AVG 9.0 has detected Win32/Patched.CG a few days ago, and Malwarebytes' Anti-Malware can't seem to detect it. I'm also always redirected to a random site when I click on a link in Google search results. Not sure if both problems are related.

did a registry backup using ERUNT.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:30 AM, on 2/4/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Compal\TmlCMode\TmlCMode.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: User-mode service for AzBusFix (AzBusFixService) - Conexant Systems, Inc. - C:\Windows\system32\AzBusMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10244 bytes

someone posted last month regarding the same problem, but I don't understand what's going on in that thread, so I posted my own.

Thanks!

Hello Xephyria and welcome to the forums here at Spybot S&D.

You most likely have a rootkit that will hide from many of our tools.

Download This file (http://www.gmer.net/download.php). Note its name and save it to your root folder, such as C:\.


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

+++++++++++++++++++

Run OTL

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT


Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Hi IndiGenus,

here's the cotent from Results.log:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-02 16:45:50
Windows 6.1.7600
Running: l2jvydt3.exe; Driver: C:\Users\Xephyria\AppData\Local\Temp\ffldakow.sys


---- Devices - GMER 1.0.15 ----

Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice tvtumon.sys (Windows Update Monitor Driver/Lenovo)

Device -> \Driver\atapi \Device\Harddisk0\DR0 864F7CA1
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000087 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000089 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- System - GMER 1.0.15 ----

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0D898
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0E2D8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25104
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E251DC
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E253F4
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E256F8
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25958
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25AF8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E261A8

---- Files - GMER 1.0.15 ----

File C:\$WINDOWS.~Q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\Immunology Problem 4\Immunology Problem 4\_desktop.ini 9 bytes
File C:\$WINDOWS.~Q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\MSN Encarta - Virus (life science)_files\OvertureAd_files\_desktop.ini 9 bytes
File C:\$WINDOWS.~Q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\Rediscovering Biology - Online Textbook Unit 13 Genetically Modi\_desktop.ini 9 bytes

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe[2032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe[2032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe[2032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe[2032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe[2032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe[2032] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[5992] ntdll.dll!KiUserExceptionDispatcher 77B06448 5 Bytes JMP 0046000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5992] ntdll.dll!NtProtectVirtualMemory 77B05360 5 Bytes JMP 0049000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5992] ntdll.dll!NtWriteVirtualMemory 77B05EE0 5 Bytes JMP 004A000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74894C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74898573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74894D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7489E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74885624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74898819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7489907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[3484] ntdll.dll!KiUserExceptionDispatcher 77B06448 5 Bytes JMP 0051000A
.text C:\Windows\Explorer.EXE[3484] ntdll.dll!NtProtectVirtualMemory 77B05360 5 Bytes JMP 0052000A
.text C:\Windows\Explorer.EXE[3484] ntdll.dll!NtWriteVirtualMemory 77B05EE0 5 Bytes JMP 0053000A

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[948] ntdll.dll!KiUserExceptionDispatcher 77B06448 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtProtectVirtualMemory 77B05360 5 Bytes JMP 002F000A
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 77B05EE0 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[948] ole32.dll!CoCreateInstance 766257FC 3 Bytes JMP 00EE000A
.text C:\Windows\system32\svchost.exe[948] ole32.dll!CoCreateInstance + 4 76625800 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[948] USER32.dll!GetCursorPos 77C2C198 5 Bytes JMP 00EF000A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2f7c64c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2f7c64c@001bfc12e72c 0xDE 0x94 0x02 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@DeviceRemoteWakeSupported 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@ExtPropDescSemaphore 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@RemoteWakeEnabled 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range 8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName \??\USB#VID_0A5C&PID_2150#001E4CCFDF1A#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName \??\USB#VID_0A5C&PID_2150#001E4CCFDF1A#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f7c64c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f7c64c@001bfc12e72c 0xDE 0x94 0x02 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@DeviceRemoteWakeSupported 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@ExtPropDescSemaphore 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@RemoteWakeEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range 8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels 2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName \??\USB#VID_0A5C&PID_2150#001E4CCFDF1A#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName \??\USB#VID_0A5C&PID_2150#001E4CCFDF1A#{a5dcbf10-6530-11d2-901f-00c04fb951ed}

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAA052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E855C9 1 Byte [06]
.text peauth.sys 9DF59C9D 28 Bytes [DE, DC, 89, 1B, 3D, 78, 1E, ...]
.text peauth.sys 9DF59CC1 28 Bytes [DE, DC, 89, 1B, 3D, 78, 1E, ...]

---- EOF - GMER 1.0.15 ----

contents in OTL.txt:


