Very much appreciate your help with this one. It is annoying and keeps popping back. Also I can't run GMER since it crashes immediately when reach volumeshadowcopy1 (as shown in screenshot)
MBAM log
Malwarebytes' Anti-Malware 1.44
Database version: 3675
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18882
02/02/2010 9:22:05 SA
mbam-log-2010-02-02 (09-22-05).txt
Scan type: Quick Scan
Objects scanned: 107003
Time elapsed: 4 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER crashes
any attempt to rerun GMER during the same windows session will result in blue screen
OTL log
OTL logfile created on: 02/02/2010 9:32:49 SA - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Quynh\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000042a | Country: Việt Nam | Language: VIT | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 26,20 Gb Free Space | 14,06% Space Free | Partition Type: NTFS
Drive D: | 698,64 Gb Total Space | 68,00 Gb Free Space | 9,73% Space Free | Partition Type: NTFS
Drive E: | 279,46 Gb Total Space | 65,75 Gb Free Space | 23,53% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 143,48 Gb Free Space | 48,13% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 14,91 Gb Total Space | 7,78 Gb Free Space | 52,19% Space Free | Partition Type: FAT32
Computer Name: QUYNH-PC
Current User Name: Quynh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/02 09:12:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Quynh\Desktop\OTL.exe
PRC - [2010/01/24 20:43:36 | 002,892,288 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe
PRC - [2010/01/09 21:13:19 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\CompuPicPro\scsiaccess.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/11/02 00:42:56 | 000,261,632 | ---- | M] () -- C:\Program Files\UniKey\UniKeyNT.exe
PRC - [2009/10/30 18:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/12 02:52:40 | 002,815,408 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009/08/16 19:55:18 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/03 00:16:22 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/03 00:15:53 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/04 11:48:54 | 000,354,312 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009/05/04 11:26:50 | 001,572,872 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009/05/04 11:26:20 | 000,675,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 20:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 20:19:17 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/01/12 19:15:52 | 000,071,096 | ---- | M] () -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/01/21 09:23:48 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 09:23:09 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 09:21:41 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/03/08 11:09:32 | 002,526,661 | ---- | M] () -- C:\Program Files\GreedyTorrent\GTor.exe
PRC - [2007/02/14 11:15:04 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\Diamondback\razerhid.exe
PRC - [2007/02/14 11:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback\razerofa.exe
PRC - [2007/02/07 16:00:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Razer\Diamondback\razertra.exe
========== Modules (SafeList) ==========
MOD - [2010/02/02 09:12:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Quynh\Desktop\OTL.exe
MOD - [2009/11/02 00:42:54 | 000,245,248 | ---- | M] () -- C:\Program Files\UniKey\UKHook40.dll
MOD - [2009/04/11 20:19:23 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009/04/11 20:19:13 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (FlexService)
SRV - [2010/01/09 21:13:19 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/13 07:04:20 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/25 08:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/17 07:14:00 | 003,320,872 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/16 19:55:18 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/30 01:30:48 | 000,215,584 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/07/09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/03 00:15:53 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/11 20:20:03 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/01/12 19:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/21 09:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 19:34:14 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com.vn/"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 22:38:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/26 04:09:48 | 000,000,000 | ---D | M]
[2009/08/15 23:06:14 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Extensions
[2010/02/01 21:05:13 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions
[2010/01/12 16:52:34 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/01/18 20:55:59 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/01/30 03:01:48 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/15 23:06:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/24 22:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/08/15 23:06:20 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2009/12/13 23:11:24 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/12/23 16:36:00 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/11/08 17:47:01 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/01/30 03:01:46 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/24 22:48:28 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/08/15 23:06:16 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\[email protected]
[2010/01/21 23:02:18 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\[email protected]
[2010/01/24 22:45:17 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\[email protected]
