TechSpot

Redirect from Google to Askthecrew

By BynByn
Mar 7, 2012
  1. Whenever i use google search, it always redirects to Askthecrew. Plus, my computer has been running very slow. Sometimes blue screen appears or my laptop shut down suddenly. I need your help! Thank you in advance.

    __________________________
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.08.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Thuan :: THUAN-VAIO [administrator]

    3/7/2012 9:31:24 PM
    mbam-log-2012-03-07 (21-31-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 190728
    Time elapsed: 3 minute(s), 43 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 5372 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
    _________________________
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-07 22:13:31
    Windows 6.1.7601 Service Pack 1
    Running: rxlne9z8.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819e2048f
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819e2048f (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
    _________________________________
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Thuan at 22:15:52 on 2012-03-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2101 [GMT -6:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\Unikey\UniKeyNT.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Thuan\Desktop\rxlne9z8.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=102874&gct=hp
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [UniKey] C:\Program Files (x86)\Unikey\UniKeyNT.exe
    uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{825CFFF4-F5F7-4126-B18C-52A5AD44ECF4} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    BHO-X64: IEPlugin - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
    mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Thuan\AppData\Roaming\Mozilla\Firefox\Profiles\uiufptyv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Thuan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-18 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-18 110032]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-25 13336]
    R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-6-16 49152]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsnxc64.sys --> C:\Windows\system32\DRIVERS\risdsnxc64.sys [?]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-8-26 260768]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-16 378472]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-23 105024]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-25 2656536]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-11-25 552584]
    R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-12-5 84080]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-11-25 969352]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-10-29 54432]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1245800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
    S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-08 03:39:23 20480 ----a-w- C:\Windows\svchost.exe
    2012-03-08 03:30:54 -------- d-----w- C:\Users\Thuan\AppData\Roaming\Malwarebytes
    2012-03-08 03:30:42 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-08 03:30:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-08 03:30:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-06 19:44:15 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66C46AF6-14BA-4F75-A932-CEE8E5BE56D1}\mpengine.dll
    2012-02-24 01:43:21 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-02-24 01:43:02 -------- d-----w- C:\_OTL
    2012-02-24 01:23:19 98816 ----a-w- C:\Windows\sed.exe
    2012-02-24 01:23:19 518144 ----a-w- C:\Windows\SWREG.exe
    2012-02-24 01:23:19 256000 ----a-w- C:\Windows\PEV.exe
    2012-02-24 01:23:19 208896 ----a-w- C:\Windows\MBR.exe
    2012-02-18 10:00:20 -------- d-----w- C:\Users\Thuan\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-18 10:00:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-02-18 10:00:17 -------- d-----w- C:\ProgramData\!SASCORE
    2012-02-18 09:45:19 -------- d-----w- C:\Users\Thuan\AppData\Roaming\Avira
    2012-02-18 09:44:51 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2012-02-18 09:44:51 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2012-02-18 09:44:51 -------- d-----w- C:\ProgramData\Avira
    2012-02-18 09:44:51 -------- d-----w- C:\Program Files (x86)\Avira
    2012-02-17 01:53:08 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-02-17 01:53:08 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-02-17 01:53:04 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-02-17 01:53:04 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-02-17 01:53:03 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-17 01:53:00 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-02-17 01:52:53 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-17 01:52:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    .
    ==================== Find3M ====================
    .
    2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-18 09:07:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
    2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 22:16:25.93 ===============

