[Resolved] problems ghost files in backup 1 and backup 2

[k911lowe]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:13, on 11/17/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10983 bytes

[Hoov]

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.

First can you explain a little better what your problems is?

Second, we need to see some information about what is happening in your machine.  Please perform the following scan:

• Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • DDS.scr
    
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

[k911lowe]

DDS (Ver_10-11-10.01) - NTFS_AMD64 
Run by ken at  7:29:48.11 on Fri 11/19/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7863.6637 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ken.ken-PC\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360910n915l0344z175a4882y210
uSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64:     IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64:     link filter bho - No File
TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\KEN~1.KEN\AppData\Roaming\Mozilla\Firefox\Profiles\s67k66cb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\program files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ken.ken-PC\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-9 55280]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-9-30 1403200]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-2 2320920]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-11-9 292864]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-9 151040]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-9 233984]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-9 320040]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-9 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-6 1255736]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-9 844320]
S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-9 240160]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-11-19 13:02:14   8199504   ----a-w-   C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{93793430-7C20-43E0-9486-8823824439A8}\mpengine.dll
2010-11-17 16:37:45   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2010-11-13 13:25:39   --------   d-----w-   C:\Program Files (x86)\Total Video Converter
2010-11-10 14:36:12   --------   d-----w-   C:\Users\ken.ken-PC\.gimp-2.6
2010-11-10 14:35:40   --------   d-----w-   C:\Program Files (x86)\GIMP-2.0
2010-11-09 15:39:08   --------   dc-h--w-   C:\PROGRA~3\{7BC48736-44DE-4E73-A789-B700D1778AE5}
2010-11-09 15:39:06   --------   d-----w-   C:\Program Files (x86)\Uniblue
2010-11-09 15:38:53   --------   d-----w-   C:\Users\KEN~1.KEN\AppData\Local\PackageAware
2010-11-03 15:25:48   --------   d-----w-   C:\Users\KEN~1.KEN\AppData\Roaming\Webroot
2010-11-03 15:11:34   961024   ----a-w-   C:\Windows\System32\CPFilters.dll
2010-11-03 15:11:34   641536   ----a-w-   C:\Windows\SysWow64\CPFilters.dll
2010-11-03 15:11:34   552960   ----a-w-   C:\Windows\System32\msdri.dll
2010-11-03 15:11:34   288256   ----a-w-   C:\Windows\System32\MSNP.ax
2010-11-03 15:11:34   258560   ----a-w-   C:\Windows\System32\mpg2splt.ax
2010-11-03 15:11:34   204288   ----a-w-   C:\Windows\SysWow64\MSNP.ax
2010-11-03 15:11:34   199680   ----a-w-   C:\Windows\SysWow64\mpg2splt.ax
2010-11-03 15:11:30   27008   ----a-w-   C:\Windows\System32\drivers\Diskdump.sys
2010-10-29 17:17:47   --------   d-----w-   C:\PROGRA~3\Geek Squad
2010-10-22 16:02:52   --------   d-----w-   C:\Windows\en
2010-10-21 21:06:19   --------   d--h--w-   C:\PROGRA~3\CanonIJSolutionMenu
2010-10-21 21:06:11   --------   d--h--w-   C:\PROGRA~3\CanonIJMyPrinter
2010-10-21 21:05:56   --------   d-----w-   C:\PROGRA~3\CanonIJPLM
2010-10-21 21:01:35   --------   d-----w-   C:\Program Files\Common Files\CANON
2010-10-21 20:58:34   --------   d-----w-   C:\Program Files\Canon
2010-10-21 20:56:43   --------   d-----w-   C:\Program Files (x86)\Canon
2010-10-21 20:14:30   --------   d-----w-   C:\Users\KEN~1.KEN\AppData\Roaming\OpenOffice.org
2010-10-21 19:53:00   48488   ----a-w-   C:\Windows\System32\drivers\fssfltr.sys
2010-10-21 19:52:41   336896   ----a-w-   C:\Windows\System32\CNMLMA0.DLL
2010-10-21 19:52:21   92672   ----a-w-   C:\Windows\System32\CNC560I.dll
2010-10-21 19:52:21   328192   ----a-w-   C:\Windows\System32\CNC560L.dll
2010-10-21 19:52:21   17920   ----a-w-   C:\Windows\System32\CNHMCA6.dll
2010-10-21 19:52:21   1321984   ----a-w-   C:\Windows\System32\CNC560C.dll
2010-10-21 19:51:28   69464   ----a-w-   C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-21 19:51:28   515416   ----a-w-   C:\Windows\SysWow64\XAudio2_5.dll
2010-10-21 19:51:27   523088   ----a-w-   C:\Windows\System32\d3dx10_42.dll
2010-10-21 19:51:27   453456   ----a-w-   C:\Windows\SysWow64\d3dx10_42.dll
2010-10-21 17:55:21   469256   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\1fe580961cb71492d\InstallManager_WLE_WLE.exe
2010-10-21 17:54:58   15712   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\137e93b91cb714922\MeshBetaRemover.exe
2010-10-21 17:54:40   94040   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\86a43a31cb71491a\DSETUP.dll
2010-10-21 17:54:40   525656   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\86a43a31cb71491a\DXSETUP.exe
2010-10-21 17:54:40   1691480   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\86a43a31cb71491a\dsetup32.dll
2010-10-21 17:54:39   94040   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\769e73f1cb714919\DSETUP.dll
2010-10-21 17:54:39   525656   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\769e73f1cb714919\DXSETUP.exe
2010-10-21 17:54:39   1691480   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\769e73f1cb714919\dsetup32.dll
2010-10-21 17:53:50   --------   d-----w-   C:\Users\KEN~1.KEN\AppData\Local\Windows Live
2010-10-21 17:53:21   257024   ----a-w-   C:\Windows\System32\mfreadwrite.dll
2010-10-21 17:53:21   206848   ----a-w-   C:\Windows\System32\mfps.dll
2010-10-21 17:53:21   196608   ----a-w-   C:\Windows\SysWow64\mfreadwrite.dll
2010-10-21 17:53:21   1888256   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2010-10-21 17:53:21   1619456   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-21 17:53:20   4068864   ----a-w-   C:\Windows\System32\mf.dll
2010-10-21 17:53:19   3181568   ----a-w-   C:\Windows\SysWow64\mf.dll

