cannot remove files from temp folder

[kentgrant]

hello, i am a first time user to this forum. i have read the FAQ and your files for newbies to the forum. i have two files in the TEMP directory that will not delete. They are: perflib_perfdata_5a4 and perflib_perfdata_eb4. from what i could gather on the internet, these files are possibly trojan horses or something. My system was being handled by iyogi for one year. I wasn't able to re-subscribe this year but I did buy 3 year subscription to McAfee antivirus ->"managed services" (supported by iyogi) - "mcAfee security as a service". My system has been performing very slow upon startup. response time is somewhat better after 20 or so minutes.

Here is the DDS file you requested:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by manzi at 21:02:12 on 2012-02-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.605 [GMT -8:00]
.
AV: McAfee® Security-as-a-Service Anti-virus *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
D:\WINDOWS\system32\mfevtps.exe
D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
D:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
D:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\common files\mcafee\systemcore\ScriptSn.20120131224931.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [InstallIQUpdater] "d:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [iYogi Support Dock] "d:\program files\iyogi support dock\iYogiSupportDock.exe"
mRun: [McAfee Managed Services Tray] "d:\program files\mcafee\managed virusscan\desktopui\XTray.Exe" /LOGON
mRun: [MVS Splash] "d:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Bomgar_Cleanup_ZD886834316129] cmd.exe /C rd /S /Q "d:\documents and settings\all users\application data\bomgar-scc-4f237a10" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD886834316129 /f
dRun: [Bomgar_Cleanup_ZD974689234] cmd.exe /C rd /S /Q "d:\documents and settings\all users\application data\bomgar-scc-4f237a10" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD974689234 /f
StartupFolder: d:\docume~1\manzi\startm~1\programs\startup\openof~1.lnk - d:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1327680193656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{FD07BE6A-F5A1-4180-AB3D-58B0969DC0E9} : DhcpNameServer = 192.168.0.1 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\manzi\application data\mozilla\firefox\profiles\z9obh6v4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpage.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2012-1-31 461864]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2012-1-27 89624]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-27 652360]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;d:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-5-12 324928]
R2 McShield;McAfee McShield;d:\program files\common files\mcafee\systemcore\mcshield.exe [2012-1-31 166024]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [2012-1-27 148520]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;d:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2012-1-31 291064]
R2 npf;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 RumorServer;McAfee Peer Distribution Service;d:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2012-1-31 291064]
R2 SupportDockService.exe;Support Dock Service;d:\program files\iyogi support dock\services\commagent\SupportDockService.exe [2011-11-18 76288]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-1-27 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2012-1-31 180008]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2012-1-31 59288]
R3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [2012-1-27 87808]
S2 bomgar-scc-1327725078;Bomgar Support Customer Client [1327725078];"d:\documents and settings\all users\application data\bomgar-scc-4f237a10\bomgar-scc.exe" -service:run --> d:\documents and settings\all users\application data\bomgar-scc-4f237a10\bomgar-scc.exe [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2012-1-31 136176]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2012-1-31 136176]