OTL logfile created on: 2/4/2010 4:51:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Xephyria\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.81 Gb Total Space | 57.21 Gb Free Space | 22.63% Space Free | Partition Type: NTFS
Drive D: | 30.52 Gb Total Space | 1.31 Gb Free Space | 4.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XEPHYRIA-PC
Current User Name: Xephyria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/02 16:49:11 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Xephyria\Desktop\OTL.exe
PRC - [2010/04/02 09:55:16 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/02 09:55:11 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/30 00:46:12 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/14 08:36:30 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/14 08:36:29 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/14 08:36:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 08:36:25 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/26 16:39:18 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/08/11 16:09:52 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2009/08/11 16:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009/08/11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 12:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/25 09:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/28 19:23:18 | 000,060,928 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\AzBusMon.exe
PRC - [2009/04/23 02:11:32 | 002,742,840 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2009/03/04 19:43:22 | 000,209,216 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2008/08/12 09:47:28 | 000,352,256 | ---- | M] (Compal Electronic Inc.) -- C:\Program Files\Compal\TmlCMode\TmlCMode.exe
PRC - [2008/05/06 14:09:44 | 000,272,832 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/04/24 10:59:40 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/02/15 07:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2008/01/12 11:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/04/02 16:49:11 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Xephyria\Desktop\OTL.exe
MOD - [2009/07/14 12:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 12:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 12:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 12:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 12:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 12:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 12:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 12:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 12:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 12:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 12:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/14 08:36:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 12:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 12:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 12:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 12:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 12:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 12:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 12:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 12:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 12:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 12:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 12:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 12:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 12:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 12:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 12:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 12:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/28 19:23:18 | 000,060,928 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\AzBusMon.exe -- (AzBusFixService)
SRV - [2009/03/05 01:07:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/24 10:59:40 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/02/15 07:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008/01/21 13:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2008/01/21 13:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2008/01/21 13:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IgrsSvcs.exe -- (IncSvc)
SRV - [2008/01/12 11:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.sg/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=npkNf1JKBxKBGiqJ4cxfRw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/15 23:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 16:56:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 16:56:54 | 000,000,000 | ---D | M]

[2010/03/09 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Extensions
[2010/04/01 18:40:33 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions
[2010/03/09 10:48:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 17:39:33 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/09 10:48:34 | 000,000,000 | ---D | M] (zblack) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2010/03/09 10:48:34 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/03/09 10:48:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/09 10:48:30 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\redshift_V2@shift-themes.com
[2009/12/24 00:40:32 | 000,009,941 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\searchplugins\mywebsearch.xml
[2010/03/09 10:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/21 09:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/08/18 23:53:33 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/18 23:53:33 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/18 23:53:33 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/18 23:53:33 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 08:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe (Compal Electronic Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - Startup: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 13:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/02 16:49:10 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Xephyria\Desktop\OTL.exe
[2010/04/02 00:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/02 00:29:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/02 00:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/31 00:59:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\Thinstall
[2010/03/31 00:59:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\Thinstall
[2010/03/31 00:59:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\Desktop\Nitro PDF Professional 6.3.1
[2010/03/20 23:07:24 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\Malwarebytes
[2010/03/20 23:07:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/20 23:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/20 23:07:03 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/20 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/20 03:16:44 | 000,000,000 | ---D | C] -- C:\Driver
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/02 16:54:09 | 004,194,304 | -HS- | M] () -- C:\Users\Xephyria\ntuser.dat
[2010/04/02 16:49:11 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Xephyria\Desktop\OTL.exe
[2010/04/02 16:03:09 | 000,000,584 | -H-- | M] () -- C:\Users\Xephyria\Desktop\AutoClick.ini
[2010/04/02 11:26:41 | 000,293,376 | ---- | M] () -- C:\l2jvydt3.exe
[2010/04/02 11:26:19 | 000,293,376 | ---- | M] () -- C:\Users\Xephyria\Desktop\l2jvydt3.exe.part