    ___________________________
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/30/2011 7:18:22 PM
    System Uptime: 3/7/2012 9:46:33 PM (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz | N/A | 2401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 184 GiB total, 129.759 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 199.893 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 200 GiB total, 81.617 GiB free.
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP37: 2/23/2012 7:39:23 PM - OTL Restore Point - 2/23/2012 7:39:23 PM
    RP38: 2/28/2012 8:19:21 PM - Windows Update
    RP39: 3/6/2012 1:43:53 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    ACID Music Studio 8.0
    Adobe AIR
    Adobe Community Help
    Adobe Illustrator CS5
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X MUI
    Apple Application Support
    Apple Software Update
    Application Manager for VAIO
    ArcSoft Magic-i Visual Effects 2
    ArcSoft WebCam Companion 4
    Atheros WiFi Driver Installation
    Avira Free Antivirus
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    D3DX10
    DAEMON Tools Pro
    Dolby Home Theater v4
    Evernote v. 4.4
    Galerie de photos Windows Live
    Google Chrome
    HP Deskjet 1050 J410 series Help
    HP Photo Creations
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Internet Download Manager
    Java Auto Updater
    Java(TM) 6 Update 26
    JDownloader 0.9
    Junk Mail filter update
    K-Lite Codec Pack 8.0.0 (Standard)
    Keyboard Shortcuts
    Lyrics Plugin for Windows Media Player
    Malwarebytes Anti-Malware version 1.60.1.1000
    Media Go
    Mesh Runtime
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    NVIDIA 3D Vision Video Player
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oasis2Service
    OOBE
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition Plug-in
    Quick Web Access
    Realtek High Definition Audio Driver
    Remote Keyboard
    Remote Play with PlayStation 3
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.5
    Sound Forge Audio Studio 10.0
    SSLx86
    Super Hide IP
    TeamViewer 7
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    V3DPX86
    VAIO - Media Gallery
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition Plug-in
    VAIO - Remote Keyboard
    VAIO - Remote Play with PlayStation®3
    VAIO 3D Portal
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO Easy Connect
    VAIO Gate
    VAIO Gate Default
    VAIO Help and Support
    VAIO Improvement
    VAIO Manual
    VAIO Messenger
    VAIO Sample Contents
    VAIO Satisfaction Survey.
    VAIO Smart Network
    VAIO Transfer Support
    VAIO Update
    VCCx86
    Vegas Movie Studio HD Platinum 10.0
    VHD
    VIP Access
    Visual Studio 2008 x64 Redistributables
    VIx86
    VSNx86
    VWSTx86
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/6/2012 1:43:52 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.
    3/6/2012 1:13:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035cfa9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030612-27300-01.
    3/3/2012 5:49:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    3/3/2012 5:49:22 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/2/2012 6:39:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TINANGUYEN-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{825CFFF4-F5F7-4126-B18C-52A5AD44ECF4}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I see one cause of the problem:

    It looks like you updated Java, but you did not remove the pre-checked Ask.com So it has now made itself your homepage. I don't know if 'askthecrew' is related, but my guess would be it is.

    Please go to any site you'd like for a homepage (you can change it later) Once there, click on Tools in the browser> choose Internet Options in IE or Options in Firefox> the first tab open and asks if you want 'this for home page' or 'use this for homepage'> Click on Yes> Apply? OK.

    Go to Programs and uninstall any Ask entries. Then use Windows explorer to access Computer> Local Drive> Programs and do a right click> Delete on the Ask folder.

    There may be some remaining entries-I will remove those after Combofix
    ========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. BynByn

    BynByn TS Rookie Topic Starter

    Thank you for your detail assistance. I changed my homepage. It doesn't just redirect to askthecrew but other websites too. I mean I use Google.com to search and it give me results as usual, but when I click on any of those links, it redirects to other websites. It's strange that there's nothing wrong when I use google from other countries like google.com.ru or google.com.hk, only google.com doesn't work. Additionally, my Avira finds trojan or virus every day and I remove them, but it doesn't seem effective at all.
    I did all directions you gave me, and here are the logs:

    ESET scan
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm JS/Agent.NEP trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm JS/Agent.NEP trojan