[2010/01/30 03:01:48 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\SkipScreen@SkipScreen
[2010/01/12 16:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\m0s02i64.Pipja\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2007/08/11 18:14:32 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\p06wkzti.Pipja\extensions
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions
[2009/08/15 23:06:25 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/08/15 23:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/08/15 23:06:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/15 23:06:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/15 23:06:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/15 23:06:26 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/08/15 23:06:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/15 23:06:26 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] (Mouse Gestures) -- C:\Users\Quynh\AppData\Roaming\Mozilla\Firefox\Profiles\zjdjiw97.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010/02/01 21:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/16 01:50:51 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
O1 HOSTS File: ([2010/02/02 08:51:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GreedyTorrent] C:\Program Files\GreedyTorrent\GTor.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [UniKey] C:\Program Files\UniKey\UniKeyNT.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B1D0DBA5-8AB5-4501-A7A0-633FF370B035} http://channel.dontb...AWebStarter.CAB (CraypasWebCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Quynh\Pictures\The Nam Hai\Pipja&Chini on couch.bmp
O24 - Desktop BackupWallPaper: C:\Users\Quynh\Pictures\The Nam Hai\Pipja&Chini on couch.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 04:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 09:32:53 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/02/02 09:30:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/02 09:11:59 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Quynh\Desktop\OTL.exe
[2010/02/02 09:09:47 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Quynh\Desktop\TFC.exe
[2010/02/02 09:01:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/02 08:59:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/02 08:18:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/30 21:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/01/30 02:58:22 | 000,000,000 | ---D | C] -- C:\Users\Quynh\AppData\Local\temp
[2010/01/30 01:45:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/30 01:45:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/30 01:45:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/30 01:45:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/30 01:43:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/29 07:21:00 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/01/29 07:20:59 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/01/29 07:20:59 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010/01/29 07:20:59 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2010/01/29 07:20:58 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/01/27 14:06:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/27 14:06:14 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/27 14:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/27 14:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/27 09:27:24 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk42.sys
[2010/01/27 09:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftPerfect
[2010/01/27 09:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\NetWorx
[2010/01/26 00:39:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/01/26 00:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/01/25 16:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/01/19 19:39:19 | 000,000,000 | ---D | C] -- C:\Users\Quynh\Desktop\DXWnd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/02/02 09:34:30 | 003,932,160 | -HS- | M] () -- C:\Users\Quynh\NTUSER.DAT
[2010/02/02 09:33:32 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/02 09:33:32 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/02 09:33:32 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/02 09:27:19 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/02 09:27:19 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/02 09:27:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/02 09:27:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/02 09:26:59 | 3220,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/02 09:26:57 | 207,315,056 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/02 09:22:43 | 000,119,296 | ---- | M] () -- C:\Users\Quynh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 09:13:05 | 000,524,288 | -HS- | M] () -- C:\Users\Quynh\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/02/02 09:13:05 | 000,065,536 | -HS- | M] () -- C:\Users\Quynh\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/02/02 09:12:59 | 002,693,649 | -H-- | M] () -- C:\Users\Quynh\AppData\Local\IconCache.db
[2010/02/02 09:12:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Quynh\Desktop\OTL.exe
[2010/02/02 09:09:48 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Quynh\Desktop\TFC.exe
[2010/02/02 08:52:40 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/02 08:51:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/02 08:12:34 | 003,842,878 | R--- | M] () -- C:\Users\Quynh\Desktop\ComboFix.exe
[2010/02/02 03:46:18 | 000,000,742 | ---- | M] () -- C:\Users\Quynh\Documents\AutoHotkey.ahk
[2010/02/01 22:05:24 | 063,369,864 | ---- | M] () -- C:\Users\Quynh\Desktop\[Volume][Seto+Yuki][2004][Accelerando+-+Acchellando][Eng].rar