[2010/04/02 09:10:23 | 058,394,506 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/02 03:26:34 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/02 03:26:34 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/02 03:18:15 | 000,000,173 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/04/02 03:18:13 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2010/04/02 03:18:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/02 03:17:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/02 03:17:36 | 2411,655,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 03:15:51 | 003,440,319 | -H-- | M] () -- C:\Users\Xephyria\AppData\Local\IconCache.db
[2010/04/02 03:06:48 | 000,000,069 | ---- | M] () -- C:\Users\Xephyria\jagex_runescape_preferences2.dat
[2010/04/02 01:40:25 | 000,000,041 | ---- | M] () -- C:\Users\Xephyria\jagex_runescape_preferences.dat
[2010/04/01 18:33:54 | 005,572,778 | ---- | M] () -- C:\Users\Xephyria\Desktop\Turkish March.mp3
[2010/04/01 00:30:23 | 005,843,068 | ---- | M] () -- C:\Users\Xephyria\Desktop\Carrying you.mp3
[2010/03/31 01:08:27 | 000,000,060 | ---- | M] () -- C:\Users\Xephyria\Weasel2Prefs
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/28 02:44:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/03/27 20:20:19 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/27 20:20:19 | 000,622,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/27 20:20:19 | 000,108,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/25 23:46:17 | 000,000,000 | ---- | M] () -- C:\Users\Xephyria\jagex__preferences3.dat
[2010/03/23 00:16:58 | 000,000,020 | ---- | M] () -- C:\Windows\€ô�
[2010/03/20 03:17:06 | 000,057,344 | ---- | M] () -- C:\Windows\AsfHelper.dll
[2010/03/20 03:17:06 | 000,044,544 | ---- | M] () -- C:\Windows\System32\drivers\funfrm.sys
[2010/03/20 03:17:06 | 000,001,869 | ---- | M] () -- C:\Windows\Microsoft.VC80.CRT.manifest
[2010/03/20 03:16:55 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\Windows\System32\DevIL.dll
[2010/03/20 03:16:55 | 000,241,664 | ---- | M] () -- C:\Windows\System32\3DImageRenderer.dll
[2010/03/20 03:16:55 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\Windows\System32\ILU.dll
[2010/03/20 03:16:55 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\Windows\System32\ILUT.dll
[2010/03/20 00:33:34 | 000,000,876 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/02 11:26:15 | 000,293,376 | ---- | C] () -- C:\l2jvydt3.exe
[2010/04/02 11:26:08 | 000,293,376 | ---- | C] () -- C:\Users\Xephyria\Desktop\l2jvydt3.exe.part
[2010/04/01 18:33:31 | 005,572,778 | ---- | C] () -- C:\Users\Xephyria\Desktop\Turkish March.mp3
[2010/04/01 00:26:57 | 005,843,068 | ---- | C] () -- C:\Users\Xephyria\Desktop\Carrying you.mp3
[2010/03/25 23:46:17 | 000,000,000 | ---- | C] () -- C:\Users\Xephyria\jagex__preferences3.dat
[2010/03/23 00:16:58 | 000,000,020 | ---- | C] () -- C:\Windows\€ô�
[2010/03/09 12:55:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/28 10:22:08 | 004,835,652 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/10/28 10:16:44 | 001,632,375 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2009/10/28 10:16:12 | 000,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/10/28 10:10:02 | 000,143,872 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/10/28 09:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/10/28 09:28:08 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/10/17 10:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/10/17 10:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/10/17 10:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/10/17 10:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/10/17 10:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/10/17 10:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/10/17 10:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/10/17 07:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/10/17 07:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/17 06:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/10/17 06:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/08/01 09:56:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/03 17:19:39 | 000,000,173 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009/06/03 17:15:46 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2009/06/03 15:07:21 | 000,135,168 | ---- | C] () -- C:\Windows\System32\snmp_pp.dll
[2009/06/03 15:07:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\GL2PRCFG.DLL
[2009/06/03 15:07:20 | 000,143,360 | ---- | C] () -- C:\Windows\System32\GL2CFG.DLL
[2009/05/14 03:36:06 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2009/05/14 03:22:34 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/05/14 03:22:34 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/05/14 03:22:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/05/14 03:22:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009/03/13 20:35:25 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2009/03/04 19:43:28 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/01/11 09:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/11 09:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/11 09:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/11 09:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/11 09:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/11 09:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/11 09:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/11 09:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/11 09:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/11 09:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/11 09:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/04 09:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/07 03:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/07 03:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/10/23 13:23:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\ntpci.sys
[2008/10/21 04:09:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/08/12 10:23:16 | 009,338,880 | ---- | C] () -- C:\Windows\System32\Facev.dll
[2008/08/12 10:23:16 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2008/08/12 10:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\image.dll
[2008/08/12 10:23:13 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
[2008/08/12 10:23:13 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
[2008/08/12 10:23:13 | 000,241,752 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
[2008/08/12 10:23:13 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FunFrm.dll
[2008/08/12 10:23:12 | 009,502,720 | ---- | C] () -- C:\Windows\System32\FaceVerify.dll
[2008/08/12 10:23:12 | 001,564,672 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2008/08/12 10:23:12 | 001,163,264 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2008/08/12 10:23:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SetDev.dll
[2008/08/12 10:23:12 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2008/08/12 10:23:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2008/08/12 10:23:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2008/08/12 10:23:11 | 001,974,272 | ---- | C] () -- C:\Windows\System32\Imagereog.dll
[2008/08/12 10:23:11 | 000,442,368 | ---- | C] () -- C:\Windows\System32\Apblend.dll
[2008/08/12 10:22:33 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2008/08/12 10:22:33 | 000,044,544 | ---- | C] () -- C:\Windows\System32\drivers\funfrm.sys
[2008/08/12 10:22:21 | 000,241,664 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll
[2008/08/12 09:50:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/08/12 09:48:05 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2008/06/06 16:18:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/13 20:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/11 04:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