    ComboFix 12-03-08.04 - Thuan 03/08/2012 15:36:45.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2570 [GMT -6:00]
    Running from: c:\users\Thuan\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-08 21:42 . 2012-03-08 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-08 19:16 . 2012-03-08 19:16 -------- d-----w- c:\program files (x86)\ESET
    2012-03-08 03:30 . 2012-03-08 03:30 -------- d-----w- c:\users\Thuan\AppData\Roaming\Malwarebytes
    2012-03-08 03:30 . 2012-03-08 03:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-08 03:30 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-08 03:30 . 2012-03-08 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-06 19:44 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66C46AF6-14BA-4F75-A932-CEE8E5BE56D1}\mpengine.dll
    2012-02-24 01:43 . 2012-02-24 01:43 -------- d-----w- C:\_OTL
    2012-02-18 10:00 . 2012-02-18 10:00 -------- d-----w- c:\users\Thuan\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-18 10:00 . 2012-02-18 10:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-02-18 10:00 . 2012-02-18 10:00 -------- d-----w- c:\programdata\!SASCORE
    2012-02-18 09:45 . 2012-02-18 09:45 -------- d-----w- c:\users\Thuan\AppData\Roaming\Avira
    2012-02-18 09:44 . 2012-02-20 02:23 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-02-18 09:44 . 2012-02-18 09:44 -------- d-----w- c:\programdata\Avira
    2012-02-18 09:44 . 2012-02-18 09:44 -------- d-----w- c:\program files (x86)\Avira
    2012-02-18 09:44 . 2011-09-16 05:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-02-18 09:44 . 2011-09-16 05:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-02-18 08:59 . 2012-02-18 08:59 -------- d-----w- c:\programdata\McAfee
    2012-02-18 08:59 . 2012-02-18 08:59 -------- d-----w- c:\windows\system32\Macromed
    2012-02-17 01:53 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-17 01:53 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-17 01:53 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-17 01:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-17 01:53 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-02-17 01:53 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-17 01:52 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-17 01:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-18 09:07 . 2011-11-25 17:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-24_01.29.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-28 03:37 . 2012-02-28 03:32 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022720120228\index.dat
    + 2012-02-28 03:37 . 2012-02-28 03:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022020120227\index.dat
    + 2012-02-17 02:04 . 2012-03-08 20:55 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2010-11-21 03:09 . 2012-03-08 17:40 58226 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-08 17:40 37708 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-12-01 03:04 . 2012-03-08 17:40 10436 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3122457720-1262136122-3862839106-1001_UserData.bin
    + 2011-11-25 16:33 . 2012-03-08 17:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-11-25 16:33 . 2012-02-24 01:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-11-25 16:33 . 2012-03-08 17:42 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-11-25 16:33 . 2012-02-24 01:04 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-02-24 01:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-08 17:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-02-16 19:33 . 2012-02-24 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-02-16 19:33 . 2012-03-08 17:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2012-03-03 00:06 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2012-02-16 19:33 . 2012-02-24 00:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2012-02-16 19:33 . 2012-03-08 17:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2012-02-16 19:33 . 2012-03-08 17:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2012-02-16 19:33 . 2012-02-24 00:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-02-16 19:33 . 2012-03-08 17:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2012-02-16 19:33 . 2012-02-24 00:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2012-02-16 19:33 . 2012-03-08 17:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-02-16 19:33 . 2012-02-24 00:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-02-16 19:33 . 2012-03-08 17:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-02-16 19:33 . 2012-02-24 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-02-24 03:39 . 2012-02-24 03:39 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 70656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\d4c98757d64684477081d5f200e875c1\System.Xaml.Hosting.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Routing\8295dbd8d0d3dbbfac33aa7dc15c8d29\System.Web.Routing.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\2b458d13f6e3900827854507ba765d2e\System.Web.DynamicData.Design.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Abstract#\46c50dbb9de3e13078242f8b3b32e4fe\System.Web.Abstractions.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 13824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\f0042f79d36bedda0e99e2892bb02fe7\System.ServiceModel.ServiceMoniker40.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 47616 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\64fd2fd1812f2536afaec66752707952\Microsoft.Workflow.Compiler.ni.exe
    + 2012-02-24 03:35 . 2012-02-24 03:35 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
    + 2012-02-24 03:34 . 2012-02-24 03:34 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\31c9ef760d04c92e17106dae1a9091f4\System.Xaml.Hosting.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\205067fe0e5c75891b489719b799c79d\System.Web.Routing.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\d1525e7fd8ba4234de86defa5b38e677\System.Web.DynamicData.Design.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\931f8d259c4bde5078375e82897db92f\System.Web.Abstractions.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5ab20ea5fd89e0e8ba9e93e297cea012\System.ServiceModel.ServiceMoniker40.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\974157f629303efea6fc23e6578901ba\Microsoft.Workflow.Compiler.ni.exe