==================== Find3M  ====================

2010-10-19 17:41:44   270720   ------w-   C:\Windows\System32\MpSigStub.exe
2010-10-14 23:44:02   4280320   ----a-w-   C:\Windows\SysWow64\GPhotos.scr
2010-10-13 23:05:04   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2010-09-30 15:15:00   34624   ----a-w-   C:\Windows\System32\TURegOpt.exe
2010-09-30 15:09:36   25920   ----a-w-   C:\Windows\System32\authuitu.dll
2010-09-30 15:09:32   21312   ----a-w-   C:\Windows\SysWow64\authuitu.dll
2010-09-30 15:09:28   36160   ----a-w-   C:\Windows\System32\uxtuneup.dll
2010-09-30 15:09:20   30016   ----a-w-   C:\Windows\SysWow64\uxtuneup.dll
2010-09-23 07:47:28   49016   ----a-w-   C:\Windows\SysWow64\sirenacm.dll
2010-09-23 07:32:56   301936   ----a-w-   C:\Windows\WLXPGSS.SCR
2010-09-21 21:49:02   252800   ----a-w-   C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14   208768   ----a-w-   C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44   135168   ----a-w-   C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43   347648   ----a-w-   C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 18:17:46   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17   1192960   ----a-w-   C:\Windows\System32\wininet.dll
2010-09-08 05:34:34   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04   978432   ----a-w-   C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38   482816   ----a-w-   C:\Windows\System32\html.iec
2010-09-08 03:35:30   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31   386048   ----a-w-   C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2010-09-03 02:23:38   29480   ----a-w-   C:\Windows\SysWow64\msxml3a.dll
2010-09-03 02:23:37   505128   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2010-09-03 02:23:37   353576   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2010-09-03 02:11:11   3   ----a-w-   C:\Windows\System32\PLD_Framework.cmd
2010-09-01 05:12:09   12625920   ----a-w-   C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34   3123712   ----a-w-   C:\Windows\System32\win32k.sys
2010-08-31 04:32:30   954752   ----a-w-   C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30   954288   ----a-w-   C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02   236032   ----a-w-   C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48   9728   ----a-w-   C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04   463360   ----a-w-   C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48   402944   ----a-w-   C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26   161792   ----a-w-   C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28   148992   ----a-w-   C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58   109056   ----a-w-   C:\Windows\SysWow64\t2embed.dll
2010-08-26 02:45:04   161304   ----a-w-   C:\Windows\System32\igfxtray.exe
2010-08-26 02:45:00   508952   ----a-w-   C:\Windows\System32\igfxsrvc.exe
2010-08-26 02:45:00   415256   ----a-w-   C:\Windows\System32\igfxpers.exe
2010-08-26 02:44:56   223768   ----a-w-   C:\Windows\System32\igfxext.exe
2010-08-26 02:44:54   386584   ----a-w-   C:\Windows\System32\hkcmd.exe
2010-08-26 02:44:52   3156504   ----a-w-   C:\Windows\System32\GfxUI.exe
2010-08-26 02:44:48   152600   ----a-w-   C:\Windows\System32\difx64.exe
2010-08-26 02:40:48   90112   ----a-w-   C:\Windows\System32\igfxCoIn_v2202.dll
2010-08-26 02:36:04   10611552   ----a-w-   C:\Windows\System32\drivers\igdkmd64.sys
2010-08-26 02:36:02   6547968   ----a-w-   C:\Windows\System32\igdumd64.dll
2010-08-26 02:31:30   4967424   ----a-w-   C:\Windows\SysWow64\igdumd32.dll
2010-08-26 02:28:22   571904   ----a-w-   C:\Windows\SysWow64\igdumdx32.dll
2010-08-26 02:26:32   4720128   ----a-w-   C:\Windows\System32\igd10umd64.dll
2010-08-26 02:23:14   4411904   ----a-w-   C:\Windows\SysWow64\igd10umd32.dll
2010-08-26 02:17:38   15032832   ----a-w-   C:\Windows\System32\ig4icd64.dll
2010-08-26 02:09:34   11040256   ----a-w-   C:\Windows\SysWow64\ig4icd32.dll
2010-08-26 02:04:48   380416   ----a-w-   C:\Windows\System32\igfxTMM.dll
2010-08-26 02:04:48   243200   ----a-w-   C:\Windows\System32\igfxpph.dll
2010-08-26 02:04:40   27648   ----a-w-   C:\Windows\System32\igfxexps.dll
2010-08-26 02:04:28   61952   ----a-w-   C:\Windows\System32\igfxsrvc.dll
2010-08-26 02:04:00   108032   ----a-w-   C:\Windows\System32\hccutils.dll
2010-08-26 02:03:50   4096   ----a-w-   C:\Windows\System32\IGFXDEVLib.dll
2010-08-26 02:03:50   271360   ----a-w-   C:\Windows\System32\igfxdev.dll
2010-08-26 02:03:50   119808   ----a-w-   C:\Windows\System32\gfxSrvc.dll
2010-08-26 02:03:24   87552   ----a-w-   C:\Windows\System32\igfxrenu.lrc
2010-08-26 02:03:18   830464   ----a-w-   C:\Windows\System32\igfxress.dll
2010-08-26 02:03:18   142336   ----a-w-   C:\Windows\System32\igfxdo.dll
2010-08-26 02:00:00   23552   ----a-w-   C:\Windows\SysWow64\igfxexps32.dll
2010-08-26 01:59:06   228864   ----a-w-   C:\Windows\SysWow64\igfxdv32.dll

