Inactive Redirect from Google to Askthecrew

[BynByn]

Whenever i use google search, it always redirects to Askthecrew. Plus, my computer has been running very slow. Sometimes blue screen appears or my laptop shut down suddenly. I need your help! Thank you in advance.

__________________________
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thuan :: THUAN-VAIO [administrator]

3/7/2012 9:31:24 PM
mbam-log-2012-03-07 (21-31-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190728
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5372 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
_________________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-07 22:13:31
Windows 6.1.7601 Service Pack 1
Running: rxlne9z8.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819e2048f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819e2048f (not active ControlSet)

---- EOF - GMER 1.0.15 ----
_________________________________
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Thuan at 22:15:52 on 2012-03-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2101 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Unikey\UniKeyNT.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Thuan\Desktop\rxlne9z8.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102874&gct=hp
uInternet Settings,ProxyServer = http=;ftp=;https=;
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [UniKey] C:\Program Files (x86)\Unikey\UniKeyNT.exe
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{825CFFF4-F5F7-4126-B18C-52A5AD44ECF4} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO-X64: IEPlugin - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thuan\AppData\Roaming\Mozilla\Firefox\Profiles\uiufptyv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Thuan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-18 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-18 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-25 13336]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-6-16 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsnxc64.sys --> C:\Windows\system32\DRIVERS\risdsnxc64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-8-26 260768]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-16 378472]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-23 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-25 2656536]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-11-25 552584]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-12-5 84080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-11-25 969352]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-10-29 54432]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1245800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-08 03:39:23 20480 ----a-w- C:\Windows\svchost.exe
2012-03-08 03:30:54 -------- d-----w- C:\Users\Thuan\AppData\Roaming\Malwarebytes
2012-03-08 03:30:42 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-08 03:30:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-08 03:30:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-06 19:44:15 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66C46AF6-14BA-4F75-A932-CEE8E5BE56D1}\mpengine.dll
2012-02-24 01:43:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-24 01:43:02 -------- d-----w- C:\_OTL
2012-02-24 01:23:19 98816 ----a-w- C:\Windows\sed.exe
2012-02-24 01:23:19 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-24 01:23:19 256000 ----a-w- C:\Windows\PEV.exe
2012-02-24 01:23:19 208896 ----a-w- C:\Windows\MBR.exe
2012-02-18 10:00:20 -------- d-----w- C:\Users\Thuan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-18 10:00:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-18 10:00:17 -------- d-----w- C:\ProgramData\!SASCORE
2012-02-18 09:45:19 -------- d-----w- C:\Users\Thuan\AppData\Roaming\Avira
2012-02-18 09:44:51 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-02-18 09:44:51 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-02-18 09:44:51 -------- d-----w- C:\ProgramData\Avira
2012-02-18 09:44:51 -------- d-----w- C:\Program Files (x86)\Avira
2012-02-17 01:53:08 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-17 01:53:08 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-17 01:53:04 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-17 01:53:04 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-17 01:53:03 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-17 01:53:00 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-17 01:52:53 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-17 01:52:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-18 09:07:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:16:25.93 ===============

___________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/30/2011 7:18:22 PM
System Uptime: 3/7/2012 9:46:33 PM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz | N/A | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 184 GiB total, 129.759 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 199.893 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 200 GiB total, 81.617 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP37: 2/23/2012 7:39:23 PM - OTL Restore Point - 2/23/2012 7:39:23 PM
RP38: 2/28/2012 8:19:21 PM - Windows Update
RP39: 3/6/2012 1:43:53 PM - Windows Update
.
==== Installed Programs ======================
.
.
ACID Music Studio 8.0
Adobe AIR
Adobe Community Help
Adobe Illustrator CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X MUI
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Atheros WiFi Driver Installation
Avira Free Antivirus
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
DAEMON Tools Pro
Dolby Home Theater v4
Evernote v. 4.4
Galerie de photos Windows Live
Google Chrome
HP Deskjet 1050 J410 series Help
HP Photo Creations
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 26
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 8.0.0 (Standard)
Keyboard Shortcuts
Lyrics Plugin for Windows Media Player
Malwarebytes Anti-Malware version 1.60.1.1000
Media Go
Mesh Runtime
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA 3D Vision Video Player
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oasis2Service
OOBE
PlayStation(R)Network Downloader
PlayStation(R)Store
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Quick Web Access
Realtek High Definition Audio Driver
Remote Keyboard
Remote Play with PlayStation 3
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.5
Sound Forge Audio Studio 10.0
SSLx86
Super Hide IP
TeamViewer 7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
V3DPX86
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO 3D Portal
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Gate
VAIO Gate Default
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
Vegas Movie Studio HD Platinum 10.0
VHD
VIP Access
Visual Studio 2008 x64 Redistributables
VIx86
VSNx86
VWSTx86
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/6/2012 1:43:52 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.
3/6/2012 1:13:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035cfa9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030612-27300-01.
3/3/2012 5:49:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
3/3/2012 5:49:22 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/2/2012 6:39:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TINANGUYEN-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{825CFFF4-F5F7-4126-B18C-52A5AD44ECF4}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! I see one cause of the problem:

It looks like you updated Java, but you did not remove the pre-checked Ask.com So it has now made itself your homepage. I don't know if 'askthecrew' is related, but my guess would be it is.

Please go to any site you'd like for a homepage (you can change it later) Once there, click on Tools in the browser> choose Internet Options in IE or Options in Firefox> the first tab open and asks if you want 'this for home page' or 'use this for homepage'> Click on Yes> Apply? OK.

Go to Programs and uninstall any Ask entries. Then use Windows explorer to access Computer> Local Drive> Programs and do a right click> Delete on the Ask folder.

There may be some remaining entries-I will remove those after Combofix
========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=========================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[BynByn]

Thank you for your detail assistance. I changed my homepage. It doesn't just redirect to askthecrew but other websites too. I mean I use Google.com to search and it give me results as usual, but when I click on any of those links, it redirects to other websites. It's strange that there's nothing wrong when I use google from other countries like google.com.ru or google.com.hk, only google.com doesn't work. Additionally, my Avira finds trojan or virus every day and I remove them, but it doesn't seem effective at all.
I did all directions you gave me, and here are the logs:

ESET scan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm JS/Agent.NEP trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm JS/Agent.NEP trojan

ComboFix 12-03-08.04 - Thuan 03/08/2012 15:36:45.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2570 [GMT -6:00]
Running from: c:\users\Thuan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 21:42 . 2012-03-08 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 19:16 . 2012-03-08 19:16 -------- d-----w- c:\program files (x86)\ESET
2012-03-08 03:30 . 2012-03-08 03:30 -------- d-----w- c:\users\Thuan\AppData\Roaming\Malwarebytes
2012-03-08 03:30 . 2012-03-08 03:30 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 03:30 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 03:30 . 2012-03-08 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 19:44 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66C46AF6-14BA-4F75-A932-CEE8E5BE56D1}\mpengine.dll
2012-02-24 01:43 . 2012-02-24 01:43 -------- d-----w- C:\_OTL
2012-02-18 10:00 . 2012-02-18 10:00 -------- d-----w- c:\users\Thuan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-18 10:00 . 2012-02-18 10:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-18 10:00 . 2012-02-18 10:00 -------- d-----w- c:\programdata\!SASCORE
2012-02-18 09:45 . 2012-02-18 09:45 -------- d-----w- c:\users\Thuan\AppData\Roaming\Avira
2012-02-18 09:44 . 2012-02-20 02:23 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-18 09:44 . 2012-02-18 09:44 -------- d-----w- c:\programdata\Avira
2012-02-18 09:44 . 2012-02-18 09:44 -------- d-----w- c:\program files (x86)\Avira
2012-02-18 09:44 . 2011-09-16 05:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-18 09:44 . 2011-09-16 05:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-18 08:59 . 2012-02-18 08:59 -------- d-----w- c:\programdata\McAfee
2012-02-18 08:59 . 2012-02-18 08:59 -------- d-----w- c:\windows\system32\Macromed
2012-02-17 01:53 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 01:53 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 01:53 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 01:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 01:53 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 01:53 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 01:52 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 01:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 09:07 . 2011-11-25 17:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_01.29.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-28 03:37 . 2012-02-28 03:32 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022720120228\index.dat
+ 2012-02-28 03:37 . 2012-02-28 03:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022020120227\index.dat
+ 2012-02-17 02:04 . 2012-03-08 20:55 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-03-08 17:40 58226 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-08 17:40 37708 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-01 03:04 . 2012-03-08 17:40 10436 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3122457720-1262136122-3862839106-1001_UserData.bin
+ 2011-11-25 16:33 . 2012-03-08 17:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-25 16:33 . 2012-02-24 01:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-25 16:33 . 2012-03-08 17:42 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-25 16:33 . 2012-02-24 01:04 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-24 01:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 17:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-16 19:33 . 2012-02-24 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-16 19:33 . 2012-03-08 17:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-03-03 00:06 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-02-16 19:33 . 2012-02-24 00:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 19:33 . 2012-03-08 17:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 19:33 . 2012-03-08 17:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-16 19:33 . 2012-02-24 00:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-02-16 19:33 . 2012-03-08 17:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-02-16 19:33 . 2012-02-24 00:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-02-16 19:33 . 2012-03-08 17:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-16 19:33 . 2012-02-24 00:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 19:33 . 2012-03-08 17:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-16 19:33 . 2012-02-24 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-24 03:39 . 2012-02-24 03:39 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 70656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\d4c98757d64684477081d5f200e875c1\System.Xaml.Hosting.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Routing\8295dbd8d0d3dbbfac33aa7dc15c8d29\System.Web.Routing.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\2b458d13f6e3900827854507ba765d2e\System.Web.DynamicData.Design.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Abstract#\46c50dbb9de3e13078242f8b3b32e4fe\System.Web.Abstractions.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 13824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\f0042f79d36bedda0e99e2892bb02fe7\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 47616 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\64fd2fd1812f2536afaec66752707952\Microsoft.Workflow.Compiler.ni.exe