[2010/02/01 21:02:51 | 007,986,597 | ---- | M] () -- C:\Users\Quynh\Desktop\[SaHa]_Seto_Yuki_-_The_Princess_And_The_Crow_(English).rar
[2010/01/30 21:55:29 | 000,000,604 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/30 21:52:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/01/30 21:52:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/01/29 07:21:06 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic.lnk
[2010/01/29 04:26:47 | 000,012,570 | ---- | M] () -- C:\Users\Quynh\Documents\cc_20100129_042632.reg
[2010/01/29 03:11:43 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/01/27 14:10:52 | 000,001,356 | ---- | M] () -- C:\Users\Quynh\AppData\Local\d3d9caps.dat
[2010/01/27 14:06:18 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 13:51:50 | 000,099,864 | ---- | M] () -- C:\Users\Quynh\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/27 09:27:24 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk42.sys
[2010/01/27 06:52:46 | 000,001,670 | ---- | M] () -- C:\Users\Quynh\Desktop\CCleaner.lnk
[2010/01/26 04:06:58 | 000,368,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/26 00:47:46 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/01/20 20:22:44 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WonderKing.lnk
[2010/01/20 10:50:25 | 000,000,600 | ---- | M] () -- C:\Users\Quynh\PUTTY.RND
[2010/01/19 19:37:15 | 000,154,110 | ---- | M] () -- C:\Users\Quynh\Desktop\DXWnd.rar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/02/02 09:26:59 | 3220,291,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/02 09:26:57 | 207,315,056 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/02 09:11:00 | 000,293,376 | ---- | C] () -- C:\Users\Quynh\Desktop\pimp.exe
[2010/02/02 08:12:13 | 003,842,878 | R--- | C] () -- C:\Users\Quynh\Desktop\ComboFix.exe
[2010/02/01 21:06:57 | 063,369,864 | ---- | C] () -- C:\Users\Quynh\Desktop\[Volume][Seto+Yuki][2004][Accelerando+-+Acchellando][Eng].rar
[2010/02/01 21:00:23 | 007,986,597 | ---- | C] () -- C:\Users\Quynh\Desktop\[SaHa]_Seto_Yuki_-_The_Princess_And_The_Crow_(English).rar
[2010/01/30 21:52:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/01/30 21:52:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/01/30 03:11:50 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/01/30 01:45:54 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/30 01:45:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/30 01:45:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/30 01:45:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/30 01:45:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/29 07:21:06 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic.lnk
[2010/01/29 07:21:04 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/29 07:21:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/29 07:21:00 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/01/29 07:20:58 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/29 07:20:58 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/29 07:20:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/29 07:20:54 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/01/29 04:26:37 | 000,012,570 | ---- | C] () -- C:\Users\Quynh\Documents\cc_20100129_042632.reg
[2010/01/27 14:06:18 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/25 15:01:53 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/01/20 10:49:44 | 000,000,600 | ---- | C] () -- C:\Users\Quynh\PUTTY.RND
[2010/01/19 19:37:15 | 000,154,110 | ---- | C] () -- C:\Users\Quynh\Desktop\DXWnd.rar
[2009/12/10 17:17:59 | 000,000,439 | ---- | C] () -- C:\Windows\hegames.ini
[2009/11/28 22:10:03 | 000,000,604 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/16 19:55:37 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/16 17:18:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/16 17:18:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/16 14:36:11 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/08/16 02:45:56 | 000,034,895 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/16 02:42:51 | 000,034,895 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/16 01:15:49 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/16 00:41:15 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/15 22:53:13 | 000,001,356 | ---- | C] () -- C:\Users\Quynh\AppData\Local\d3d9caps.dat
[2009/07/04 21:21:34 | 000,000,093 | ---- | C] () -- C:\Users\Quynh\AppData\Local\fusioncache.dat
[2009/04/11 20:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/04 06:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll
[2008/09/29 00:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2008/08/28 18:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll
[2008/08/28 18:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll
[2008/08/28 18:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll
[2008/07/21 19:17:08 | 000,022,328 | ---- | C] () -- C:\Users\Quynh\AppData\Roaming\PnkBstrK.sys
[2008/01/21 09:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/08/15 07:58:07 | 000,000,173 | ---- | C] () -- C:\Users\Quynh\AppData\Local\rahistory.xml
[2007/08/11 20:17:53 | 000,119,296 | ---- | C] () -- C:\Users\Quynh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/11 16:28:46 | 000,105,624 | ---- | C] () -- C:\Users\Quynh\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2007/08/11 16:28:28 | 000,001,356 | ---- | C] () -- C:\Users\Quynh\AppData\Local\d3d9caps (1).dat
[2006/11/07 02:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006/11/02 19:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 14:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2009/08/15 23:02:43 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\.bsnes
[2009/08/15 23:02:43 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\.metamorphose2
