Solved Infected by Agent.BA, Conedex.B, Sirefef.AP all from one site

[roy392003]

< MD5 for: TCPIP.SYS >
[2011/04/24 22:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 10:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 06:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/20 23:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/13 23:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 03:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/24 22:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/03/30 03:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/13 23:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 18:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 22:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/20 23:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 09:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\erdnt\cache64\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/24 23:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/20 23:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/20 23:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 09:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\erdnt\cache64\tdx.sys
[2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/20 23:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

========== Files - Unicode (All) ==========
[2012/05/22 23:28:22 | 000,002,370 | ---- | M] ()(C:\Users\Public\Desktop\The Lord of the Rings - Conquest?.lnk) -- C:\Users\Public\Desktop\The Lord of the Rings - Conquest™.lnk
[2012/05/22 23:28:22 | 000,002,370 | ---- | C] ()(C:\Users\Public\Desktop\The Lord of the Rings - Conquest?.lnk) -- C:\Users\Public\Desktop\The Lord of the Rings - Conquest™.lnk
[2012/04/02 02:23:14 | 000,001,217 | ---- | M] ()(C:\Users\Roy Yip\Desktop\中世?2全面??之王?游?完美?化版.lnk) -- C:\Users\Roy Yip\Desktop\中世纪2全面战争之王国游侠完美汉化版.lnk
[2012/04/02 02:23:14 | 000,001,217 | ---- | C] ()(C:\Users\Roy Yip\Desktop\中世?2全面??之王?游?完美?化版.lnk) -- C:\Users\Roy Yip\Desktop\中世纪2全面战争之王国游侠完美汉化版.lnk
[2011/02/22 04:38:46 | 000,001,139 | ---- | M] ()(C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\???速土豆.lnk) -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk
[2011/02/22 04:38:24 | 000,001,997 | ---- | M] ()(C:\Users\Roy Yip\Desktop\?速土豆.lnk) -- C:\Users\Roy Yip\Desktop\飞速土豆.lnk
[2011/02/22 04:38:24 | 000,001,997 | ---- | C] ()(C:\Users\Roy Yip\Desktop\?速土豆.lnk) -- C:\Users\Roy Yip\Desktop\飞速土豆.lnk
[2011/02/22 04:38:24 | 000,001,139 | ---- | C] ()(C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\???速土豆.lnk) -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk
[2009/04/14 00:29:16 | 000,435,576 | ---- | M] (www.pps.tv)(C:\Windows\SysWow64\pps影?屏保.scr) -- C:\Windows\SysWow64\pps影讯屏保.scr
[2009/04/14 00:29:16 | 000,435,576 | ---- | C] (www.pps.tv)(C:\Windows\SysWow64\pps影?屏保.scr) -- C:\Windows\SysWow64\pps影讯屏保.scr
(C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?速土豆) -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\飞速土豆
< End of report >

 

[roy392003]

OTL Extras logfile created on: 30/8/2012 12:28:34 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Roy Yip\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

15.99 Gb Total Physical Memory | 13.16 Gb Available Physical Memory | 82.27% Memory free
31.98 Gb Paging File | 28.89 Gb Available in Paging File | 90.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 234.59 Gb Total Space | 61.77 Gb Free Space | 26.33% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 482.19 Gb Free Space | 69.02% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 24.42 Gb Free Space | 32.76% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1.41 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 2.41 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 308.91 Gb Free Space | 66.32% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 0.14 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 0.25 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

