but I haven't installed anything like that, especially not around the time I've noticed that they've started appearing . I had entered, however, on the 27th a site the status of which was shown as Unknown by Web Security Guard from the Crawler Toolbar . Which led me to thinking that they're caused by some sort of spyware . When I try to delete/scan the most recent Perflib file, it gives me the message: "It is being used by another person or program . ", however I can delete the other ones . I can remove the most recent one as well while in safe mode though . I've tried doing the following: 1 . Made boot-time scan with avast . 2 . Made Custom Scan with Spyware Terminator scanning all files and folders . 3 . Used Disk Cleanup . 4 . Rebooted in safe mode, deleted all of the Perflib files, then made a System Restore to the 25th's System Restore Point . 5 . Installed CCleaner and ran it (didn't bother with Registry stuff though), it cannot delete the most recent Perflib file unless in safe mode . And so the files still keep appearing on each reboot . They may be harmless, but I'd be much less worried if I knew what program is causing them to appear . Now I've installed HijackThis and posting a log from it after a CCleaner run: Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 5:12:00 PM, on 2/5/2009 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm . exe C:\Program Files\Spyware Terminator\sp_rsser . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr . exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv . exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss . exe C:\Program Files\Softwin\BitDefender10\vsserv . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\Softwin\BitDefender10\bdmcon . exe C:\Program Files\Softwin\BitDefender10\bdagent . exe C:\Program Files\ScanSoft\OmniPageSE2 . 0\OpwareSE2 . exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield . exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\OpenOffice . org 2 . 3\program\soffice . exe C:\Program Files\OpenOffice . org 2 . 3\program\soffice . BIN C:\Program Files\ Yahoo! \Messenger\ymsgr_tray . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = . crawler . com/search/dispatcher . aspx?tp=aus&qkw=%s&tbid=60327" target="_blank">www . crawler . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = . crawler . com/search/ie . aspx?tb_id=60327" target="_blank">www . crawler . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = . crawler . com/support/sa_customize . aspx?TbId=60327" target="_blank">dnl . crawler . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = . crawler . com/search/ie . aspx?tb_id=60327" target="_blank">www . crawler . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = . crawler . com/support/sa_customize . aspx?TbId=60327" target="_blank">dnl . crawler . com R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6 . 0\Reader\ActiveX\AcroIEHelper . dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 5 . 0_10\bin\ssv . dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon . exe" /reg O4 - HKLM\ . . \Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent . exe" O4 - HKLM\ . . \Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2 . 0\OpwareSE2 . exe" O4 - HKLM\ . . \Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield . exe" O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKCU\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Messenger ( Yahoo! )] "C:\Program Files\ Yahoo! \Messenger\YahooMessenger . exe" -quiet O4 - HKUS\S-1-5-19\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'Default user') O4 - Startup: OpenOffice . org 2 . 3 . lnk = C:\Program Files\OpenOffice . org 2 . 3\program\quickstart . exe O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_10\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_10\bin\ssv . dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel . exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - . bitdefender . com/resources/scan8/oscan8 . cab" target="_blank">download . bitdefender . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1182955239171" target="_blank">update . microsoft . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{C64BCD36-7FF4-4E8B-9245-7339439D8ACE}: NameServer = 213 . 154 . 124 . 1 193 . 231 . 252 . 1 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S . R . L . - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv . exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler . com - C:\Program Files\Spyware Terminator\sp_rsser . exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S . R . L . - C:\Program Files\Softwin\BitDefender10\vsserv . exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr . exe Thank you in advance for any help given . |
Shadowdrive (14589) | ||
| 745315 | 2009-02-05 19:49:00 | Uninstall Bitdefender or Avast, you dont need both I would update openoffice, its now upto 3.01 Uninstall all versions of Java, its out of date, then update it You can tick these entries then tick fix checked Close browsers O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE |
Speedy Gonzales (78) | ||
| 745316 | 2009-02-05 20:43:00 | Programs such as Diskeeper etc(Optimization utility's) can create Perflib_Perfdataxxx.dat files. Perflib stands for Performance Library and perfdata stands for Performance Data. The files in %USERNAME%\Local Settings\Temp\Perflib_Perfdataxxx.dat. or C:\Documents and Settings\USERNAME\Local Settings\Temp\Perflib_Perfdataxxx.dat should be deleted on shutdown. But, if you have an abormal shutdown(i.e hold the power button down to shutdown), these files won't be deleted and will slowly accumulate. Also, some optimization utilitys may also cause this to happen. In short, they are harmless files but if you really want them off your computer, Disable the Performance Logs and Alerts service in services. (Run>Services.msc) Cheers Blam |
Blam (54) | ||