+ 2012-02-24 03:35 . 2012-02-24 03:35 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-02-24 03:34 . 2012-02-24 03:34 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\31c9ef760d04c92e17106dae1a9091f4\System.Xaml.Hosting.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\205067fe0e5c75891b489719b799c79d\System.Web.Routing.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\d1525e7fd8ba4234de86defa5b38e677\System.Web.DynamicData.Design.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\931f8d259c4bde5078375e82897db92f\System.Web.Abstractions.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5ab20ea5fd89e0e8ba9e93e297cea012\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\974157f629303efea6fc23e6578901ba\Microsoft.Workflow.Compiler.ni.exe
+ 2012-02-24 03:31 . 2012-02-24 03:31 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
- 2012-02-24 00:58 . 2012-02-24 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-08 17:38 . 2012-03-08 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 00:58 . 2012-02-24 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-08 17:38 . 2012-03-08 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-24 03:33 . 2012-02-24 03:33 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
- 2012-02-17 01:49 . 2012-02-24 01:23 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-17 01:49 . 2012-03-08 21:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-03-08 21:34 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-02-24 03:47 663260 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-24 03:47 122096 c:\windows\system32\perfc009.dat
+ 2012-02-24 03:47 . 2012-02-24 03:47 254900 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\FORMS\FRMDATA64.DAT
+ 2009-07-14 05:01 . 2012-03-08 07:08 496092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-24 00:57 496092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-24 03:39 . 2012-02-24 03:39 553984 c:\windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\ce782fd1260cae5ae699b71e0d812d83\XamlBuildTask.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 462336 c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\eac69863f449fe367f746d5f0a350679\WsatConfig.ni.exe
+ 2012-02-24 03:39 . 2012-02-24 03:39 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\cbbafa4beae62e36534fe49eb2018c0b\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\ebfbacf10670251b2db61f2cbca08af3\System.Web.RegularExpressions.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\ae212f98035c56e3afef587327872f59\System.Web.Entity.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\fc1fc26fb70875a7316ce94536e2bf57\System.Web.Entity.Design.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\4f6f5611091cf04590731745a34de340\System.Web.DynamicData.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\5a490156ae434d704b39404e9647f08f\System.Web.DataVisualization.Design.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 587776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\7bb3d57e54fb2ce288cfe4cacd43a893\System.ServiceModel.Activation.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\2da997f0d78859f06d72fcc61fc1a36f\System.Runtime.Remoting.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 311296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\c64bdda4c5b1008a50130456a416e688\System.Runtime.Caching.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 289792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\af04fce546a43c407b9ede1a77f272b6\System.Drawing.Design.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 662528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\18dc9d6390f0fbbd47581cb3ea6567c6\System.Data.Services.Design.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-02-24 03:36 . 2012-02-24 03:36 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 364544 c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\fe507be01e652c9d1577ed3c82bc0725\MSBuild.ni.exe
+ 2012-02-24 03:35 . 2012-02-24 03:35 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\480ae0610a44148c6532d3d134f9956f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\ef49e94c2b9e293e658979ba193686c7\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\f03be672b1993e4a2dee05f0c99cf27a\Microsoft.Build.Framework.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\3c87931e06af65974a92146167d898f3\ComSvcConfig.ni.exe
+ 2012-02-24 03:33 . 2012-02-24 03:33 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\fd0c917972edf6f2a05c090627030608\XamlBuildTask.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\5f644edb4fd9228b50499b597b20f8d6\WsatConfig.ni.exe
+ 2012-02-24 03:33 . 2012-02-24 03:33 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\01defe5a0bf7227f37645625367393ab\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\0613bd8bf52bb05610bc85ae9b950e9f\System.Web.RegularExpressions.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\6e30f0637c198b8ddac89379ae0cc3b4\System.Web.Extensions.Design.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\f2a8d54def527c06078b2ea3ca364e21\System.Web.Entity.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\66538729163731ccf2afebcfa705931a\System.Web.Entity.Design.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\934f6270b71946989b09dabf37692d9d\System.Web.DynamicData.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\e0738a758f95ad36a1ca4ea4fe014383\System.Web.DataVisualization.Design.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\eed602a6dac854f70fa1bb181b2179de\System.ServiceModel.Activation.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\a89c27bacba019eeed438f67b8544b78\System.Runtime.Caching.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f5333e6e06a2d476f93b0880c5e7fd14\System.Messaging.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\35a9933c9a009b623b4332a4e1daf245\System.Data.Services.Design.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
+ 2012-02-24 03:31 . 2012-02-24 03:31 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\265875f162e9c2ffefca67188cee8faa\MSBuild.ni.exe
+ 2012-02-24 03:31 . 2012-02-24 03:31 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cdd04b14b9dd6ced2e2572a044c3c57e\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\03c15533eddd91753b86895c6bfd59aa\Microsoft.Build.Framework.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\dda5a6b2ff35b701c4585b7845101391\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\e9dee8646a22abf1626514f0f14fcdd9\ComSvcConfig.ni.exe
+ 2012-02-24 03:31 . 2012-02-24 03:31 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\cd00df3ad31231170f909bd387c2164e\AspNetMMCExt.ni.dll
+ 2009-07-14 04:54 . 2012-03-08 21:34 8241152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

