•Report
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yen Phuong Ha Thi\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 40,74% Memory free
8,20 Gb Paging File | 5,25 Gb Available in Paging File | 64,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,74 Gb Total Space | 248,62 Gb Free Space | 54,79% Space Free | Partition Type: NTFS
Drive D: | 12,02 Gb Total Space | 1,93 Gb Free Space | 16,03% Space Free | Partition Type: NTFS
Drive E: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: LAPTOP | User Name: Yen Phuong Ha Thi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Meitu\KanKan\KanKan\KanKan.exe" = C:\Program Files (x86)\Meitu\KanKan\KanKan\KanKan.exe:*:Enabled:KanKan -- ()
"C:\Program Files (x86)\Meitu\KanKan\KanKan\KanKan.exe" = C:\Program Files (x86)\Meitu\KanKan\KanKan\KanKan.exe:*:Enabled:KanKan -- ()
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{186E4634-D56B-41B9-96D5-4A62EC7D0A21}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23C89683-7D6F-4A19-B3A0-A061899005CC}" = lport=13107 | protocol=17 | dir=in | name=print server utility |
"{56F18AE8-1F12-4993-BB27-6AE2787646B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92B2C4A2-3D3A-44CC-8BB2-5E62020A377E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{98434BF1-7017-4916-8EB3-28C079922813}" = lport=13621 | protocol=17 | dir=in | name=print server utility |
"{AFAD141C-0FA2-4ACA-B5D1-F8211D3F9785}" = lport=69 | protocol=17 | dir=in | name=print server utility tftp |
"{B975AD04-6444-44AA-A381-9E6D210C861C}" = lport=13364 | protocol=17 | dir=in | name=print server utility |
"{E40D30FB-76EC-4EF4-BBA7-AE74FD115C5A}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{FD5DF2F5-A505-41FF-92F0-D2DC0E833F98}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061208CC-8AE9-47B7-8928-4682D4BBF31C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{088762F6-66C7-4635-B843-BBFF9FF96AC1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{0B2066B9-87F7-4609-8822-DABBDCAB7C3D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{104A0E17-16B7-4F5F-A72A-8BE42D270C73}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{11641635-3820-4CFB-AC59-338B23F92933}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1EF7C122-A5AE-4D3F-9AAB-D694B59A38DA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{20109AB9-DC2F-49A0-B160-521AD2C6EB7F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{22C3F3C8-6165-4871-97C5-2F78A709569B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3BBEED39-196A-4E3D-8F51-6A9A06350EC4}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{46345F22-0B39-475D-8525-40B126D60690}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{50BF7712-D642-4F0D-A566-A08CCB063CEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{5FEA9911-3838-491D-8332-832EE625AEC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{626F1711-20F6-4CE6-B6D3-EF1A577383DA}" = protocol=6 | dir=in | app=c:\users\yen phuong ha thi\appdata\local\akamai\netsession_win.exe |
"{67BC9CC7-1312-4BE4-8069-4650B81CCD8F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6D438065-54E8-4B15-941D-3A5119DB59EC}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{6E54B114-7489-468E-93F7-37EFE086F4D3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{7135158F-DEC4-4DA1-9C3A-DCC549287629}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{7CCFB77A-FDC5-4211-A4AB-199052FF38C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{86EC93B6-D6E5-47B5-BAC9-7ABA0818A647}" = protocol=17 | dir=in | app=c:\users\yen phuong ha thi\appdata\local\akamai\netsession_win.exe |
"{87DC8231-3D73-4032-9200-F992C928C93C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8CE64A9C-D01B-4F4F-A064-999B60415B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{95FC8C5E-9891-4EDB-A3B0-8F84B7B61BAB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A12F518D-052E-446D-8B3C-E0C20B66DF69}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{A12F90D5-075E-45A5-9E7A-940871557768}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B2D4EF47-2F3F-4FC3-B3B1-D0974DC368BA}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{B7E020EE-C1DF-4214-A195-E4CFBBDFFAA8}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{BBA9D600-10E3-4D3E-867D-29B9A17F571C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{C2ED6077-6545-4D1E-BA72-319B570754AE}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C31C9ABD-BC0D-4E1F-8461-4CB5D7D78599}" = protocol=6 | dir=in | app=c:\users\yen phuong ha thi\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDCFBEC0-4F98-4A9B-A209-99BCDD4643BE}" = protocol=17 | dir=in | app=c:\users\yen phuong ha thi\appdata\roaming\dropbox\bin\dropbox.exe |