S3 IYSODiskOptimizer;IYSODiskOptimizer;d:\program files\iyogi support dock\pccare\iysoDefragSrv.exe [2012-1-27 263168]
.
=============== Created Last 30 ================
.
2012-02-14 01:18:28 98816 ----a-w- d:\windows\sed.exe
2012-02-14 01:18:28 518144 ----a-w- d:\windows\SWREG.exe
2012-02-14 01:18:28 256000 ----a-w- d:\windows\PEV.exe
2012-02-14 01:18:28 208896 ----a-w- d:\windows\MBR.exe
2012-02-14 01:18:08 -------- d-s---w- D:\ComboFix
2012-02-14 01:03:12 -------- d-----w- d:\documents and settings\manzi\application data\GetRightToGo
2012-02-11 20:50:14 -------- d-----w- d:\documents and settings\manzi\local settings\application data\Adobe
2012-02-09 08:24:50 73728 ----a-w- d:\windows\system32\javacpl.cpl
2012-02-09 08:24:50 472808 ----a-w- d:\windows\system32\deployJava1.dll
2012-02-09 08:09:59 -------- d-----w- d:\documents and settings\manzi\application data\OpenOffice.org
2012-02-09 08:04:03 -------- d-----w- d:\program files\OpenOffice.org 3
2012-02-09 04:13:42 -------- d-----w- d:\windows\system32\wbem\repository\FS
2012-02-09 04:13:42 -------- d-----w- d:\windows\system32\wbem\Repository
2012-02-03 05:02:09 -------- d-sh--w- d:\windows\system32\AI_RecycleBin
2012-02-03 05:01:49 -------- d-----w- d:\program files\W3i
2012-02-03 05:01:48 -------- d-----w- d:\documents and settings\all users\application data\W3i
2012-02-03 05:01:15 -------- d-----w- d:\program files\Free Offers from Freeze.com
2012-02-01 15:08:18 -------- d-----w- d:\documents and settings\manzi\local settings\application data\Deployment
2012-02-01 05:18:49 -------- d-----w- d:\documents and settings\manzi\application data\McAfee
2012-02-01 05:17:40 59288 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2012-02-01 05:17:40 461864 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2012-02-01 05:17:40 180008 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2012-02-01 05:16:59 -------- d-----w- d:\program files\McAfee
2012-01-31 23:42:01 -------- d-----w- d:\documents and settings\manzi\local settings\application data\Temp
2012-01-31 23:37:54 -------- d-----w- d:\documents and settings\manzi\local settings\application data\Google
2012-01-31 23:37:33 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 22:33:47 -------- d-----w- d:\documents and settings\all users\application data\iYogi
2012-01-31 22:26:06 3584 ----a-r- d:\documents and settings\manzi\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2012-01-31 22:26:05 -------- d-----w- d:\program files\Windows Installer Clean Up
2012-01-31 22:25:37 -------- d-----w- d:\program files\MSECACHE
2012-01-31 19:35:39 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-01-31 19:00:34 -------- d-----w- D:\314c0e18011be7ed82d8
2012-01-31 18:48:55 -------- d-----w- D:\accd39976fbc30ce1e0529aeba
2012-01-31 18:27:46 -------- d-----w- D:\583cb7386fec7861a8
2012-01-31 17:56:48 -------- d-----w- D:\f93aa6a07cf61374165c
2012-01-31 17:55:35 -------- d-----w- d:\documents and settings\manzi\local settings\application data\PCHealth
2012-01-31 05:39:02 -------- d-----w- D:\e944c6019f336aac02f4
2012-01-31 05:09:37 -------- d-----w- d:\windows\system32\NtmsData
2012-01-29 04:07:38 -------- d-----w- d:\program files\CleanUp!(2)
2012-01-29 02:06:46 953856 -c----w- d:\windows\system32\dllcache\mfc40u.dll
2012-01-29 02:05:25 617472 -c----w- d:\windows\system32\dllcache\comctl32.dll
2012-01-29 01:49:02 -------- d-----w- d:\documents and settings\manzi\local settings\application data\Spotify
2012-01-29 01:44:52 -------- d-----w- d:\documents and settings\manzi\application data\Spotify
2012-01-28 20:28:39 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware(2)
2012-01-28 20:13:06 40960 -c----w- d:\windows\system32\dllcache\ndproxy.sys