 

[BynByn]

- 2011-11-25 18:15 . 2012-02-16 05:33 1188248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-25 18:15 . 2012-03-07 09:07 1188248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-24 03:35 . 2012-02-24 03:35 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 1601024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\7c63d28d59e41ae8e5bb5b8e50841e21\System.WorkflowServices.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 2887168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\e4b0b5a166ae5bcbf921d0ae8f461f33\System.Workflow.Runtime.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 5909504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\0d94daa82d426e57c7084542bf36d25c\System.Workflow.ComponentModel.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 3743744 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\ea6ba9a3cc1b2640d807ef23e02fef02\System.Workflow.Activities.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\97b05378b616e023221f9c6072239168\System.Web.Services.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 2964480 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\53ceacfb78d2a4a0497e5c06df4feec0\System.Web.Mobile.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 1100800 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\cdc1f95ddc4c4cf20630490b7a1ab044\System.Web.Extensions.Design.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\8562144b72380768c1489a7b1a584fc4\System.Web.Extensions.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 5599232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\f119a8e910ca7aee618c10112191db26\System.Web.DataVisualization.ni.dll
+ 2012-02-24 03:39 . 2012-02-24 03:39 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1506816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8b0750707e418bbea8a7eed272890585\System.ServiceModel.Web.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 2703360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\b5d6361ffc4e2ab8b2fa989e65267668\System.Data.Services.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\f1e8508072fb84206550bc497dc5b49c\System.Data.OracleClient.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 1750528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\463d0d0f836d6286345ae0e7a980d609\System.Data.Entity.Design.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 1891328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\2876e05f3ce0df4f38abe04c9bec2e8c\PresentationBuildTasks.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\54ab341a252461dbdcde4d460d17d85f\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 6004736 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\5417f88ad5b4444a5f1e744fcd8ac9cc\Microsoft.Build.ni.dll
+ 2012-02-24 03:37 . 2012-02-24 03:37 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\ff91cc20786f3ccd7f8efd9c32b969e7\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 2521088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\0220591dc78673b4efa66d7848de3f54\Microsoft.Build.Engine.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\ea41875cd4720b16a0a164e1d266c374\AspNetMMCExt.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\4dca8783493d21bc2cbbdd5ad65819a1\System.WorkflowServices.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\7a4b5fe58999d11fd532120d6f75f6da\System.Workflow.Runtime.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 4462080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\257e00af8ec6389753a9f66ef1711eea\System.Workflow.ComponentModel.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\bf2865f9411bf7887ec8377c5642d307\System.Workflow.Activities.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\cd802595d26f321d11da210aeedd35cc\System.Web.Mobile.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\4cefa390fdd82b25aab99c33cc49e3c0\System.Web.Extensions.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\b18af03d37654b9593c660d0ba6968c6\System.Web.DataVisualization.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\60ada6691ab37a75d25670eab4e32c5f\System.ServiceModel.Web.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 2025984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\546dc84f7a98dd07602ebe6dca6fda7f\System.Data.Services.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c8b5d26c88a0f00cfb079bf421298076\System.Data.OracleClient.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\f58605285e9bf14f17c39f28d5621628\System.Data.Entity.Design.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1479168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\f021e82fdaaf18ca99ff997f6552f947\PresentationBuildTasks.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c971d1782b4893d60666d91509ee0398\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 4248064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\faa09803e406df761fee15f3cb4390bb\Microsoft.Build.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\f54f6b0d404f8063e75770dd0f138827\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\4bfe4b4fa5d4fccdcbfc10ff609e6a28\Microsoft.Build.Engine.ni.dll