"{D0F52FA7-1A57-4FFB-A847-A996932701D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{D18BDD3A-2E25-4F3F-8C7D-A1357704C541}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{E02F8D9B-03A2-41DF-B973-18C7899CFD7B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{F2C34D80-5EC2-41BB-B661-2A65678AD9AB}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F4AD3951-C336-48C1-8F4B-0FF851FBA8A1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"TCP Query User{16CA098F-A1CE-4EB3-8134-9039233949CB}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{30303C7C-9C9E-4FD6-A505-579F362F98EA}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{4816B419-5689-49A2-AB7C-97BBC4216B62}C:\users\yen phuong ha thi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\yen phuong ha thi\appdata\local\akamai\netsession_win.exe |
"TCP Query User{BB98F29F-3B69-4E13-A8DA-323D321A0E8C}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{EEDF234E-1D49-4C70-8EA7-DAEBB5107224}C:\users\yen phuong ha thi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\yen phuong ha thi\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{339DE7FE-EDCD-42A1-8E4A-76BC373396FF}C:\users\yen phuong ha thi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\yen phuong ha thi\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{43B32123-DCA1-4CD6-8279-9E9419C2413E}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{844C21E4-E823-44C8-ABB7-913F05DF7276}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{AE5B433B-1145-4506-8D6C-A703E90620A9}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{D10052B2-ED84-4B08-A44D-FFF159AAA963}C:\users\yen phuong ha thi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\yen phuong ha thi\appdata\local\akamai\netsession_win.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection
"{3975CE71-3544-9FBA-56E5-2E9709E348C5}" = ATI Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E5BEF96-0293-442B-B344-62902D302522}" = RawPacketDriver
"{7F67AF0E-DF48-0198-E0F3-F1C9F7A6FC22}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 Beta 1 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E3B5E0F-E215-11D6-9C3F-0001020C4C03}" = Lexware faktura+auftrag V 7.00
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37D4AB78-5281-44EE-91D8-B65CFE509851}" = Unified Remote
"{38697498-F4AA-4A8A-81F6-C09446AD020D}" = PrintServer Utilities
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B674F947-56D6-4793-B465-7D7C87E04D0C}" = ImageMixer 3 SE Ver.5 Video Tools
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C6FAC202-3B06-4815-ABCB-9398B0CB014C}" = Wissens-Center 980
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{DFE492C4-A9F5-413E-A2CC-6F5F3ACC229F}" = ImageMixer 3 SE Ver.5 Transfer Utility
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F887B4C1-F448-4195-AFB7-28A774D2171D}" = Wissens-Center
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FA82D553-7A07-43A4-98E8-14C62402A4F2}" = Autodesk SketchBook Copic Edition
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8-R_-8-0-II" = LoudMo Contextual Ad Assistant
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alaplaya Launcher_is1" = Alaplaya Launcher
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD v.2.2.6
"Audacity_is1" = Audacity 2.0.2
"Avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MyCamera" = Canon Utilities MyCamera
"MyFreeCodec" = MyFreeCodec
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PhotoScape" = PhotoScape
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Screen Recorder 1" = Screen Recorder 1
"Visitenkarten zum Sofortdruck" = Visitenkarten zum Sofortdruck
"VLC media player" = VLC media player 2.0.2
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"XSManager" = XSManager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"美图秀秀" = 美图秀秀 2.7.1 安全版
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ÃÀͼ¿´¿´" = ÃÀͼ¿´¿´ 1.3.5
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 12.06.2014 11:29:34 | Computer Name = Laptop | Source = MsiInstaller | ID = 11606
Description =
Error - 12.06.2014 11:29:34 | Computer Name = Laptop | Source = MsiInstaller | ID = 11606
Description =
Error - 12.06.2014 11:29:34 | Computer Name = Laptop | Source = MsiInstaller | ID = 1024
Description =
Error - 12.06.2014 11:29:42 | Computer Name = Laptop | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 12.06.2014 11:31:27 | Computer Name = Laptop | Source = Winlogon | ID = 4102
Description = Die Windows-Lizenz ist ungültig. Fehler 0xC004F027. Richtlinienwert
0x00000000.