============= FINISH:  7:30:23.95 ===============

[Hoov]

First can you explain a little better what your problems is?

You forgot to answer this question at a minimum, and the others if you want to fix this faster.

[k911lowe]

i have 2 backup files that when i try to delete them i get
"could not find this item.This is no longet loctated in C:\Backup\Ken\Downloads.Verify the items location and try again.sorry for the slow replies.

[Hoov]

AH! This is not necessarily a malware issue. If you are absolutely sure that you want to delete these files, then start Hijackthis, but go to the Misc Tools section. Click the button labeled Delete a file on reboot and select one of the files. Then reboot the computer. Now do the same thing for the second file.

If this does not work, there are other tools we can try. Also see if you can move them to your desktop if the the above procedure does not work.

[k911lowe]

i tried that.thats why i thought it might be malware.

[Hoov]

OK, here is another method. Download FileShredder and install it.

In the interface over on the left side click Add File and select the files. Now click Remove Selected

Let me know how that works. If it doesn't, we will get out the bigger guns.

[k911lowe]

"file not found.check the name and try again."did not work.

[Hoov]

I need you to run a scan, just to make sure there are no problems. Once the scan is done, and I can see the log, then if the files are still there, we will use the same tool to get rid of the files. So follow the instructions below, and then I need the name of the file and also the exact Path of the files.


* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[k911lowe]

"Incompatible OS.ComboFix only works for workstations with Windows 2000 and xp."32 bit only.I have Windows 7x64.

[Hoov]

Sorry about that, I get digging after the problem, and forget to look at what OS is being used.

But even that mistake may have shed some light, as it led to a possible answer.

You are not alone with this problem, there are many users with it. I found one very strange solution that I would like you to try. Open windows explorer and go to the folder where the files are, so you can see the files. Then hit the F5 button. See if the files disappear.

Let me know.

[k911lowe]

nope.still there.

[Hoov]

What program did you use to do these backups?
Also can you tell me how big are these files being reported as?

[k911lowe]

files were created when downloaded originally from internet.originals were deleted.backup was created when hard drive was formatted to change parameters.properties say they are "Windows Shell Common". i appreciate your help..................................Ken