========== LOP Check ==========

[2010/03/09 10:47:58 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\AVG9
[2009/04/18 03:41:33 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\DAEMON Tools
[2010/03/09 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\DAEMON Tools Lite
[2010/03/09 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\DAEMON Tools Pro
[2010/03/09 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\DataCast
[2010/03/24 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\EndNote
[2010/03/21 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Facebook
[2010/03/09 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Garritan
[2010/03/09 01:23:20 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\GetRightToGo
[2010/03/09 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Lenovo
[2010/03/09 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Multi File Downloader
[2010/03/09 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\NCH Swift Sound
[2010/03/09 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Nexon
[2010/03/09 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Nitro PDF
[2010/03/31 00:59:34 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\Thinstall
[2010/03/15 01:10:19 | 000,000,000 | ---D | M] -- C:\Users\Xephyria\AppData\Roaming\uTorrent
[2010/03/28 02:44:01 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010/03/18 18:52:49 | 000,007,112 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/04/02 11:26:41 | 000,293,376 | ---- | M] () -- C:\l2jvydt3.exe


< MD5 for: AGP440.SYS >
[2009/07/14 12:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 12:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 12:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/04/01 16:57:07 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 12:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 12:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 12:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 12:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 12:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 12:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 12:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 12:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

========== Files - Unicode (All) ==========
[2009/01/30 16:41:17 | 000,013,322 | ---- | M] ()(C:\Users\Xephyria\Documents\????.docx) -- C:\Users\Xephyria\Documents\新年祝贺.docx
[2009/01/30 16:41:17 | 000,013,322 | ---- | C] ()(C:\Users\Xephyria\Documents\????.docx) -- C:\Users\Xephyria\Documents\新年祝贺.docx