[2009/08/15 23:02:44 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\AgeOfBooty
[2009/10/17 22:32:01 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Alawar
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\avidemux
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Azgard
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\BeachPartyCraze
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\blg
[2009/12/28 01:19:19 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Boomzap
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\cald3
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\CopyTrans
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\CopyTransControlCenter
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\CopyTransPhoto
[2009/01/12 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\DAEMON Tools
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\DAEMON Tools Lite
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\DAEMON Tools Pro
[2009/01/11 19:59:04 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Dev-Cpp
[2010/02/02 09:29:24 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\DMCache
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\DragonicaSCB
[2008/12/29 20:40:17 | 000,000,000 | -H-D | M] -- C:\Users\Quynh\AppData\Roaming\drivers
[2009/08/15 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\EVEMon
[2009/08/22 07:05:41 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\FFSJ
[2009/08/15 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\FlashGet
[2009/10/12 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\FOG Downloader
[2009/08/16 01:51:41 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Foxit
[2009/11/21 00:28:08 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\GameInvest
[2010/01/16 04:15:20 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Gaupol
[2009/08/15 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\GetRightToGo
[2009/08/15 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\GrabPro
[2010/01/16 04:13:59 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\gtk-2.0
[2010/02/02 09:29:25 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\IDM
[2009/08/15 23:06:12 | 000,000,000 | -H-D | M] -- C:\Users\Quynh\AppData\Roaming\ijjigame
[2009/10/19 01:38:37 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\ImgBurn
[2009/08/15 23:06:12 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Imperium Romanum
[2009/08/15 23:06:12 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Leadertech
[2009/08/15 23:06:12 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\LEAPS
[2009/12/17 21:02:25 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Lionhead Studios
[2009/09/20 04:13:17 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/08/14 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\MechCAD
[2009/08/15 23:06:12 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Megaupload
[2009/09/21 07:09:36 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Merscom
[2010/01/09 23:30:32 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mobipocket
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Mp3tag
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Netscape
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Nexon
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Nokia
[2009/11/08 17:27:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Opera
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Orbit
[2009/10/04 21:11:15 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Passware
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\PC Suite
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\pdf995
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Pegasys Inc
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Photodex
[2009/08/15 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\PlayFirst
[2009/08/15 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Red Alert 3
[2010/01/09 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Red Kawa
[2009/11/22 01:22:11 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\runic games
[2009/08/15 23:06:43 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\ScanSoft
[2009/08/15 23:06:43 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Secret of the Solstice
[2009/08/15 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Seven Zip
[2009/08/15 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Sierra Entertainment
[2009/08/15 23:06:45 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\SlimBrowser
[2010/01/09 00:34:20 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Sony
[2010/01/09 00:33:29 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Sony Setup
[2009/08/15 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\SoundSpectrum
[2009/08/15 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\SpinTop
[2009/08/15 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Stardock
[2009/08/15 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\SystemRequirementsLab
[2009/08/15 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\The Creative Assembly
[2009/08/15 23:07:36 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Thinstall
[2009/08/15 23:07:40 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Three Rings Design
[2009/09/27 21:47:56 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Tropico 3
[2009/08/15 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Ubisoft
[2010/02/02 08:19:30 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\uTorrent
[2009/08/15 23:08:30 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Valusoft
[2009/12/18 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Virtual City