    + 2012-02-24 03:31 . 2012-02-24 03:31 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
    - 2012-02-24 00:58 . 2012-02-24 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-08 17:38 . 2012-03-08 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-02-24 00:58 . 2012-02-24 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-08 17:38 . 2012-03-08 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-02-24 03:33 . 2012-02-24 03:33 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
    - 2012-02-17 01:49 . 2012-02-24 01:23 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-02-17 01:49 . 2012-03-08 21:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-03-08 21:34 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 02:36 . 2012-02-24 03:47 663260 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-02-24 03:47 122096 c:\windows\system32\perfc009.dat
    + 2012-02-24 03:47 . 2012-02-24 03:47 254900 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\FORMS\FRMDATA64.DAT
    + 2009-07-14 05:01 . 2012-03-08 07:08 496092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-02-24 00:57 496092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-02-24 03:39 . 2012-02-24 03:39 553984 c:\windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\ce782fd1260cae5ae699b71e0d812d83\XamlBuildTask.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 462336 c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\eac69863f449fe367f746d5f0a350679\WsatConfig.ni.exe
    + 2012-02-24 03:39 . 2012-02-24 03:39 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\cbbafa4beae62e36534fe49eb2018c0b\System.Windows.Forms.DataVisualization.Design.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\ebfbacf10670251b2db61f2cbca08af3\System.Web.RegularExpressions.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\ae212f98035c56e3afef587327872f59\System.Web.Entity.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\fc1fc26fb70875a7316ce94536e2bf57\System.Web.Entity.Design.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\4f6f5611091cf04590731745a34de340\System.Web.DynamicData.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\5a490156ae434d704b39404e9647f08f\System.Web.DataVisualization.Design.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 587776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\7bb3d57e54fb2ce288cfe4cacd43a893\System.ServiceModel.Activation.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\2da997f0d78859f06d72fcc61fc1a36f\System.Runtime.Remoting.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 311296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\c64bdda4c5b1008a50130456a416e688\System.Runtime.Caching.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 289792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\af04fce546a43c407b9ede1a77f272b6\System.Drawing.Design.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 662528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\18dc9d6390f0fbbd47581cb3ea6567c6\System.Data.Services.Design.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
    + 2012-02-24 03:36 . 2012-02-24 03:36 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 364544 c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\fe507be01e652c9d1577ed3c82bc0725\MSBuild.ni.exe
    + 2012-02-24 03:35 . 2012-02-24 03:35 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\480ae0610a44148c6532d3d134f9956f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\ef49e94c2b9e293e658979ba193686c7\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\f03be672b1993e4a2dee05f0c99cf27a\Microsoft.Build.Framework.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\3c87931e06af65974a92146167d898f3\ComSvcConfig.ni.exe
    + 2012-02-24 03:33 . 2012-02-24 03:33 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\fd0c917972edf6f2a05c090627030608\XamlBuildTask.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\5f644edb4fd9228b50499b597b20f8d6\WsatConfig.ni.exe
    + 2012-02-24 03:33 . 2012-02-24 03:33 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\01defe5a0bf7227f37645625367393ab\System.Windows.Forms.DataVisualization.Design.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\0613bd8bf52bb05610bc85ae9b950e9f\System.Web.RegularExpressions.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\6e30f0637c198b8ddac89379ae0cc3b4\System.Web.Extensions.Design.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\f2a8d54def527c06078b2ea3ca364e21\System.Web.Entity.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\66538729163731ccf2afebcfa705931a\System.Web.Entity.Design.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\934f6270b71946989b09dabf37692d9d\System.Web.DynamicData.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\e0738a758f95ad36a1ca4ea4fe014383\System.Web.DataVisualization.Design.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\eed602a6dac854f70fa1bb181b2179de\System.ServiceModel.Activation.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\a89c27bacba019eeed438f67b8544b78\System.Runtime.Caching.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f5333e6e06a2d476f93b0880c5e7fd14\System.Messaging.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\35a9933c9a009b623b4332a4e1daf245\System.Data.Services.Design.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
    + 2012-02-24 03:31 . 2012-02-24 03:31 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\265875f162e9c2ffefca67188cee8faa\MSBuild.ni.exe
    + 2012-02-24 03:31 . 2012-02-24 03:31 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cdd04b14b9dd6ced2e2572a044c3c57e\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\03c15533eddd91753b86895c6bfd59aa\Microsoft.Build.Framework.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\dda5a6b2ff35b701c4585b7845101391\Microsoft.Build.Conversion.v4.0.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\e9dee8646a22abf1626514f0f14fcdd9\ComSvcConfig.ni.exe
    + 2012-02-24 03:31 . 2012-02-24 03:31 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\cd00df3ad31231170f909bd387c2164e\AspNetMMCExt.ni.dll
    + 2009-07-14 04:54 . 2012-03-08 21:34 8241152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
     