< End of report >

Contents in Extras.txt:


OTL Extras logfile created on: 2/4/2010 4:51:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Xephyria\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.81 Gb Total Space | 57.21 Gb Free Space | 22.63% Space Free | Partition Type: NTFS
Drive D: | 30.52 Gb Total Space | 1.31 Gb Free Space | 4.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XEPHYRIA-PC
Current User Name: Xephyria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A7F6127-CF84-476E-B2DE-F3CC912CBF6C}" = RuneScape
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EBE1DB0-8687-43A7-8781-6445E62CAFA5}" = Nitro PDF Professional
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93F2C2FE-5036-4DA4-83C5-3F74608C4D6C}_is1" = WinFile
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8
"{C52FF8C5-73EE-4260-97C3-A2268A9F963E}" = SwelCntr
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C631FB9D-81D2-4E4E-A688-901AC748322D}" = O2Micro Flash Memory Card Reader Driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"AC3Filter_is1" = AC3Filter 1.61b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyCapture3.0" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Finale 2009" = Finale 2009
"Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009
"HijackThis" = HijackThis 2.0.2
"IconArt" = IconArt
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{C52FF8C5-73EE-4260-97C3-A2268A9F963E}" = SwelCntr
"InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.0
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PRJPRO" = Microsoft Office Project Professional 2007
"PROHYBRIDR" = 2007 Microsoft Office system
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VeriFace III" = VeriFace III
"VisualSubSync" = VisualSubSync (remove only)
"VLC media player" = VLC media player 0.9.8a
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)


Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Please also post an updated HijackThis log and let me know how it's running.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

here's ComboFix.txt:

ComboFix 10-04-01.02 - Xephyria 03/04/2010 2:37.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3067.2005 [GMT 11:00]
Running from: c:\users\Xephyria\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\GENETICS OF IMMUNOGLOBULINS_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\Immunology Problem 4\Immunology Problem 4\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\web\DummiesDesigning Experiments Using the Scientific Method_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\Rediscovering Biology - Online Textbook Unit 13 Genetically Modi\_desktop.ini
.
---- Previous Run -------
.
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 10\week 10\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\Bioengineering - Cell Culture_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\Cell Culture Techniques 6_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\method5_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\Skin grafting_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 3 - cell culture lab\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 6 - splitting cells\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 6 - splitting cells\web\Cell_Culture_Techniques_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\cell_passaging_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\cellcounting_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\microscopy labs_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 8 -\VITRIFICATION PROTOCOL USED ON DOG_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\immu ppts\wk 12\IMmune\IMmune\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\immu ppts\wk 2\MP 02\MP 02\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\Immu_P4\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\Immu_P4\Immunology Problem 4\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\GENETICS OF IMMUNOGLOBULINS_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\Immunology Problem 4\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\Immunology Problem 4\Immunology Problem 4\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 5 - MHC molecules\web\AntigenPresentation_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 5 - MHC molecules\web\MHC_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 6 - complement system\web\Complement_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 6 - complement system\web\Lecture 11 Complement_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\histocompatibility_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\histocompatibility_files\params_data\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\histocompatibility_files\params_data_002\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\livingDonation.asp_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\Organ Transplants_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\wwwHLAtyping_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\web\DummiesDesigning Experiments Using the Scientific Method_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\web\Prokaryotic Cell Structure Endospores_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 2 - lab (bacteria culture)\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\ground water & drinking water_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\membrane filter technique_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\Water Quality Testing_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 4 - testing quality of water (lab)\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 4 - testing quality of water (lab)\Microb_P4\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 5 - S curve\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\DNA Replication_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\DNAReplication_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\MSN Encarta - Virus (life science)_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 10 - growth hormones\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 11\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 12\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 13\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 14\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 16\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\dna-evidence1_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\DNA Typing and Identification_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\forensics.shtml_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\Apoptosis glossary_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\Apoptosis_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\more Apoptosis_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 5 - suicidal lab\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 6 - stress\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 7 - stress response\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\web\DNA Repair web_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\web\Types of Damage, and their Consequences_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 9\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\rDNA ppts\Problem 13\Screening of Transformants_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\rDNA ppts\Problem 13\Small-Scale Plasmid Preparation for Library Screening_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 1 - buffers\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 1 - buffers\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 1 - buffers\web\Buffers_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 10 - PCR troubleshooting\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 11\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 12\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 13 - lab\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 14\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 15\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 16\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 2 - RNA\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\content.cfm_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\display_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\Rediscovering Biology - Online Textbook Unit 13 Genetically Modi\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 4 - RT-PCR\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 4 - RT-PCR\ppts\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\web\renzymes_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\web\search_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\HGT_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\Horizontal_gene_transfer_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\vector_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 7\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 7\different vectors_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 8\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\7habits_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\7habits_files\frLinks_data\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\7habits_files\frRUnten_data\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\Seven Habits Discussion Guide Table of Contents_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\web\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\web\Site-Directed Mutagenesis procdure_files\_desktop.ini
c:\$windows.~q\DATA\Users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\web\Site-Directed Mutagenesis_files\_desktop.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 10\week 10\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\Bioengineering - Cell Culture_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\Cell Culture Techniques 6_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\method5_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 2 - primary cell culture\web\Skin grafting_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 3 - cell culture lab\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 6 - splitting cells\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 6 - splitting cells\web\Cell_Culture_Techniques_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\cell_passaging_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\cellcounting_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 7 -\web\microscopy labs_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Cell Culture\week 8 -\VITRIFICATION PROTOCOL USED ON DOG_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\immu ppts\wk 12\IMmune\IMmune\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\immu ppts\wk 2\MP 02\MP 02\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\Immu_P4\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\Immu_P4\Immunology Problem 4\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\GENETICS OF IMMUNOGLOBULINS_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\Immunology Problem 4\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 4 - clonal selection theory and antibody diversity\web\Immunology Problem 4\Immunology Problem 4\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 5 - MHC molecules\web\AntigenPresentation_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 5 - MHC molecules\web\MHC_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 6 - complement system\web\Complement_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 6 - complement system\web\Lecture 11 Complement_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\histocompatibility_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\histocompatibility_files\params_data\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\histocompatibility_files\params_data_002\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\livingDonation.asp_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\Organ Transplants_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Immunology\week 9\web\wwwHLAtyping_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\web\DummiesDesigning Experiments Using the Scientific Method_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 1 - Spontaneous Generation\web\Prokaryotic Cell Structure Endospores_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 2 - lab (bacteria culture)\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\ground water & drinking water_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\membrane filter technique_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 3 - testing quality of water\web\Water Quality Testing_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 4 - testing quality of water (lab)\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 4 - testing quality of water (lab)\Microb_P4\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Microbiology\week 5 - S curve\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\DNA Replication_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\DNAReplication_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\MSN Encarta - Virus (life science)_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 1 - virus & DNA replication\web\MSN Encarta - Virus (life science)_files\OvertureAd_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 10 - growth hormones\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 11\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 12\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 13\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 14\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 16\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\dna-evidence1_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\DNA Typing and Identification_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 2 - DNA identification\web\forensics.shtml_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\Apoptosis glossary_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\Apoptosis_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 4 - cell death\web\more Apoptosis_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 5 - suicidal lab\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 6 - stress\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 7 - stress response\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\web\DNA Repair web_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 8\web\Types of Damage, and their Consequences_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\Molecular & Cell Biology\week 9\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\rDNA ppts\Problem 13\Screening of Transformants_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\rDNA ppts\Problem 13\Small-Scale Plasmid Preparation for Library Screening_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 1 - buffers\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 1 - buffers\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 1 - buffers\web\Buffers_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 10 - PCR troubleshooting\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 11\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 12\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 13 - lab\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 14\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 15\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 16\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 2 - RNA\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\content.cfm_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\display_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 3 - protein expression system\web\Rediscovering Biology - Online Textbook Unit 13 Genetically Modi\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 4 - RT-PCR\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 4 - RT-PCR\ppts\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\web\renzymes_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 5 - RE\web\search_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\HGT_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\Horizontal_gene_transfer_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 6 - competent cells\web\vector_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 7\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 7\different vectors_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 8\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\7habits_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\7habits_files\frLinks_data\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\7habits_files\frRUnten_data\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\Seven Habits Discussion Guide Table of Contents_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\web\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\web\Site-Directed Mutagenesis procdure_files\_desktop.ini
c:\users\Xephyria\AppData\Local\Microsoft\Messenger\nateos_y2k@hotmail.com\Sharing Folders\chickenz87@hotmail.com\year 2 sem 2\rDNA Tech\week 9\web\Site-Directed Mutagenesis_files\_desktop.ini
c:\windows\system32\~.inf
c:\windows\System32\3DImageRenderer.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\Y.TXT