Error - 12.06.2014 11:37:20 | Computer Name = Laptop | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 12.06.2014 11:40:08 | Computer Name = Laptop | Source = Software Licensing Service | ID = 8193
Description = Der Lizenzaktivierungsplaner (SLUINotify.dll) ist mit folgendem Fehlercode
fehlgeschlagen: 0xC004D401
Error - 12.06.2014 11:49:36 | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =
Error - 12.06.2014 11:50:16 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 12.06.2014 12:19:04 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 07.11.2010 06:14:32 | Computer Name = Laptop | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 12.06.2014 11:50:18 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 12.06.2014 11:53:26 | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =
Error - 12.06.2014 12:16:09 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.06.2014 um 17:53:23 unerwartet heruntergefahren.
Error - 12.06.2014 12:16:16 | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =
Error - 12.06.2014 12:19:05 | Computer Name = Laptop | Source = Service Control Manager | ID = 7009
Description =
Error - 12.06.2014 12:19:05 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2014 12:19:05 | Computer Name = Laptop | Source = Service Control Manager | ID = 7009
Description =
Error - 12.06.2014 12:19:05 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2014 12:19:51 | Computer Name = Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 12.06.2014 12:19:52 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description =
< End of report >
•OTLOTL logfile created on: 12.06.2014 18:30:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yen Phuong Ha Thi\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 40,74% Memory free
8,20 Gb Paging File | 5,25 Gb Available in Paging File | 64,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,74 Gb Total Space | 248,62 Gb Free Space | 54,79% Space Free | Partition Type: NTFS
Drive D: | 12,02 Gb Total Space | 1,93 Gb Free Space | 16,03% Space Free | Partition Type: NTFS
Drive E: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: LAPTOP | User Name: Yen Phuong Ha Thi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Users\Yen Phuong Ha Thi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Yen Phuong Ha Thi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files (x86)\HP Wireless Adapter\HPWLan.exe ()
PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - c:\users\yenphu~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrvrxj.dll ()
MOD - C:\Programme\AVAST Software\Avast\libcef.dll ()
MOD - C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
MOD - C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ()
MOD - C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\pxl_m17n_tool.dll ()
MOD - C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\HP Wireless Adapter\HPWLANDEU.DLL ()
MOD - C:\Program Files (x86)\HP Wireless Adapter\HPWLan.exe ()
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (TVCapSvc) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys ()
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys ()
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys ()
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (HPNUHUB) -- C:\Windows\SysNative\DRIVERS\hpnuhub.sys ()
DRV:64bit: - (hpnuhst) -- C:\Windows\SysNative\DRIVERS\hpnuhst.sys ()
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\hpl8187.sys ()
DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys ()
DRV:64bit: - (HPNUCMP) -- C:\Windows\SysNative\DRIVERS\hpnucmp.sys ()
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys ()
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (RTL8187) -- C:\Windows\SysWOW64\drivers\hpl8187.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt) -- C:\Windows\SysWOW64\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (PVUSB) -- C:\Windows\SysWOW64\drivers\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B4F381CE-68D8-4179-A60A-797EC0C34865}
IE:64bit: - HKLM\..\SearchScopes\{A558370B-CD1B-45A3-A6F2-208931A8EC65}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{B4F381CE-68D8-4179-A60A-797EC0C34865}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{BFF76C5E-CBC4-495C-B661-5C006E231FBD}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{A558370B-CD1B-45A3-A6F2-208931A8EC65}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKLM\..\SearchScopes\{B4F381CE-68D8-4179-A60A-797EC0C34865}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{BFF76C5E-CBC4-495C-B661-5C006E231FBD}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=make
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=make&s={searchTerms}&f=4
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{5694018F-380B-48D4-9DE1-D69223175612}: "URL" = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{A558370B-CD1B-45A3-A6F2-208931A8EC65}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{B4F381CE-68D8-4179-A60A-797EC0C34865}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\SearchScopes\{BFF76C5E-CBC4-495C-B661-5C006E231FBD}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.23 19:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.23 19:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.02 13:02:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\plugins