  4. BynByn

    BynByn TS Rookie Topic Starter

    - 2011-11-25 18:15 . 2012-02-16 05:33 1188248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-11-25 18:15 . 2012-03-07 09:07 1188248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-02-24 03:35 . 2012-02-24 03:35 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 1601024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\7c63d28d59e41ae8e5bb5b8e50841e21\System.WorkflowServices.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 2887168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\e4b0b5a166ae5bcbf921d0ae8f461f33\System.Workflow.Runtime.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 5909504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\0d94daa82d426e57c7084542bf36d25c\System.Workflow.ComponentModel.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 3743744 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\ea6ba9a3cc1b2640d807ef23e02fef02\System.Workflow.Activities.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\97b05378b616e023221f9c6072239168\System.Web.Services.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 2964480 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\53ceacfb78d2a4a0497e5c06df4feec0\System.Web.Mobile.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 1100800 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\cdc1f95ddc4c4cf20630490b7a1ab044\System.Web.Extensions.Design.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\8562144b72380768c1489a7b1a584fc4\System.Web.Extensions.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 5599232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\f119a8e910ca7aee618c10112191db26\System.Web.DataVisualization.ni.dll
    + 2012-02-24 03:39 . 2012-02-24 03:39 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1506816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8b0750707e418bbea8a7eed272890585\System.ServiceModel.Web.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 2703360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\b5d6361ffc4e2ab8b2fa989e65267668\System.Data.Services.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\f1e8508072fb84206550bc497dc5b49c\System.Data.OracleClient.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 1750528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\463d0d0f836d6286345ae0e7a980d609\System.Data.Entity.Design.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 1891328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\2876e05f3ce0df4f38abe04c9bec2e8c\PresentationBuildTasks.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\54ab341a252461dbdcde4d460d17d85f\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 6004736 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\5417f88ad5b4444a5f1e744fcd8ac9cc\Microsoft.Build.ni.dll
    + 2012-02-24 03:37 . 2012-02-24 03:37 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\ff91cc20786f3ccd7f8efd9c32b969e7\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 2521088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\0220591dc78673b4efa66d7848de3f54\Microsoft.Build.Engine.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\ea41875cd4720b16a0a164e1d266c374\AspNetMMCExt.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\4dca8783493d21bc2cbbdd5ad65819a1\System.WorkflowServices.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\7a4b5fe58999d11fd532120d6f75f6da\System.Workflow.Runtime.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 4462080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\257e00af8ec6389753a9f66ef1711eea\System.Workflow.ComponentModel.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\bf2865f9411bf7887ec8377c5642d307\System.Workflow.Activities.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\cd802595d26f321d11da210aeedd35cc\System.Web.Mobile.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\4cefa390fdd82b25aab99c33cc49e3c0\System.Web.Extensions.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\b18af03d37654b9593c660d0ba6968c6\System.Web.DataVisualization.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\60ada6691ab37a75d25670eab4e32c5f\System.ServiceModel.Web.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 2025984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\546dc84f7a98dd07602ebe6dca6fda7f\System.Data.Services.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c8b5d26c88a0f00cfb079bf421298076\System.Data.OracleClient.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\f58605285e9bf14f17c39f28d5621628\System.Data.Entity.Design.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1479168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\f021e82fdaaf18ca99ff997f6552f947\PresentationBuildTasks.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c971d1782b4893d60666d91509ee0398\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 4248064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\faa09803e406df761fee15f3cb4390bb\Microsoft.Build.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\f54f6b0d404f8063e75770dd0f138827\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\4bfe4b4fa5d4fccdcbfc10ff609e6a28\Microsoft.Build.Engine.ni.dll
    + 2009-07-14 04:54 . 2012-03-08 21:34 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-12-01 03:00 . 2012-03-08 07:08 64645008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3122457720-1262136122-3862839106-1001-8192.dat
    + 2011-12-01 03:00 . 2012-03-08 07:08 31421468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3122457720-1262136122-3862839106-1001-12288.dat
    - 2011-12-01 03:00 . 2012-02-24 00:57 31421468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3122457720-1262136122-3862839106-1001-12288.dat
    + 2011-12-01 03:00 . 2012-03-08 07:08 36930260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2012-02-24 03:37 . 2012-02-24 03:37 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\2605cdaf34cca062227586a12c495d24\System.Web.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
    + 2012-02-24 03:36 . 2012-02-24 03:36 13300736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\a947e015cf07f17b4e06ef4b1120bf6f\System.Design.ni.dll
    + 2012-02-24 03:38 . 2012-02-24 03:38 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
    + 2012-02-24 03:34 . 2012-02-24 03:34 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
    + 2012-02-24 03:35 . 2012-02-24 03:35 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
    + 2012-02-24 03:31 . 2012-02-24 03:31 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\3c5ebc7acef28749f02bbc1f1c24f51f\System.Web.ni.dll
    + 2012-02-24 03:33 . 2012-02-24 03:33 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
    + 2012-02-24 03:32 . 2012-02-24 03:32 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
    c:\program files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-09 3417496]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    "UniKey"="c:\program files (x86)\Unikey\UniKeyNT.exe" [2009-11-02 316928]
    "Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
    "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-06-01 2801288]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
    R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-06-16 49152]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
    S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-08-26 260768]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-17 378472]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-06-01 552584]
    S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-12-05 84080]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-16 969352]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-10-30 54432]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-28 1245800]
     