.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 15:45 . 2010-04-02 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-02 15:20 . 2010-04-02 15:20 -------- d-----w- C:\32788R22FWJFW
2010-04-02 14:37 . 2010-04-02 16:03 -------- d-----w- c:\users\Xephyria\AppData\Local\temp
2010-04-02 00:26 . 2010-04-02 00:26 293376 ----a-w- C:\l2jvydt3.exe
2010-04-01 22:54 . 2010-04-01 22:54 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-01 22:54 . 2010-04-01 22:54 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-01 13:31 . 2010-04-01 13:31 -------- d-----w- c:\program files\Trend Micro
2010-04-01 13:28 . 2010-04-01 13:29 -------- d-----w- c:\program files\ERUNT
2010-04-01 12:35 . 2010-04-01 12:35 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-01 06:03 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 13:59 . 2010-03-30 13:59 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Thinstall
2010-03-30 13:59 . 2010-03-30 13:59 -------- d-----w- c:\users\Xephyria\AppData\Local\Thinstall
2010-03-25 12:46 . 2010-03-25 12:46 0 ----a-w- c:\users\Xephyria\jagex__preferences3.dat
2010-03-20 12:07 . 2010-03-20 12:07 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Malwarebytes
2010-03-20 12:07 . 2010-03-29 13:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 12:07 . 2010-03-20 12:07 -------- d-----w- c:\programdata\Malwarebytes
2010-03-20 12:07 . 2010-04-01 12:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 12:07 . 2010-03-29 13:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 16:16 . 2010-03-19 16:16 -------- d-----w- C:\Driver
2010-03-19 13:32 . 2009-06-30 10:46 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-03-19 13:32 . 2009-06-30 10:46 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-03-19 13:32 . 2009-06-30 10:46 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-03-19 13:32 . 2009-04-06 13:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2010-03-18 10:41 . 2010-03-18 10:41 -------- d-----w- c:\program files\Weasel
2010-03-16 13:12 . 2010-03-16 13:12 -------- d-----w- c:\program files\Jagex Games Studio
2010-03-16 12:55 . 2010-03-20 02:41 -------- d-----w- c:\users\Xephyria\AppData\Local\Diagnostics
2010-03-14 13:56 . 2010-03-14 13:56 -------- d-----w- c:\program files\Safari
2010-03-13 21:36 . 2010-03-13 21:36 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-13 21:36 . 2010-03-13 21:36 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-13 21:36 . 2010-03-13 21:36 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-13 21:36 . 2010-03-13 21:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 07:42 . 2010-03-12 07:42 -------- d-----w- c:\users\Xephyria\AppData\Local\Broadcom
2010-03-11 08:53 . 2010-03-11 08:53 -------- d-----w- c:\program files\BisonC07
2010-03-11 08:53 . 2009-07-13 08:30 1168880 ----a-w- c:\windows\system32\drivers\BisonC07.sys
2010-03-11 08:53 . 2009-01-04 11:48 191016 ----a-w- c:\windows\system32\BisonCoi.dll
2010-03-11 08:53 . 2010-03-11 08:53 -------- d-----w- c:\users\Xephyria\AppData\Roaming\InstallShield
2010-03-11 08:34 . 2010-03-11 08:38 36864 ----a-w- c:\programdata\TEMP\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\PostBuild.exe
2010-03-10 16:03 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-03-10 13:54 . 2010-03-10 13:54 -------- d-----w- c:\windows\system32\SDA
2010-03-10 13:37 . 2009-04-28 08:23 60928 ------w- c:\windows\system32\AzBusMon.exe
2010-03-10 13:34 . 2010-03-11 13:05 -------- d-----w- C:\Drivers
2010-03-09 18:12 . 2010-03-09 00:32 -------- d-----w- c:\windows\Panther
2010-03-09 17:53 . 2010-03-09 00:02 -------- d-----w- C:\$WINDOWS.~Q
2010-03-09 17:41 . 2010-03-09 17:47 -------- d-----w- C:\$INPLACE.~TR
2010-03-09 06:51 . 2009-11-12 04:14 66664 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-03-09 06:51 . 2009-11-12 01:09 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-03-09 06:51 . 2009-11-12 01:08 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-03-09 06:50 . 2010-03-09 06:50 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-09 06:50 . 2010-03-09 06:50 -------- d-----w- c:\windows\system32\AGEIA
2010-03-09 06:49 . 2010-03-09 06:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-09 00:36 . 2010-03-12 07:42 158904 ----a-w- c:\users\Xephyria\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- C:\Recovery
2010-03-09 00:21 . 2010-04-02 06:54 -------- d-----w- c:\windows\system32\wbem\Performance
2010-03-09 00:00 . 2010-03-09 00:00 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-08 23:55 . 2010-03-08 23:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-03-08 23:18 . 2009-11-19 10:42 592488 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-08 23:18 . 2010-03-08 23:18 -------- d-----w- c:\program files\Synaptics
2010-03-08 23:15 . 2010-03-10 13:37 -------- d-----w- c:\program files\CONEXANT
2010-03-07 08:33 . 2010-03-08 14:23 -------- d-----w- c:\users\Xephyria\AppData\Roaming\GetRightToGo
2010-03-06 06:32 . 2010-03-08 23:47 -------- d-----w- c:\users\Xephyria\AppData\Local\Microsoft Corporation
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-03 17:00 . 2010-03-03 17:00 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 16:06 . 2009-09-02 13:02 69 ----a-w- c:\users\Xephyria\jagex_runescape_preferences2.dat
2010-04-01 14:40 . 2009-08-30 05:06 41 ----a-w- c:\users\Xephyria\jagex_runescape_preferences.dat
2010-04-01 05:57 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-01 05:56 . 2009-10-30 13:15 -------- d-----w- c:\users\Xephyria\AppData\Roaming\vlc
2010-04-01 05:56 . 2008-10-11 16:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-04-01 05:56 . 2008-10-07 13:14 -------- d-----w- c:\programdata\VeriFace
2010-04-01 05:56 . 2009-02-12 16:28 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Skype
2010-03-31 13:03 . 2008-10-11 16:30 -------- d-----w- c:\programdata\NCH Swift Sound
2010-03-28 21:05 . 2009-02-12 16:31 -------- d-----w- c:\users\Xephyria\AppData\Roaming\skypePM
2010-03-24 11:20 . 2009-06-04 11:44 -------- d-----w- c:\users\Xephyria\AppData\Roaming\EndNote
2010-03-20 13:07 . 2010-02-19 08:14 50354 ----a-w- c:\users\Xephyria\AppData\Roaming\Facebook\uninstall.exe
2010-03-20 13:07 . 2010-02-19 08:14 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Facebook
2010-03-20 05:46 . 2008-08-11 22:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-20 04:12 . 2008-08-11 23:22 -------- d-----w- c:\programdata\EasyCapture
2010-03-19 16:17 . 2008-08-11 23:22 1011712 ----a-w- c:\windows\system32\CamOpEx.dll
2010-03-19 16:17 . 2008-08-11 23:22 626688 ----a-w- c:\windows\msvcr80.dll
2010-03-19 16:17 . 2008-08-11 23:22 57344 ----a-w- c:\windows\AsfHelper.dll
2010-03-19 16:17 . 2008-08-11 23:22 44544 ----a-w- c:\windows\system32\drivers\funfrm.sys
2010-03-19 16:16 . 2008-08-11 23:22 876032 ----a-w- c:\windows\system32\DevIL.dll
2010-03-19 16:16 . 2008-08-11 23:22 77824 ----a-w- c:\windows\system32\ILU.dll
2010-03-19 16:16 . 2008-08-11 23:22 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-03-19 16:16 . 2008-08-11 23:22 32768 ----a-w- c:\windows\system32\ILUT.dll