[2009/08/15 23:08:30 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\WinPatrol
[2009/08/15 23:08:30 | 000,000,000 | ---D | M] -- C:\Users\Quynh\AppData\Roaming\Zeon
[2010/02/02 09:13:08 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/21 09:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 09:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 09:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 09:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 09:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 09:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 16:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2010/02/02 08:21:02 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2010/02/02 08:21:02 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 20:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 20:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 09:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 09:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 16:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 16:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 16:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 16:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008/01/21 09:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 09:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 09:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 16:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/04/11 20:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 20:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 20:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 16:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 09:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 09:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 09:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/04/11 20:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 20:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 20:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 18:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 18:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 20:19:41 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 20:19:39 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/11/28 21:57:49 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009/04/11 21:14:01 | 025,030,656 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009/04/11 21:13:38 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009/04/11 21:14:01 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 17:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 17:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
========== Alternate Data Streams ==========
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:4BF2F6B5
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:BB785348
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:931BB48A
< End of report >
OTL Extra log
OTL Extras logfile created on: 02/02/2010 9:32:49 SA - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Quynh\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000042a | Country: Việt Nam | Language: VIT | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 26,20 Gb Free Space | 14,06% Space Free | Partition Type: NTFS
Drive D: | 698,64 Gb Total Space | 68,00 Gb Free Space | 9,73% Space Free | Partition Type: NTFS
Drive E: | 279,46 Gb Total Space | 65,75 Gb Free Space | 23,53% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 143,48 Gb Free Space | 48,13% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 14,91 Gb Total Space | 7,78 Gb Free Space | 52,19% Space Free | Partition Type: FAT32
Computer Name: QUYNH-PC
Current User Name: Quynh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3551261454-2360156788-561232891-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system32\sysservice.exe" = C:\Windows\system32\sysservice.exe:*:Enabled:DNS client -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29F4B550-C8C1-49ED-A315-A272A6177359}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2CA6928C-513D-4069-B05A-F2AF6AED02BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{39D5D5E3-2755-409E-80BD-BC33DCAC5B0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F0D63A5-F7B0-4F39-987B-3026E188F4D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4799913A-E00D-4ADA-941C-4D537DE60FEA}" = rport=139 | protocol=6 | dir=out | app=system |
"{7BDA762C-231F-4DBB-851F-02395BB023D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{7CE6E82D-CA0C-4D95-805A-EAC9018D9E88}" = lport=139 | protocol=6 | dir=in | app=system |
"{7FE583E6-FE6A-4254-819B-BC53DE84D190}" = lport=137 | protocol=17 | dir=in | app=system |
"{BB110484-5A92-4A65-9856-B5B10B606599}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{BCBCDB7E-6292-410C-9428-DCD8A5669E09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BEB02F8B-2189-4070-B480-8D1E61D4454F}" = rport=445 | protocol=6 | dir=out | app=system |
"{C3EDACDE-461F-4138-AD74-36AB38B230A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF1D29E4-5BB6-4FB2-B235-371D3F84EB9A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0AC34B4-D71F-41E9-9CF6-89EE02D01DC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E2FE2FDF-1165-4BB2-8200-718BB7C4D63A}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03556751-21BF-406D-96F4-32B4444096A3}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
"{06E122BB-8106-4AC7-835E-CF80EC90A79C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{0F747547-CF4A-463E-8C0A-9AC0BDEB08EE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1080D805-11EB-4848-ABF7-D8E06DEB2600}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{19756013-C119-4C8B-8560-EFE4799B5A21}" = protocol=58 | dir=out | [email protected],-28546 |