2012-01-28 19:57:14 139656 -c----w- d:\windows\system32\dllcache\rdpwd.sys
2012-01-28 19:56:59 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2012-01-28 19:48:33 -------- d-sh--w- d:\documents and settings\manzi\IECompatCache
2012-01-28 19:27:58 10496 -c----w- d:\windows\system32\dllcache\ndistapi.sys
2012-01-28 19:25:25 45568 -c----w- d:\windows\system32\dllcache\wab.exe
2012-01-28 05:17:51 -------- d-----w- d:\windows\system32\scripting
2012-01-28 05:17:49 -------- d-----w- d:\windows\system32\en
2012-01-28 05:17:49 -------- d-----w- d:\windows\l2schemas
2012-01-28 05:17:48 -------- d-----w- d:\windows\system32\bits
2012-01-28 05:11:23 -------- d-----w- d:\windows\network diagnostic
2012-01-28 05:08:33 -------- d-----w- d:\windows\system32\ReinstallBackups
2012-01-28 04:39:45 20464 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-01-28 04:36:13 -------- d-----w- d:\documents and settings\manzi\local settings\application data\Identities
2012-01-28 02:50:16 -------- d-----w- d:\documents and settings\manzi\application data\Malwarebytes
2012-01-28 02:49:45 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2012-01-28 01:31:58 76800 ------w- d:\windows\system32\qutil.dll
2012-01-28 01:30:55 10752 ------w- d:\windows\system32\smtpapi.dll
2012-01-28 01:05:31 -------- d-----w- d:\windows\pss
2012-01-27 19:29:18 -------- d-sh--w- d:\documents and settings\manzi\PrivacIE
2012-01-27 19:12:07 -------- d-sh--w- d:\documents and settings\manzi\IETldCache
2012-01-27 18:24:25 -------- d-----w- d:\windows\ie8updates
2012-01-27 18:24:11 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2012-01-27 18:24:10 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2012-01-27 18:24:10 602112 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2012-01-27 18:24:10 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2012-01-27 18:24:10 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2012-01-27 18:24:10 2000384 -c----w- d:\windows\system32\dllcache\iertutil.dll
2012-01-27 18:24:10 11081728 -c----w- d:\windows\system32\dllcache\ieframe.dll
2012-01-27 18:22:28 -------- dc-h--w- d:\windows\ie8
2012-01-27 17:00:46 -------- d-----w- d:\windows\ServicePackFiles
2012-01-27 16:45:42 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2012-01-27 16:33:26 456320 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2012-01-27 16:31:02 81920 -c----w- d:\windows\system32\dllcache\fontsub.dll
2012-01-27 16:31:02 119808 -c----w- d:\windows\system32\dllcache\t2embed.dll
2012-01-27 16:30:41 471552 -c----w- d:\windows\system32\dllcache\aclayers.dll
2012-01-27 16:17:27 357888 -c----w- d:\windows\system32\dllcache\srv.sys
2012-01-27 16:16:47 473600 -c----w- d:\windows\system32\dllcache\fastprox.dll
2012-01-27 16:16:47 401408 -c----w- d:\windows\system32\dllcache\rpcss.dll
2012-01-27 16:16:47 284160 -c----w- d:\windows\system32\dllcache\pdh.dll
2012-01-27 16:16:47 227840 -c----w- d:\windows\system32\dllcache\wmiprvse.exe
2012-01-27 16:16:47 110592 -c----w- d:\windows\system32\dllcache\services.exe
2012-01-27 16:16:46 730112 -c----w- d:\windows\system32\dllcache\lsasrv.dll
2012-01-27 16:16:46 718336 -c----w- d:\windows\system32\dllcache\ntdll.dll
2012-01-27 16:16:46 617472 -c----w- d:\windows\system32\dllcache\advapi32.dll
2012-01-27 16:16:46 453120 -c----w- d:\windows\system32\dllcache\wmiprvsd.dll
2012-01-27 16:16:45 2148864 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-27 16:16:44 2192768 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2012-01-27 16:16:43 2027008 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2012-01-27 16:15:45 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2012-01-27 16:15:44 218112 -c----w- d:\windows\system32\dllcache\wordpad.exe
2012-01-27 16:13:23 337408 -c----w- d:\windows\system32\dllcache\netapi32.dll
2012-01-27 16:11:58 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2012-01-27 16:11:57 272128 ------w- d:\windows\system32\drivers\bthport.sys