| 745317 | 2009-02-06 15:45:00 | Uninstall Bitdefender or Avast, you dont need both I'm using Bitdefender for its firewall functionality (disabled its other functionalities as they had conflicted with Spyware Terminator, therefore needed Avast to have something against viruses). I would update openoffice, its now upto 3.01 Decided to uninstall it instead as I don't need it for the time being. Uninstall all versions of Java, its out of date, then update it Okay, done. O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe" Doesn't that turn off Spyware Terminator's real-time shield though? I found it to be useful so far. Ticked the other entries and ticked fix checked. Disable the Performance Logs and Alerts service in services. (Run>Services.msc) Did this, changed from Manual to Disabled, but as I assumed, the files still keep appearing without being deletable in normal mode, as the symptoms of them are different from the ones you've described (didn't shut down the comp abnormally, they started appearing starting by a seemingly random date without me knowing about the installation of any optimization utilities at around that time). There was 1 Perflib_Perfdata_xxx.dat file in C:\Documents and Settings\USERNAME\Local Settings\Temp as well, prior to doing Disk Cleaup and getting CCleaner, but that one could be deleted, as opposed to the recent ones in C:\Windows\Temp. Considering getting Spybot Search & Destroy in case Spyware Terminator couldn't detect some spyware. If that doesn't show any results either, considering getting Unlocker software such as Unlocker 1.8.7, which is supposed to be able to show what application is using a file when someone gets the "It is being used by another application" message. Only problem is that I've heard both good and bad comments about that particular software, so I'm not sure if I should get that. Here's a fresh HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:34:00 PM, on 2/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.crawler.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.crawler.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.crawler.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe" O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C64BCD36-7FF4-4E8B-9245-7339439D8ACE}: NameServer = 213.154.124.1 193.231.252.1 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe Thank you for the help so far guys. |
Shadowdrive (14589) | ||
| 745318 | 2009-02-06 19:35:00 | You can tick these entries then tick fix checked Close browsers O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" If you dont use the language bar, you can tick these O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') Are you in Romania? |
Speedy Gonzales (78) | ||
| 745319 | 2009-02-07 12:04:00 | Ticked the entries and ticked fix checked . Thank you for the help so far . Are you in Romania? Yeah; a friend of mine has recommended for me to ask for help here, since apparently this is one of the best places to ask for help at . Here's a fresh HJT log: Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 1:58:03 PM, on 2/7/2009 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Java\jre6\bin\jqs . exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm . exe C:\Program Files\Spyware Terminator\sp_rsser . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr . exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv . exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss . exe C:\Program Files\Softwin\BitDefender10\vsserv . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\Softwin\BitDefender10\bdmcon . exe C:\Program Files\Softwin\BitDefender10\bdagent . exe C:\Program Files\ScanSoft\OmniPageSE2 . 0\OpwareSE2 . exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield . exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\Program Files\ Yahoo! \Messenger\ymsgr_tray . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\PROGRA~1\Crawler\Toolbar\CToolbar . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = . crawler . com/search/dispatcher . aspx?tp=aus&qkw=%s&tbid=60327" target="_blank">www . crawler . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = . crawler . com/search/ie . aspx?tb_id=60327" target="_blank">www . crawler . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = . crawler . com/support/sa_customize . aspx?TbId=60327" target="_blank">dnl . crawler . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = . crawler . com/search/ie . aspx?tb_id=60327" target="_blank">www . crawler . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = . crawler . com/support/sa_customize . aspx?TbId=60327" target="_blank">dnl . crawler . com R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6 . 0\Reader\ActiveX\AcroIEHelper . dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon . exe" /reg O4 - HKLM\ . . \Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent . exe" O4 - HKLM\ . . \Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2 . 0\OpwareSE2 . exe" O4 - HKLM\ . . \Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield . exe" O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel . exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - . bitdefender . com/resources/scan8/oscan8 . cab" target="_blank">download . bitdefender . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1182955239171" target="_blank">update . microsoft . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{C64BCD36-7FF4-4E8B-9245-7339439D8ACE}: NameServer = 213 . 154 . 124 . 1 193 . 231 . 252 . 1 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr . dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S . R . L . - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv . exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler . com - C:\Program Files\Spyware Terminator\sp_rsser . exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S . R . L . - C:\Program Files\Softwin\BitDefender10\vsserv . exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr . exe The Perflib files still keep appearing so if anyone has any further ideas on what is causing them to appear or on how to find out what is causing them to appear, it'd be greatly appreciated . |
Shadowdrive (14589) | ||
| 745320 | 2009-02-07 21:00:00 | Those files youre seeing can appear if you dont shut a computer down properly (support.microsoft.com) I wouldnt worry about it The log is fine |
Speedy Gonzales (78) | ||
| 745321 | 2009-02-08 15:05:00 | Well they didn't accumulate under %SystemRoot%\System32, and the comp was shut down properly each time, but thank you for taking your time to find that link anyway and for looking over the logs. Anyway, now installed Unlocker 1.8.7 in the meanwhile and when used it on the 3 undeletable Perflib files to check what applications are using them, it gave me one of these applications for each. C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe So I guess I was worried unnecessarily either way. Just strange though that they started appearing out of nowhere (and at start, only 1 file was undeletable, a few days later 2 and the 3rd one appeared a bit before reinstalling Java), but eh. |
Shadowdrive (14589) | ||
| 1 | |||||