"{1DF5FCE7-EF10-4599-BBFE-8CD766F459B4}" = protocol=1 | dir=in | [email protected],-28543 |
"{2DE96F3F-7C13-4293-B158-011E6281397D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3054A9FF-2A34-4AD4-970B-4F0BDEE2BF91}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37640625-FA5D-4693-B07F-C5D50F2B9A3A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
"{37DC0512-F5FA-446E-94E0-BFA6B647916C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{3F5D3764-39CC-4403-998B-D9A43AAD93DB}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{404A70A5-797D-4626-AEB8-1A7CE1D57C14}" = protocol=6 | dir=in | app=c:\program files\blitz 1941\blitzclient2.exe |
"{477E0F56-E975-490F-99B3-88F3628B9F78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47C9A60C-F7EA-4307-B720-3065886EF620}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{49275F8F-A2AC-4BA8-895A-783565B9B88E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{4A2EC1D6-70DC-472A-B811-3563233851B4}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{4E5C3899-4C51-4F46-9E05-9FA0A18068B7}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{548586E9-B113-48E3-B603-6CA2913D6A6C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{55A3E5BC-6C30-40D4-B7FB-D701FBB75E53}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7DA5F227-7996-4735-A701-619D25C1D2CB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DCACAFB-CA57-495D-89AB-CBE5D10A5A6C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7F903379-6960-4667-99C9-65C15407DF14}" = protocol=17 | dir=in | app=c:\program files\blitz 1941\blitzclient2.exe |
"{846C1A24-9892-4FBD-8A66-2D08F0459B5B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{88132E88-FA6F-4ABD-B98E-BB7E7D6E6CC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8B1FCD20-CF6A-427F-8C94-EA2E3FE0C761}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BA0719B-5AF8-4B81-A9E9-AEAB2ABB3451}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{9E27442D-F50C-4203-BB8E-E6498ED7F823}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A0A2B4F3-C0C2-422F-8D60-5C7596E0CB79}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{A2446F91-0602-4BA5-BA20-AFCAE6315C4C}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{A2F05544-15D5-48BB-A3E5-55448215E1DC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A383D7AC-BD57-4CE3-89D0-85B3867DBED9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B56DC7FC-CF0C-4F44-BC9F-B4D3ABDFACDD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B5B75632-FD0C-43C5-A22D-A8BF43511360}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C19657EB-B4CA-43BC-9C89-6A5DDC608AAF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{C54AE299-AF7C-42E1-94FA-95FDB2CF6746}" = protocol=1 | dir=out | [email protected],-28544 |
"{C777D1A9-1878-41C5-90AE-A9EE62508ADB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{CACB723D-3D77-4B3C-BD1C-1E1855800F01}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{D0612169-5AEF-49A6-9308-0DABA48E1F72}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
"{D291BA74-4087-4451-B88D-284D73887993}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC9D5276-1235-4DF1-B889-5CB0369E22D7}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{DE2807ED-B762-4ACC-9DD0-747D5E5C946C}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{E2BBDAA7-D8C5-40BC-B8C1-8B51FC4A72DE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E77AC05D-C479-46DB-9308-E352AFA340E8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{EF93E821-F3F6-4128-8244-32C5FDE1594E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
"{F9EB0892-B340-4FCC-9F3B-307915CFF8D5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FA0E18AE-BC7C-4312-8239-5D0DCF109A5A}" = protocol=58 | dir=in | [email protected],-28545 |
"{FBCC334E-BE07-44AA-A4EF-E2DB465E8793}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{FC008320-FAF9-42E0-969D-54671E0813A2}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{FD291E89-AF38-47B7-8363-38C51954F287}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FFEFD1CA-335B-4C70-8882-A105111C0344}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"TCP Query User{1AC460BA-5477-4078-B021-5F59A77F1220}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{24CBD3AD-372E-4BE8-BFF1-5AC7A5EC62F2}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{44A2A359-7C96-4ADF-802A-B0C1A692C850}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{D6420357-28FB-43E4-94C7-1B761A405EB2}C:\program files\greedytorrent\gtor.exe" = protocol=6 | dir=in | app=c:\program files\greedytorrent\gtor.exe |
"TCP Query User{F1E60ED8-D76A-44C7-87C7-E4C31C7906AE}C:\users\quynh\desktop\[www.1st-hacks.com] ultimate garena v1.4\garena.exe" = protocol=6 | dir=in | app=c:\users\quynh\desktop\[www.1st-hacks.com] ultimate garena v1.4\garena.exe |
"UDP Query User{60E13CD4-9CA7-43A3-86A1-293F3D467BF4}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{8F88A4FE-A605-4855-A3DD-1581E94EFBA6}C:\users\quynh\desktop\[www.1st-hacks.com] ultimate garena v1.4\garena.exe" = protocol=17 | dir=in | app=c:\users\quynh\desktop\[www.1st-hacks.com] ultimate garena v1.4\garena.exe |
"UDP Query User{BE878D44-FCF9-46C0-BD64-C370F2D6BF5F}C:\program files\greedytorrent\gtor.exe" = protocol=17 | dir=in | app=c:\program files\greedytorrent\gtor.exe |
"UDP Query User{CE770B52-0E07-4699-BC43-D276D3191AD2}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{E2BE31A2-64A4-4F8A-AFAD-9AB2B6630490}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01A9C1F8-9F3E-A0B9-B4DA-0D91D41BCF91}" = Catalyst Control Center HydraVision Full
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A3B1207-6E28-DD5E-323F-DBC6ADD5B7DA}" = Catalyst Control Center Graphics Previews Vista
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{13CDB886-34E0-E8A4-A186-E735070DB5E9}" = Catalyst Control Center Graphics Previews Common