  5. BynByn

    BynByn TS Rookie Topic Starter

    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122457720-1262136122-3862839106-1001Core.job
    - c:\users\Thuan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 21:05]
    .
    2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122457720-1262136122-3862839106-1001UA.job
    - c:\users\Thuan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 21:05]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 11895400]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-20 2226280]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com.vn/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Thuan\AppData\Roaming\Mozilla\Firefox\Profiles\uiufptyv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn/
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: general.useragent.extra.brc -
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3122457720-1262136122-3862839106-1001_Classes\Wow6432Node\CLSID\{2e59de2d-ba49-4f6d-b1b0-b37ec5dc53ce}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-3122457720-1262136122-3862839106-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):5d,43,cb,74,bc,3c,48,df,53,c0,9a,10,f4,64,ae,17,dc,e8,09,45,1e,
    c6,e1,f9,ad,d9,f6,aa,95,5c,e1,50,b0,ba,d9,17,0c,8c,65,aa,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-08 15:45:07
    ComboFix-quarantined-files.txt 2012-03-08 21:45
    ComboFix2.txt 2012-02-24 01:32
    .
    Pre-Run: 139,043,823,616 bytes free
    Post-Run: 138,993,586,176 bytes free
    .
    - - End Of File - - 0D9C50CFBA679B040EAD75356B2FF464
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, looking pretty good. When and why did you install OTL?