[2013.05.10 08:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.03 12:20:24 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.12.23 20:48:39 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google
ageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.wisedock.de/m.php?id=21360ee4cd94296e4ddb53e5d6aa47084ae6c
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: New York theme = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjoilngpclpbpopnnfbjelpbpamign\1.2_0\
CHR - Extension: AdBlock = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\
CHR - Extension: Bei Fashiolista hinzufügen! = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\1.3.2_0\
CHR - Extension: Freemake Video Converter = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_1\
CHR - Extension: Quick Note = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.6_0\
CHR - Extension: Save to Pocket = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.8.2_0\
CHR - Extension: Google Wallet = C:\Users\Yen Phuong Ha Thi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found
O3 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWireless] C:\Program Files (x86)\HP Wireless Adapter\HPWLAN.exe ()
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nokia FastStart] "C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000..\Run: [Akamai NetSession Interface] C:\Users\Yen Phuong Ha Thi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000..\Run: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe" File not found
O4 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000..\Run: [MsgCenterExe] "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot File not found
O4 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-285899062-1174187994-3560374752-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521D3FE-01CF-4C64-9FCC-3F6FFD92B271}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A0E6823-9AF4-4FD1-94CE-7A4C55B7553A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE66B4A-8A6D-4255-B984-F688B99642B4}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D174267A-9474-45C8-A3BA-E1DEF64BFFF9}: NameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.09 17:43:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008.10.24 01:56:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5433b8c0-6795-11e2-ab45-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5433b8c0-6795-11e2-ab45-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{894a4d28-4db6-11de-afc4-00238b968586}\Shell - "" = AutoRun
O33 - MountPoints2\{894a4d28-4db6-11de-afc4-00238b968586}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8c00c61c-31c2-11e0-9504-00238b968586}\Shell - "" = AutoRun
O33 - MountPoints2\{8c00c61c-31c2-11e0-9504-00238b968586}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{8c00c642-31c2-11e0-9504-00238b968586}\Shell - "" = Autorun
O33 - MountPoints2\{8c00c642-31c2-11e0-9504-00238b968586}\Shell\AutoRun\command - "" = F:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{ae42871f-d0ca-11e1-b804-00238b968586}\Shell - "" = AutoRun
O33 - MountPoints2\{ae42871f-d0ca-11e1-b804-00238b968586}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d6fd07e5-f976-11df-a1b3-00238b968586}\Shell - "" = AutoRun
O33 - MountPoints2\{d6fd07e5-f976-11df-a1b3-00238b968586}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{df0bd5f3-46d3-11de-a842-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{df0bd5f3-46d3-11de-a842-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv
onServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014.06.07 18:44:12 | 000,000,000 | ---D | C] -- C:\Users\Yen Phuong Ha Thi\AppData\Local\ElevatedDiagnostics
[2014.06.07 17:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2014.06.07 17:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014.05.28 19:12:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014.05.26 17:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Knuddels
[2014.05.24 15:47:28 | 000,000,000 | ---D | C] -- C:\Users\Yen Phuong Ha Thi\Documents\Webcam
[2014.05.23 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\AVAST Software
[2014.05.23 20:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014.05.23 20:10:59 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.05.23 20:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014.05.23 20:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014.05.23 19:10:41 | 000,000,000 | ---D | C] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\DropboxMaster
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014.06.12 18:20:59 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-285899062-1174187994-3560374752-1002UA.job
[2014.06.12 18:18:33 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-285899062-1174187994-3560374752-1000UA.job