Computer Name: ROYYIP-PC | User Name: Roy Yip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{04AB3C87-3391-4562-8138-A7FF37F67A40}" = lport=9804 | protocol=6 | dir=in | name=bitcomet 9804 tcp |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27E6BF6D-4693-4D5F-9396-5537F765662E}" = lport=18625 | protocol=6 | dir=in | name=bitcomet 18625 tcp(ed2k) |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{315F4430-A4FF-4427-AD57-EC8E1B2FDE0D}" = lport=9804 | protocol=17 | dir=in | name=bitcomet 9804 udp |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{758ADF34-171F-4AEB-981A-8A2BA2CE7518}" = lport=18625 | protocol=17 | dir=in | name=bitcomet 18625 udp(ed2k) |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{01F3DAC4-1975-4800-B5EC-11088D69943C}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{954D5CAF-B95B-4D13-A2DD-071AE666E60A}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C51314CD-C589-464A-B403-53C6188169D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E08C0B79-687D-4D0D-A805-5C171E0DDCDE}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0FC87828-C8EC-446B-AAD2-A4CF28C850D5}C:\program files (x86)\tudou\飞速tudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tudou\飞速tudou\tudouva.exe |
"TCP Query User{F81710E3-965C-432F-837B-DC86931337A7}C:\pps.tv\ppstream\ppsap.exe" = protocol=6 | dir=in | app=c:\pps.tv\ppstream\ppsap.exe |
"UDP Query User{1FD0144E-9725-40A0-99ED-BD31787CF9FD}C:\program files (x86)\tudou\飞速tudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tudou\飞速tudou\tudouva.exe |
"UDP Query User{637DF662-DA5B-4E65-A0D6-77A20A1B915B}C:\pps.tv\ppstream\ppsap.exe" = protocol=17 | dir=in | app=c:\pps.tv\ppstream\ppsap.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CCF9FC3-76DF-49B2-8ED1-C85DCC58952E}" = CheckIt Diagnostics 8
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AAEBDB6-9DBD-4020-87AD-75E99D916C2F}" = ESET Smart Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EC39CC32-E144-42E4-9A59-53C20B408BDE}" = WD SmartWare
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"WinRAR archiver" = WinRAR 壓縮工具

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A17F4DB-C3B7-4E45-AECC-7F9FF6909C4B}" = NETGEAR WN121T wireless USB 2.0 adapter
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = 魔戒：中土戰爭II 巫王的崛起
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2E3C4040-B524-43BD-A665-564D2B5C5C19}" = eHOT Line
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{36EF7A28-5C99-44E2-ADB4-2CB67C4B2527}" = T-Utility Green Power Utility II
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB3FF26-7194-49B8-8E3F-C12890B3894C}" = 流星蝴蝶劍
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E9BCC06-C742-408B-A194-82237FCF67F7}" = CyberPower PowerPanel Personal Edition 1.2.3
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple 應用程式支援
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7210696a-917b-47f1-b1a9-dcb0c9106549}" = Nero 9 Essentials
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F16A9FF-3784-4F73-0082-2182D5A93311}" = Need For Speed Most Wanted
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.3.115
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1028-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Chinese Traditional
"{B099C29E-EC83-4BF2-A4FF-5809D09C1C1B}" = BIOScreen
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9CC7CE9-B185-40BE-A9A8-504303EA06F7}" = TOVERCLOCKER
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2711393-0008-45FD-9D60-6903AEC0F0FF}" = Windows Live Sync
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam 軟體
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E8626A59-FD0E-449C-A23A-C52FC0733629}" = Tseries BIOS Update
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{EFD0F1AB-2164-46C0-B502-06FE5EBB85FA}" = BIO-Remote
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"《星海爭霸 II》" = 《星海爭霸 II》
"7-Zip" = 7-Zip 9.15 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All Video Fixer_is1" = All Video Fixer 8.9
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Arena CAH Death Match" = Arena CAH Death Match
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFME1->BFME2 Map Pack BETA" = BFME1->BFME2 Map Pack BETA
"BitComet" = BitComet(比特彗星) 1.29
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Complitly_is1" = Complitly
"DAEMON Tools Lite" = DAEMON Tools Lite
"Ease Audio Converter_is1" = Ease Audio Converter 5.21
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.0" = ESN Sonar
"FormatFactory" = 跡宒馱釦 2.70
"Fraps" = Fraps
"InstallShield_{2A17F4DB-C3B7-4E45-AECC-7F9FF6909C4B}" = NETGEAR WN121T wireless USB 2.0 adapter
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"Intelli-studio" = SAMSUNG Intelli-studio
"iTudou" = iTudou 2.7.2.1
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MobTime Cell Phone Manager_is1" = MobTime Cell Phone Manager V6.6.5
"MpcStar" = 影音之星 5.3
"OpenAL" = OpenAL
"Origin" = Origin
"PPStream" = PPStream V2.7.0.1336 Final
"PunkBusterSvc" = PunkBuster Services
"Saints Row The Third_is1" = Saints Row The Third
"Search Toolbar" = Search Toolbar
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"TeamViewer 7" = TeamViewer 7
"TTIME_M3K4" = 富甲天下四
"Video Fixer 3.23_is1" = Video Fixer 3.23
"VLC media player" = VLC media player 1.1.7
"vmn3_5dn" = Antiphishing Domain Advisor
"WinAVI Video Converter" = WinAVI Video Converter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live 程式集
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zombie Driver" = Zombie Driver 1.1.6b
"飞速土豆" = 飞速土豆 1.40.19.0
"中世纪2全面战争之王国游侠完美汉化版_is1" = 中世纪2全面战争之王国游侠完美汉化版
"童話" = 童話
"蜓樅毞狟5 楛极笢恅唳_is1" = 蜓樅毞狟5 楛极笢恅V1.03唳