2010-03-19 05:21 . 2010-03-19 05:21 8210632 ----a-w- c:\windows\system32\~.tmp
2010-03-14 14:10 . 2009-02-04 09:21 -------- d-----w- c:\users\Xephyria\AppData\Roaming\uTorrent
2010-03-14 13:57 . 2008-10-21 06:52 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Apple Computer
2010-03-14 13:55 . 2008-10-21 06:50 -------- d-----w- c:\program files\Common Files\Apple
2010-03-13 21:36 . 2009-11-29 13:12 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 21:36 . 2008-10-07 14:36 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 21:36 . 2008-10-07 14:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 10:48 . 2010-03-12 10:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-03-11 16:02 . 2008-08-11 22:54 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 08:45 . 2008-08-11 22:41 -------- d-----w- c:\program files\Lenovo
2010-03-10 13:54 . 2008-08-11 22:28 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2010-03-10 13:48 . 2010-03-10 13:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-03-09 06:54 . 2008-08-11 22:18 -------- d-----w- c:\programdata\NVIDIA
2010-03-09 06:51 . 2009-03-13 09:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-09 01:55 . 2010-03-09 01:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-08 23:48 . 2008-10-07 11:58 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Symantec
2010-03-08 23:48 . 2009-11-29 12:47 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Multi File Downloader
2010-03-08 23:48 . 2009-02-19 13:03 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Sibelius Software
2010-03-08 23:48 . 2009-01-13 19:01 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Nitro PDF
2010-03-08 23:48 . 2008-11-01 12:43 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Nexon
2010-03-08 23:48 . 2008-10-11 16:30 -------- d-----w- c:\users\Xephyria\AppData\Roaming\NCH Software
2010-03-08 23:48 . 2008-10-11 16:29 -------- d-----w- c:\users\Xephyria\AppData\Roaming\NCH Swift Sound
2010-03-08 23:47 . 2010-02-19 09:26 -------- d-----w- c:\users\Xephyria\AppData\Roaming\dvdcss
2010-03-08 23:47 . 2009-05-13 16:22 -------- d-----w- c:\users\Xephyria\AppData\Roaming\DataCast
2010-03-08 23:47 . 2009-04-17 16:41 -------- d-----w- c:\users\Xephyria\AppData\Roaming\DAEMON Tools Pro
2010-03-08 23:47 . 2009-04-17 16:34 -------- d-----w- c:\users\Xephyria\AppData\Roaming\DAEMON Tools Lite
2010-03-08 23:47 . 2009-03-10 12:41 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Garritan
2010-03-08 23:47 . 2009-02-20 06:02 -------- d-----w- c:\users\Xephyria\AppData\Roaming\CyberLink
2010-03-08 23:47 . 2008-11-01 12:36 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Hamachi
2010-03-08 23:47 . 2008-10-26 10:30 -------- d-----w- c:\users\Xephyria\AppData\Roaming\DivX
2010-03-08 23:47 . 2008-10-07 11:59 -------- d-----w- c:\users\Xephyria\AppData\Roaming\Lenovo
2010-03-08 23:47 . 2009-11-29 13:54 -------- d-----w- c:\users\Xephyria\AppData\Roaming\AVG9
2010-03-08 23:33 . 2009-02-12 16:27 -------- d-----r- c:\program files\Skype
2010-03-08 23:33 . 2009-10-11 04:25 -------- d-----w- c:\program files\RMVB Converter
2010-03-08 23:33 . 2008-10-26 08:05 -------- d-----w- c:\program files\Samsung
2010-03-08 23:33 . 2009-06-26 10:35 -------- d-----w- c:\program files\QuickTime
2010-03-08 23:33 . 2009-03-10 12:41 -------- d-----w- c:\program files\Plogue
2010-03-08 23:32 . 2009-11-29 04:12 -------- d-----w- c:\program files\OJOsoft
2010-03-08 23:32 . 2009-03-09 01:48 -------- d-----w- c:\program files\Nitro PDF
2010-03-08 23:32 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-03-08 23:32 . 2008-08-11 22:56 -------- d-----w- c:\program files\Microsoft Works
2010-03-08 23:32 . 2008-08-11 22:55 -------- d-----w- c:\program files\Microsoft.NET
2010-03-08 23:32 . 2008-12-06 08:18 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-08 23:32 . 2009-02-03 16:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-08 23:32 . 2008-08-11 23:00 -------- d-----w- c:\program files\Microsoft Small Business
2010-03-08 23:31 . 2009-12-30 11:31 -------- d-----w- c:\program files\Microsoft ATS
2010-03-08 23:31 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-03-08 23:31 . 2009-02-03 16:49 -------- d-----w- c:\program files\Microsoft
2010-03-08 23:31 . 2008-10-07 14:30 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-08 23:31 . 2008-10-26 08:05 -------- d-----w- c:\program files\MarkAny
2010-03-08 23:31 . 2009-03-24 04:36 -------- d-----w- c:\program files\Java
2010-03-08 23:31 . 2008-08-11 22:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-08 23:31 . 2008-08-11 22:10 -------- d-----w- c:\program files\Intel
2010-03-08 23:31 . 2009-03-10 12:41 -------- d-----w- c:\program files\Garritan
2010-03-08 23:31 . 2009-03-10 12:31 -------- d-----w- c:\program files\Finale 2009
2010-03-08 23:29 . 2009-06-04 11:40 -------- d-----w- c:\program files\EndNote X2
2010-03-08 23:24 . 2008-08-11 22:52 -------- d-----w- c:\program files\Carbonite
2010-03-08 23:24 . 2008-10-20 16:57 -------- d-----w- c:\program files\Bonjour
2010-03-08 23:24 . 2008-08-11 22:30 -------- d-----w- c:\program files\Broadcom
2010-03-08 23:24 . 2008-10-18 15:17 -------- d-----w- c:\program files\Audacity
2010-03-08 23:24 . 2008-10-07 14:36 -------- d-----w- c:\program files\AVG
2010-03-08 23:24 . 2008-10-21 06:51 -------- d-----w- c:\program files\Apple Software Update
2010-03-08 23:22 . 2008-08-11 23:01 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2010-03-08 23:22 . 2009-07-03 06:09 -------- d-----w- c:\program files\AC3Filter
2010-03-08 23:18 . 2010-03-08 23:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-03-05 23:29 . 2008-08-11 21:52 10166 ----a-w- c:\windows\bthservsdp.dat
2010-02-02 07:45 . 2010-03-09 16:06 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Xephyria\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-18 23:29 . 2010-03-09 16:06 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-03-09 16:06 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-03-09 16:06 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-03-09 16:06 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-03-09 16:06 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-03-09 16:06 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-03-09 16:06 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-03-09 16:06 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-03-09 16:06 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-08-11 23:23 241752 ----a-w- c:\windows\System32\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-05-06 272832]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-24 5064520]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-08-26 4114288]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2009-04-22 2742840]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TmlCMode"="c:\program files\Compal\TmlCMode\TmlCMode.exe" [2008-08-11 352256]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2010-03-11 2916352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