[2014.06.12 18:16:21 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.12 18:16:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.12 18:16:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.12 18:16:00 | 4292,026,368 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.11 19:17:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-285899062-1174187994-3560374752-1000Core.job
[2014.06.09 11:21:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-285899062-1174187994-3560374752-1002Core.job
[2014.06.07 22:56:26 | 002,781,516 | ---- | M] () -- C:\Users\Yen Phuong Ha Thi\Documents\How-to-Become-a-Fashion-Designer.pdf
[2014.06.07 20:26:22 | 000,369,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.06.07 17:41:56 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2014.06.07 17:23:08 | 000,229,376 | ---- | M] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.05.26 17:19:52 | 000,001,302 | ---- | M] () -- C:\Users\Yen Phuong Ha Thi\Desktop\Knuddels.de.lnk
[2014.05.24 21:59:37 | 000,000,963 | ---- | M] () -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.24 21:59:23 | 000,000,955 | ---- | M] () -- C:\Users\Yen Phuong Ha Thi\Desktop\Dropbox.lnk
[2014.05.23 20:14:06 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.05.23 20:13:17 | 001,039,096 | ---- | M] () -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014.05.23 20:13:17 | 000,423,240 | ---- | M] () -- C:\Windows\SysNative\drivers\aswsp.sys
[2014.05.23 20:13:17 | 000,064,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswrdr.sys
[2014.05.23 20:11:10 | 001,039,096 | ---- | M] () -- C:\Windows\SysNative\drivers\aswsnx.sys.1400868797330
[2014.05.23 20:11:10 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014.05.23 20:11:10 | 000,065,264 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2014.05.23 20:11:09 | 000,334,648 | ---- | M] () -- C:\Windows\SysNative\aswBoot.exe
[2014.05.23 20:11:09 | 000,079,184 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014.05.23 20:11:09 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014.05.23 20:11:09 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.05.23 20:11:08 | 000,064,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswrdr.sys.1400868797330
[2014.05.23 20:10:59 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014.06.12 18:16:00 | 4292,026,368 | -HS- | C] () -- C:\hiberfil.sys
[2014.06.07 22:56:25 | 002,781,516 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Documents\How-to-Become-a-Fashion-Designer.pdf
[2014.05.26 17:19:52 | 000,001,306 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Knuddels.de.lnk
[2014.05.26 17:19:52 | 000,001,302 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Desktop\Knuddels.de.lnk
[2014.05.23 20:14:05 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.05.23 20:12:07 | 000,065,264 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2014.05.23 20:12:05 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014.05.23 20:12:01 | 001,039,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswsnx.sys.1400868797330
[2014.05.23 20:12:01 | 001,039,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014.05.23 20:11:59 | 000,423,240 | ---- | C] () -- C:\Windows\SysNative\drivers\aswsp.sys
[2014.05.23 20:11:57 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014.05.23 20:11:53 | 000,079,184 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014.05.23 20:11:48 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.05.23 20:11:44 | 000,064,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswrdr.sys.1400868797330
[2014.05.23 20:11:44 | 000,064,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswrdr.sys
[2014.05.23 20:11:33 | 000,334,648 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2013.05.25 10:08:10 | 000,273,464 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Screen.jpg
[2013.04.02 16:06:39 | 000,020,252 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\.recently-used.xbel
[2013.03.29 17:25:19 | 000,000,000 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\myprogram.jar
[2013.03.28 22:12:46 | 000,113,664 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Tutorial1.MSWMM
[2013.03.17 16:36:15 | 000,006,144 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Unbenannt.MSWMM
[2013.03.17 16:06:07 | 044,206,228 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0053.avi
[2013.03.17 16:04:45 | 057,351,320 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0052.avi
[2013.03.17 16:02:55 | 043,619,780 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0051.avi
[2013.03.17 16:01:49 | 046,756,300 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0050.avi
[2013.03.17 15:59:36 | 049,151,250 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0049.avi
[2013.03.17 15:58:13 | 051,636,566 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0048.avi
[2013.03.17 15:56:27 | 060,846,306 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0047.avi
[2013.03.17 15:54:54 | 008,554,172 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0046.avi
[2013.03.17 15:53:35 | 034,862,606 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0045.avi