+ 2009-07-14 04:54 . 2012-03-08 21:34 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-01 03:00 . 2012-03-08 07:08 64645008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3122457720-1262136122-3862839106-1001-8192.dat
+ 2011-12-01 03:00 . 2012-03-08 07:08 31421468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3122457720-1262136122-3862839106-1001-12288.dat
- 2011-12-01 03:00 . 2012-02-24 00:57 31421468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3122457720-1262136122-3862839106-1001-12288.dat
+ 2011-12-01 03:00 . 2012-03-08 07:08 36930260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-02-24 03:37 . 2012-02-24 03:37 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\2605cdaf34cca062227586a12c495d24\System.Web.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-02-24 03:36 . 2012-02-24 03:36 13300736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\a947e015cf07f17b4e06ef4b1120bf6f\System.Design.ni.dll
+ 2012-02-24 03:38 . 2012-02-24 03:38 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-02-24 03:34 . 2012-02-24 03:34 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-02-24 03:35 . 2012-02-24 03:35 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
+ 2012-02-24 03:31 . 2012-02-24 03:31 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\3c5ebc7acef28749f02bbc1f1c24f51f\System.Web.ni.dll
+ 2012-02-24 03:33 . 2012-02-24 03:33 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
+ 2012-02-24 03:32 . 2012-02-24 03:32 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
c:\program files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-09 3417496]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"UniKey"="c:\program files (x86)\Unikey\UniKeyNT.exe" [2009-11-02 316928]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-06-01 2801288]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-06-16 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-08-26 260768]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-17 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-06-01 552584]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-12-05 84080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-16 969352]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-10-30 54432]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-28 1245800]

 

[BynByn]

.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122457720-1262136122-3862839106-1001Core.job
- c:\users\Thuan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 21:05]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122457720-1262136122-3862839106-1001UA.job
- c:\users\Thuan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 21:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 11895400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-20 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com.vn/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Thuan\AppData\Roaming\Mozilla\Firefox\Profiles\uiufptyv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.vn/
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3122457720-1262136122-3862839106-1001_Classes\Wow6432Node\CLSID\{2e59de2d-ba49-4f6d-b1b0-b37ec5dc53ce}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3122457720-1262136122-3862839106-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5d,43,cb,74,bc,3c,48,df,53,c0,9a,10,f4,64,ae,17,dc,e8,09,45,1e,
c6,e1,f9,ad,d9,f6,aa,95,5c,e1,50,b0,ba,d9,17,0c,8c,65,aa,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-08 15:45:07
ComboFix-quarantined-files.txt 2012-03-08 21:45
ComboFix2.txt 2012-02-24 01:32
.
Pre-Run: 139,043,823,616 bytes free
Post-Run: 138,993,586,176 bytes free
.
- - End Of File - - 0D9C50CFBA679B040EAD75356B2FF464

 

[Bobbye]

Okay, looking pretty good. When and why did you install OTL?