c:\users\Xephyria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-17 717296]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
R3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-01-10 81192]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-10-25 17192]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-13 242696]
S1 funfrm;funfrm; [x]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
S2 AzBusFixService;User-mode service for AzBusFix;c:\windows\system32\AzBusMon.exe [2009-04-28 60928]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2008-02-14 32768]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
S2 NTPCI;NTPCI;c:\windows\system32\drivers\ntpci.sys [2008-04-22 5632]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-04-23 430080]
S2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-11-24 47680]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-06 29472]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2008-04-29 11264]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-06 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-06 42144]

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=npkNf1JKBxKBGiqJ4cxfRw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{93F2C2FE-5036-4DA4-83C5-3F74608C4D6C}_is1 - c:\program files\Multi File Downloader\unins000.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-03 03:06:41
ComboFix-quarantined-files.txt 2010-04-02 16:06

Pre-Run: 102,725,574,656 bytes free
Post-Run: 102,652,608,512 bytes free

- - End Of File - - 9944AC037EE9467CF3409C6E27F9716A

updated HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:31 AM, on 3/4/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: User-mode service for AzBusFix (AzBusFixService) - Conexant Systems, Inc. - C:\Windows\system32\AzBusMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8676 bytes

Can you give me an update on how it's running now?

Also, I see you have MalwareBytes installed. Can you do run with it and post the log. Make sure it's up to date before running.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply along with a Hijackthis log.

I haven't got any prompts from AVG so far about the virus. the google redirect problem seem to have stop and it loads pretty fast too. everything seems to be back to normal. Thanks so much for your help!

mbam log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/4/2010 10:09:31 PM
mbam-log-2010-04-03 (22-09-31).txt

Scan type: Quick scan
Objects scanned: 105681
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:14 PM, on 3/4/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Compal\TmlCMode\TmlCMode.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: User-mode service for AzBusFix (AzBusFixService) - Conexant Systems, Inc. - C:\Windows\system32\AzBusMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8876 bytes

Let's run an online virus scan.

Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.


Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

there's 1 infected object.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 5, 2010
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, April 04, 2010 10:46:02
Records in database: 3913989
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 164297
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:24:10


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\drivers\atapi.sys.vir Infected: Rootkit.Win32.Tdss.ai 1

Selected area has been scanned.

The object that's infected is quarantined by combofix. We'll clear that out now.

Uninstall Combofix

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

The above procedure will:

Delete the following: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

+++++++++++++++

We can also remove OTL and any other tools we used here.

Run OTL and click on the Cleanup button.

+++++++++++++++

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

checkup.txt:

Results of screen317's Security Check version 0.99.2
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 18
Adobe Flash Player 10
Adobe Reader 8.2.0
Korean Fonts Support For Adobe Reader 8
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

:bigthumb:

If all is running well we can wrap up here.

In addition to updating and using what you currently have you may want to consider the following:

Install SpywareBlaster - SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/index.php?showtutorial=49)

Install Winpatrol -
Use Winpatrol (http://www.winpatrol.com/) to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here (http://www.winpatrol.com/features.html)

Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm

UPDATING:

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Keep your applications up to date -
Use Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) to help stay on top of application updates that could leave your PC vulnerable to attack.

I'll leave the thread open a few days in case you have questions or issues.

Regards,
Dave