[2013.03.17 15:52:51 | 029,537,060 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0044.avi
[2013.03.17 15:52:09 | 018,635,372 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0043.avi
[2013.03.17 15:51:29 | 025,452,048 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0042.avi
[2013.03.17 15:51:10 | 014,200,888 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0041.avi
[2013.03.17 15:50:54 | 024,593,912 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0040.avi
[2013.03.17 15:50:34 | 012,552,946 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0039.avi
[2013.03.17 15:50:05 | 023,801,246 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0038.avi
[2013.03.17 15:49:45 | 011,881,812 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0037.avi
[2013.03.17 15:49:26 | 022,881,014 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0036.avi
[2013.03.17 15:49:05 | 015,683,084 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0035.avi
[2013.03.17 15:47:45 | 052,951,812 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0034.avi
[2013.03.17 15:45:58 | 013,113,206 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0033.avi
[2013.03.17 15:45:41 | 018,013,966 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0032.avi
[2013.03.17 15:44:47 | 013,485,382 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0031.avi
[2013.03.17 15:44:22 | 013,612,916 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0030.avi
[2013.03.17 15:43:14 | 025,174,362 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0029.avi
[2013.03.17 15:41:54 | 049,376,892 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0028.avi
[2013.03.17 15:40:28 | 055,337,264 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0027.avi
[2013.03.17 15:37:56 | 039,487,594 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0026.avi
[2013.03.17 15:36:25 | 024,995,620 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0025.avi
[2013.03.17 15:35:53 | 019,789,330 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0024.avi
[2013.03.17 15:34:52 | 014,344,024 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0023.avi
[2013.03.17 15:34:18 | 030,597,058 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0022.avi
[2013.03.17 15:33:42 | 025,733,294 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0021.avi
[2013.03.17 15:32:56 | 032,167,566 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0020.avi
[2013.03.17 15:32:27 | 019,654,422 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0019.avi
[2013.03.17 15:30:37 | 044,179,606 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0018.avi
[2013.03.17 15:28:04 | 038,330,960 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0017.avi
[2013.03.17 15:26:32 | 045,591,660 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0016.avi
[2013.03.17 12:31:15 | 009,189,088 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0015.avi
[2013.03.17 12:31:02 | 005,862,346 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0014.avi
[2013.03.17 12:30:49 | 007,110,212 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0013.avi
[2013.03.17 12:30:31 | 008,939,612 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0012.avi
[2013.03.17 12:29:17 | 003,710,452 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0009.avi
[2013.03.17 12:29:03 | 005,535,080 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0008.avi
[2013.03.17 12:28:45 | 005,127,082 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0007.avi
[2013.03.17 12:28:20 | 007,657,078 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0006.avi
[2013.03.17 12:21:40 | 012,733,784 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0005.avi
[2012.09.30 21:22:02 | 000,236,820 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\tutorial-05.jpg
[2012.09.30 21:21:57 | 000,264,527 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\tutorial-04.jpg
[2012.09.30 21:21:52 | 000,259,523 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\tutorial-03.jpg
[2012.09.30 21:21:47 | 000,252,441 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\tutorial-02.jpg
[2012.09.30 21:21:35 | 000,233,327 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\tutorial-01.jpg
[2012.09.30 21:16:19 | 000,364,693 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\queen_of_shame_by_dark_spider-d2ywp8l.jpg
[2012.09.30 21:13:17 | 000,371,957 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\The_Wheel_of_Time_by_dark_spider.jpg
[2012.09.30 21:13:13 | 000,380,153 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Ice_Maiden_by_dark_spider.jpg
[2012.09.30 21:13:08 | 000,326,728 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\amethyst_by_dark_spider-d36mkt7.jpg
[2012.09.30 21:06:21 | 000,029,194 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\elixir.jpg
[2012.09.30 21:06:16 | 000,018,981 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Heartless.jpg
[2012.09.30 21:06:12 | 000,035,760 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Hope.jpg
[2012.09.30 21:03:15 | 000,089,829 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Onde.jpg