    For Eset scan:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm 
      C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm 
      
      :Commands
      [purity]
      [emptytemp]
      [clearjavacache]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    The 2 entries in Eset were for Trojan.Spy.Goldun.NEP. Both were from hautetalk_com in the Temporary Internet Files. It monitors Internet Explorer windows and steals user’s authentication for e-gold. This domain fails in Trustworthiness and other Site Advisories. If this is a book mark or Favorite, I suggest that you delete it.
    =====================================
    Are you running anything that requires this: Internet Settings,ProxyServer = http=;ftp=;https=;
    Did you specifically set this? If you did not, or don't know what it is, then please do the following:
    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click> "Connections" tab> click the "Lan Settings"
      o Uncheck "Use a Proxy server for your LAN".
      o Click Ok to close the Local Area Network (LAN) Settings window.
      o Click Ok to close the Internet Options window.
    ====================================
    Since you have SuperantiSpyware on the system, please update and run a scan. I suspect we will need to reset the Cookies.
    Be sure to check the line in SAS from the entries found to be removed
    ======================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ------------------------------------

    Are you still being redirected?
     
  7. BynByn

    BynByn TS Rookie Topic Starter

    I installed OTL a couple of days ago when I found a virus/trojan infected case like mine and I just follow those steps, but then I read the rule and stuff in this forum that said I shouldn't have done it.
    Next,I finished the OTMovit step. My computer then restarted because 2 files were not found or something like that.
    Then I reset firefox cookies as you showed.
    After that, I used antimalware to do a full scan. While it was scanning, I went to firefox -> google.com -> searched for harry potter -> still redirected to another website. Right after that, avira warned for 2 kinda infected files. I removed them and then there was an error with the antiwalware program (which I doubted it conficted with Avira). Then my computer automatically rebooted and it was dead. I turned on and off many times but it couldn't open the windows. It just showed the text Vaio and then a whole black screen.
    I don't know what to do now. Please help me! I don't mind losing all my important stuffs, just need to save the laptop because I use it everyday. I'm sorry for this and thank you so very much for your help!
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Fortunately, OTL doesn't delete any entries. But if I see bad entries, in the log, I write script for you to run through OTL. But the problem with running anything but simple basic scans, is that you don't know what to do with the results.

    For OTM "2 files were not found or something like that.\" this is normal. The entry may have been removed by another scan between the time I saw it and the time you ran OTM

    About this:
    1.First of all, we try to make it clear that you should not run any other cleaning or scanning programs while we are helping you.
    2. Second, no matter which of the scans you're running, you shouldn't be doing anything else at the same time.
    3. Third, your antivirus gave you a warning>> but I don't know what a "kinda infected file" is. It either is or it isn't- it can't be "kinda." Additionally, you should not have been deleting files I didn't instruct you to. The "kinda" could have been a False Positive and you may have delete necessary files.

    So you were running an antimalware full scan,checking you search function and Avira was finding something to warn you about. Please don't do any of these things again while I'm helping you.
    =======================================
    Boot into Safe Mode with Networking:
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

    You are going to try to do a System Restore back to this restore point:
    ComboFix 12-03-08.04 - Thuan 03/08/2012 15:36:45.2.8 - x64
    * Created a new restore point
    ------------------------------
    How to Do a System Restore in Windows 7

    • Be sure there are no active Windows.
    • Open the Start Menu.
    • Right click on the Computer button and click on Properties.
    • Click on the System Protection link.
      [​IMG]
    • Close the System window.
    • Click on the System Restore button
    • Select (click on) Thuan 03/08/2012 15:36:45
      [​IMG]
    • Click on Next
    • Let the restore run. the system will reboot on it's own when finished.

    Please do not do anything else. Let me know if you were able to complete the restore and access the system afterward.

    If the restore is successful, we will have to redo everything we did after that time and date. In this mode, the security programs don't run. And since this is done withing the system itself, before you start, click on File> Work Offline. When the system restore has finished and rebooted, you may get a message about working offline> "do you want to go online?"> Click on Yes.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...