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23734E07-35AD-6E7F-AD27-CB906015BCCC}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{272A5191-3D5E-A9C5-8FFE-3CCBF744A274}" = Catalyst Control Center InstallProxy
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34306B7C-3556-DA75-EBEA-C2D8025D5C00}" = ccc-utility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A8D323F-21EF-59CA-AD28-5A3DDB08A206}" = Catalyst Control Center Graphics Full New
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{88AD1843-8E39-5215-7FC0-294B16C87C7C}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B1EDEBF1-B4DA-46A5-B346-D1B580548EAA}" = iPhone Folders
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B32261CD-F1C8-42C3-B507-CB6B87CEC1A8}" = Passware Kit Enterprise 9.3
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{BD9137C8-98D0-5B0B-824D-07263F8CF39D}" = Catalyst Control Center Core Implementation
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4EAC706-D24F-FB71-BA20-A143CC2ECBFF}" = Catalyst Control Center Graphics Full Existing
"{D6D425D2-803F-40E8-9D65-3DC00D577C11}" = NavyFIELD NorthAmerica
"{DDF17E28-E4C4-41CF-9DB9-8FA5F19B918C}" = UltraEdit 15.10
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB731227-8AC5-4889-ACE9-7D87864A9F19}" = Logitech GamePanel Software 3.02.173
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2A2B193-6837-8DEE-39D0-D5AE5F5DDC2B}" = ATI Catalyst Install Manager
"{F6616D78-B14A-2889-DA99-8298E8BC9692}" = ccc-core-static
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AviSynth" = AviSynth 2.5
"Blaze Media Pro" = Blaze Media Pro
"BloodBowl_is1" = Blood Bowl 1.1.2.1
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CompuPic Pro" = CompuPic Pro
"Dominions3" = Dominions 3 (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Galaxy Online_is1" = Galaxy Online
"Garena" = Garena
"Gaupol_is1" = Gaupol 0.13.1
"GreedyTorrent_is1" = GreedyTorrent v1.01 beta build 170
"Hollywood Tycoon 2.0.0.9" = Hollywood Tycoon 2.0.0.9
"hon" = Heroes of Newerth
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™ Stunts & Effects
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.22
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NetWorx_is1" = NetWorx 5.0.9
"Pangya" = Pangya (Ntreev USA)
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.9.0
"Runic Games Torchlight" = Torchlight
"Space Empires IV Deluxe Patch v:1.95" = Space Empires IV Deluxe Patch v:1.95
"Space Empires IV Gold" = Space Empires IV Gold
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 440" = Team Fortress 2
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Teleport Pro" = Teleport Pro
"Tower Bloxx Deluxe1.0" = Tower Bloxx Deluxe
"UltSounds" = Windows Sound Schemes
"UniKey" = UniKey 4.0 NT
"Unlocker" = Unlocker 1.8.7
"Update Service" = Update Service
"Videora iPod touch Converter" = Videora iPod touch Converter 5.03
"VISPRO" = Microsoft Office Visio Professional 2007
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"YouTube Downloader App" = YouTube Downloader App 2.03
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01/02/2010 5:36:26 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 0.0.0.0, time stamp 0x4b658f01,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x9f4, application start time 0x01caa386995c2b20.
Error - 01/02/2010 5:37:48 CH | Computer Name = Quynh-PC | Source = VSS | ID = 8194
Description =
Error - 01/02/2010 9:33:54 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x620, application
start time 0x01caa3a76592ad23.
Error - 01/02/2010 9:37:03 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x868, application
start time 0x01caa3a7d404b963.
Error - 01/02/2010 9:39:55 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x164, application
start time 0x01caa3a839dc97d3.
Error - 01/02/2010 9:44:45 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0xe6c, application
start time 0x01caa3a8ea42a4c3.
Error - 01/02/2010 10:12:03 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0x73c, application start time
0x01caa3ad00222648.
Error - 01/02/2010 10:15:21 CH | Computer Name = Quynh-PC | Source = EventSystem | ID = 4609
Description =
Error - 01/02/2010 10:23:49 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0x650, application start time
0x01caa3aeb3bf9def.
Error - 01/02/2010 10:32:07 CH | Computer Name = Quynh-PC | Source = Application Error | ID = 1000
Description = Faulting application pimp.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module pimp.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0x6ac, application start time
0x01caa3afd6189205.
[ System Events ]
Error - 01/02/2010 10:15:20 CH | Computer Name = Quynh-PC | Source = DCOM | ID = 10005
Description =
Error - 01/02/2010 10:15:25 CH | Computer Name = Quynh-PC | Source = DCOM | ID = 10005
Description =
Error - 01/02/2010 10:15:33 CH | Computer Name = Quynh-PC | Source = DCOM | ID = 10005
Description =
Error - 01/02/2010 10:15:38 CH | Computer Name = Quynh-PC | Source = DCOM | ID = 10005
Description =
Error - 01/02/2010 10:15:39 CH | Computer Name = Quynh-PC | Source = DCOM | ID = 10005
Description =
Error - 01/02/2010 10:15:57 CH | Computer Name = Quynh-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01/02/2010 10:15:57 CH | Computer Name = Quynh-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 01/02/2010 10:15:57 CH | Computer Name = Quynh-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 01/02/2010 10:27:06 CH | Computer Name = Quynh-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:24:45 SA on 02/02/2010 was unexpected.
Error - 01/02/2010 10:28:32 CH | Computer Name = Quynh-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Sign In
Create Account