[2012.09.29 11:20:26 | 397,002,910 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\0003.avi
[2012.09.29 11:13:58 | 845,190,142 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Chaiyya Chaiyya.avi
[2012.09.29 11:07:52 | 811,638,138 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Maahi Ve.avi
[2012.05.22 20:00:58 | 000,212,462 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Hintergrundbild der Windows-Fotogalerie.jpg
[2012.04.28 07:45:20 | 000,000,732 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\d3d9caps64.dat
[2012.04.09 22:09:40 | 000,002,480 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\PStrip.ini
[2011.07.02 11:28:56 | 000,377,603 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\Ffx_yuna.jpg
[2011.06.02 19:06:58 | 000,000,019 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\.gtk-bookmarks
[2011.01.25 19:20:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.06.10 18:06:16 | 000,008,663 | -HS- | C] () -- C:\Users\Yen Phuong Ha Thi\Folder.jpg
[2010.06.10 18:06:16 | 000,007,926 | -HS- | C] () -- C:\Users\Yen Phuong Ha Thi\AlbumArt_{00A13E9A-FAC9-4535-8BB3-ED6C66AD036F}_Large.jpg
[2010.06.10 18:06:16 | 000,002,276 | -HS- | C] () -- C:\Users\Yen Phuong Ha Thi\AlbumArt_{00A13E9A-FAC9-4535-8BB3-ED6C66AD036F}_Small.jpg
[2010.04.19 21:12:37 | 000,393,170 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\tmpPOKEMON 001.1
[2010.04.19 21:12:36 | 000,408,543 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\tmpPOKEMON 001.0
[2010.04.19 21:12:36 | 000,397,317 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\tmpPOKEMON 001.JPG
[2010.03.25 21:34:36 | 000,002,165 | -HS- | C] () -- C:\Users\Yen Phuong Ha Thi\AlbumArtSmall.jpg
[2010.02.23 20:34:00 | 000,121,856 | -H-- | C] () -- C:\Users\Yen Phuong Ha Thi\photothumb.db
[2009.11.12 09:51:55 | 000,000,680 | RHS- | C] () -- C:\Users\Yen Phuong Ha Thi\ntuser.pol
[2009.07.23 17:11:24 | 000,000,552 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\d3d8caps.dat
[2009.07.19 11:03:52 | 000,000,000 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\wklnhst.dat
[2009.05.31 13:29:53 | 000,004,096 | -H-- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\keyfile3.drm
[2009.05.22 22:09:38 | 000,229,376 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1980.01.01 01:00:00 | 002,687,750 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1876.JPG
[1980.01.01 01:00:00 | 002,318,481 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1873.JPG
[1980.01.01 01:00:00 | 002,232,185 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1877.JPG
[1980.01.01 01:00:00 | 002,117,973 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1874.JPG
[1980.01.01 01:00:00 | 002,078,304 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1872.JPG
[1980.01.01 01:00:00 | 001,480,934 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1880.JPG
[1980.01.01 01:00:00 | 000,704,840 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1875.JPG
[1980.01.01 01:00:00 | 000,399,307 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1879.JPG
[1980.01.01 01:00:00 | 000,360,472 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1878.JPG
[1980.01.01 01:00:00 | 000,255,513 | ---- | C] () -- C:\Users\Yen Phuong Ha Thi\IMG_1881.JPG
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 17:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 06:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013.07.10 13:57:49 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\.minecraft
[2011.02.17 20:10:13 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\360se
[2012.04.14 22:31:24 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\AimOne
[2012.03.16 00:37:07 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Ashampoo
[2009.07.10 16:11:40 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Atari
[2013.05.25 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Audacity
[2012.04.09 17:51:37 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Autodesk
[2014.05.23 20:15:41 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\AVAST Software
[2012.08.22 12:04:40 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\avidemux
[2013.07.08 07:56:28 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\bitmedia
[2013.06.29 21:29:15 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\BitTorrent
[2013.01.20 12:15:06 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Brockhaus
[2011.06.18 19:05:43 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.07.08 07:56:29 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\contentlauncher
[2010.08.19 16:04:38 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Cornelsen
[2013.01.26 21:35:14 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\DAEMON Tools Lite
[2009.06.19 21:12:06 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\dBpoweramp
[2014.06.12 18:22:52 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Dropbox
[2014.06.12 18:22:39 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\DropboxMaster
[2013.07.09 12:25:58 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\DVDVideoSoft