2012-01-27 16:11:48 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2012-01-27 16:10:19 -------- d-----w- d:\windows\system32\PreInstall
2012-01-27 16:04:02 21728 ----a-w- d:\windows\system32\wucltui.dll.mui
2012-01-27 16:04:02 17632 ----a-w- d:\windows\system32\wuaueng.dll.mui
2012-01-27 16:04:02 15072 ----a-w- d:\windows\system32\wuaucpl.cpl.mui
2012-01-27 16:04:01 15064 ----a-w- d:\windows\system32\wuapi.dll.mui
2012-01-27 16:04:01 -------- d-----w- d:\windows\system32\SoftwareDistribution
2012-01-27 16:02:40 -------- d-sh--w- d:\documents and settings\manzi\UserData
2012-01-27 15:10:34 -------- d-----w- d:\program files\WinPcap
2012-01-27 15:08:15 -------- d-----w- d:\program files\Nmap
2012-01-27 14:55:29 74848 ----a-w- d:\windows\system32\MfeOtlkAddin.dll
2012-01-27 14:55:29 22816 ----a-w- d:\windows\system32\MFEOtlk.dll
2012-01-27 14:55:28 9344 ----a-w- d:\windows\system32\drivers\mfeclnk.sys
2012-01-27 14:55:22 148520 ----a-w- d:\windows\system32\mfevtps.exe
2012-01-27 14:54:59 89624 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2012-01-27 14:54:59 87808 ----a-w- d:\windows\system32\drivers\mferkdet.sys
2012-01-27 14:54:58 119808 ----a-w- d:\windows\system32\drivers\mfeapfk.sys
2012-01-27 14:54:58 -------- d-----w- d:\program files\common files\McAfee
2012-01-27 14:53:19 15080 ----a-w- d:\windows\system32\roboot.exe
2012-01-27 14:51:46 -------- d-----w- d:\program files\iYogi
2012-01-27 14:19:11 -------- d-----w- d:\windows\system32\XPSViewer
2012-01-27 14:18:36 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-27 14:18:17 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-27 14:18:17 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-27 14:18:17 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-27 14:18:17 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2012-01-27 14:18:17 575488 ------w- d:\windows\system32\xpsshhdr.dll
2012-01-27 14:18:17 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2012-01-27 14:18:17 1676288 ------w- d:\windows\system32\xpssvcs.dll
2012-01-27 14:18:17 117760 ------w- d:\windows\system32\prntvpt.dll
2012-01-27 14:18:16 -------- d-----w- D:\4d187ff3d3a73f112853341a97b2
2012-01-27 14:15:26 26144 ----a-w- d:\windows\system32\spupdsvc.exe
2012-01-27 14:15:17 -------- d-----w- d:\program files\MSXML 6.0
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- d:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- d:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- d:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- d:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- d:\windows\system32\schannel.dll
.
============= FINISH: 21:04:45.35 ===============
I have attached the compressed file you asked for and would appreciate your assistance. -thank you kindly, kentgrant

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

Sorry about the delay but most times we get a bit overwhelmed with logs

Perflib_Perfdata_xxx.dat is not a virus. These files are created by performance monitoring programs, including Windows.


Are you experiencing any browser redirects taking you to sites you did not want to go to, or any unwanted pop up windows ?

[kentgrant]

from Ken454..

"Sorry about the delay but most times we get a bit overwhelmed with logs

Perflib_Perfdata_xxx.dat is not a virus. These files are created by performance monitoring programs, including Windows.


Are you experiencing any browser redirects taking you to sites you did not want to go to, or any unwanted pop up windows ? "

Thank you for your response. since Perflib_Perfdata_xxx.dat isn't a virus I guess I'm OK. I haven't experienced any unwanted browser redirects.

[ken545]

We can look a little deeper and make sure there is nothing else to remove.

Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please





OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.