For Eset scan:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm 
  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\OO01QWHF\hautetalk_com[1].htm 
  
  :Commands
  [purity]
  [emptytemp]
  [clearjavacache]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================================
The 2 entries in Eset were for Trojan.Spy.Goldun.NEP. Both were from hautetalk_com in the Temporary Internet Files. It monitors Internet Explorer windows and steals user’s authentication for e-gold. This domain fails in Trustworthiness and other Site Advisories. If this is a book mark or Favorite, I suggest that you delete it.
=====================================
Are you running anything that requires this: Internet Settings,ProxyServer = http=;ftp=;https=;
Did you specifically set this? If you did not, or don't know what it is, then please do the following:
Reset your browser proxies

• For Firefox:
  o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
  o Click on the "Network" tab, and then on the "Settings" button.
  o Please make sure that the "No Proxy" option is selected.
• For Internet Explorer:
  o Open Internet Explorer.
  o Click on "Tools" and then select "Internet Options".
  o Click> "Connections" tab> click the "Lan Settings"
  o Uncheck "Use a Proxy server for your LAN".
  o Click Ok to close the Local Area Network (LAN) Settings window.
  o Click Ok to close the Internet Options window.

====================================
Since you have SuperantiSpyware on the system, please update and run a scan. I suspect we will need to reset the Cookies.
Be sure to check the line in SAS from the entries found to be removed
======================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
------------------------------------

Are you still being redirected?

 

[BynByn]

I installed OTL a couple of days ago when I found a virus/trojan infected case like mine and I just follow those steps, but then I read the rule and stuff in this forum that said I shouldn't have done it.
Next,I finished the OTMovit step. My computer then restarted because 2 files were not found or something like that.
Then I reset firefox cookies as you showed.
After that, I used antimalware to do a full scan. While it was scanning, I went to firefox -> google.com -> searched for harry potter -> still redirected to another website. Right after that, avira warned for 2 kinda infected files. I removed them and then there was an error with the antiwalware program (which I doubted it conficted with Avira). Then my computer automatically rebooted and it was dead. I turned on and off many times but it couldn't open the windows. It just showed the text Vaio and then a whole black screen.
I don't know what to do now. Please help me! I don't mind losing all my important stuffs, just need to save the laptop because I use it everyday. I'm sorry for this and thank you so very much for your help!

 

[Bobbye]

Fortunately, OTL doesn't delete any entries. But if I see bad entries, in the log, I write script for you to run through OTL. But the problem with running anything but simple basic scans, is that you don't know what to do with the results.

For OTM "2 files were not found or something like that.\" this is normal. The entry may have been removed by another scan between the time I saw it and the time you ran OTM

About this:

I used antimalware to do a full scan. While it was scanning, I went to firefox -> google.com -> searched for harry potter -> still redirected to another website. Right after that, avira warned for 2 kinda infected files. I removed them and then there was an error with the antiwalware program (which I doubted it conficted with Avira)

1.First of all, we try to make it clear that you should not run any other cleaning or scanning programs while we are helping you.
2. Second, no matter which of the scans you're running, you shouldn't be doing anything else at the same time.
3. Third, your antivirus gave you a warning>> but I don't know what a "kinda infected file" is. It either is or it isn't- it can't be "kinda." Additionally, you should not have been deleting files I didn't instruct you to. The "kinda" could have been a False Positive and you may have delete necessary files.

So you were running an antimalware full scan,checking you search function and Avira was finding something to warn you about. Please don't do any of these things again while I'm helping you.
=======================================
Boot into Safe Mode with Networking:

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

You are going to try to do a System Restore back to this restore point:
ComboFix 12-03-08.04 - Thuan 03/08/2012 15:36:45.2.8 - x64
* Created a new restore point
------------------------------
How to Do a System Restore in Windows 7

• 
  Be sure there are no active Windows.
• Open the Start Menu.
• Right click on the Computer button and click on Properties.
• Click on the System Protection link.
  
  
• Close the System window.
• Click on the System Restore button
• Select (click on) Thuan 03/08/2012 15:36:45
  
  
• Click on Next
• Let the restore run. the system will reboot on it's own when finished.

Please do not do anything else. Let me know if you were able to complete the restore and access the system afterward.

If the restore is successful, we will have to redo everything we did after that time and date. In this mode, the security programs don't run. And since this is done withing the system itself, before you start, click on File> Work Offline. When the system restore has finished and rebooted, you may get a message about working offline> "do you want to go online?"> Click on Yes.