[2013.01.13 15:05:16 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\FileZilla
[2011.02.05 12:52:41 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\freshgames
[2011.11.16 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\GetRightToGo
[2013.04.02 16:06:00 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\gtk-2.0
[2011.01.23 19:12:03 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Local
[2011.02.17 19:34:15 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Meitu
[2009.10.19 13:04:51 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\PC Suite
[2012.12.14 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\PhotoScape
[2010.08.28 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\PlayFirst
[2011.05.28 11:52:06 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Publish Providers
[2011.12.23 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Sony
[2011.05.29 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Sony Creative Software
[2010.11.06 09:14:27 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\SPORE Creature Creator
[2011.09.06 18:50:51 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Stellarium
[2012.03.30 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\SYSTEMAX Software Development
[2009.07.19 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Template
[2013.05.06 14:36:41 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Unified Remote
[2011.12.23 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Xilisoft
[2010.11.30 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\XSManager
[2011.02.05 12:52:36 | 000,000,000 | ---D | M] -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Zylom
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013.06.21 21:49:27 | 000,000,000 | ---D | M](C:\Users\Yen Phuong Ha Thi\Documents\????) -- C:\Users\Yen Phuong Ha Thi\Documents\美图图库
[2013.02.11 14:35:49 | 000,000,000 | ---D | C](C:\Users\Yen Phuong Ha Thi\Documents\????) -- C:\Users\Yen Phuong Ha Thi\Documents\美图图库
[2011.07.06 21:17:21 | 000,000,866 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
[2011.02.17 19:34:05 | 000,000,866 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
(C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\Yen Phuong Ha Thi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美图
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\美图
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0053.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0052.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0051.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0050.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0049.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0048.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0047.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0046.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0045.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0044.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0043.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0042.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0041.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0040.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0039.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0038.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0037.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0036.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0035.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0034.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0033.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0032.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0031.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0030.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0029.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0028.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0027.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0026.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0025.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0024.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0023.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0022.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0021.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0020.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0019.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0018.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0017.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0016.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0015.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0013.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0012.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0009.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0008.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0007.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0006.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yen Phuong Ha Thi\0005.avi:TOC.WMV
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
< End of report >