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Rise of the Witch King Unofficial Patch 2.02" = Rise of the Witch King Unofficial Patch 2.02
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/8/2012 4:34:21 PM | Computer Name = RoyYip-PC | Source = Application Error | ID = 1000
Description = 失敗的應用程式名稱: LVPrcSrv.exe，版本: 13.0.1774.0，時間戳記: 0x4be4c07a 失敗的模組名稱: LVPrcSrv.exe，版本:
13.0.1774.0，時間戳記: 0x4be4c07a 例外狀況碼: 0xc0000005 錯誤位移: 0x000000000000be1b 失敗的處理程序識別碼:
0x8e0 失敗的應用程式開始時間: 0x01cd8237ce9a60bf 失敗的應用程式路徑: C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
失敗的模組路徑:
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe 報告識別碼: 1575e063-ee2b-11e1-9dd7-c08204807835

Error - 25/8/2012 3:30:09 AM | Computer Name = RoyYip-PC | Source = SideBySide | ID = 16842832
Description = "C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe"
的啟用內容產生失敗。在資訊清單或原則檔 "" 的第 行發生錯誤。 應用程式所需的元件版本和另一個使用中的元件版本衝突。 衝突的元件為: 元件 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest。
元件
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest。

Error - 25/8/2012 3:30:20 AM | Computer Name = RoyYip-PC | Source = SideBySide | ID = 16842832
Description = "C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe"
的啟用內容產生失敗。在資訊清單或原則檔 "" 的第 行發生錯誤。 應用程式所需的元件版本和另一個使用中的元件版本衝突。 衝突的元件為: 元件 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest。
元件
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest。

Error - 25/8/2012 5:48:00 AM | Computer Name = RoyYip-PC | Source = Application Error | ID = 1000
Description = 失敗的應用程式名稱: iexplore.exe，版本: 8.0.7601.17514，時間戳記: 0x4ce79912 失敗的模組名稱:
mshtml.dll，版本: 8.0.7601.17874，時間戳記: 0x4fea9d9c 例外狀況碼: 0xc0000005 錯誤位移: 0x001b8833
失敗的處理程序識別碼:
0x65c 失敗的應用程式開始時間: 0x01cd82a5a260a113 失敗的應用程式路徑: C:\Program Files (x86)\Internet
Explorer\iexplore.exe 失敗的模組路徑: C:\Windows\SysWOW64\mshtml.dll 報告識別碼: f4a0abf2-ee99-11e1-9dd7-00306783b0e5

Error - 26/8/2012 1:56:08 PM | Computer Name = RoyYip-PC | Source = System Restore | ID = 8193
Description =

Error - 27/8/2012 3:30:08 AM | Computer Name = RoyYip-PC | Source = SideBySide | ID = 16842832
Description = "C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe"
的啟用內容產生失敗。在資訊清單或原則檔 "" 的第 行發生錯誤。 應用程式所需的元件版本和另一個使用中的元件版本衝突。 衝突的元件為: 元件 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest。
元件
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest。

Error - 27/8/2012 3:30:18 AM | Computer Name = RoyYip-PC | Source = SideBySide | ID = 16842832
Description = "C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe"
的啟用內容產生失敗。在資訊清單或原則檔 "" 的第 行發生錯誤。 應用程式所需的元件版本和另一個使用中的元件版本衝突。 衝突的元件為: 元件 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest。
元件
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest。

Error - 27/8/2012 7:15:29 AM | Computer Name = RoyYip-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = 處理 Performance 延伸計數器提供者時，Performance 登錄值中的效能字串已損毀。Performance 登錄中的
BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD，而 LastHelp 值則是
Data 區段中的第三個 DWORD。

Error - 27/8/2012 7:15:29 AM | Computer Name = RoyYip-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = 處理 Performance 延伸計數器提供者時，Performance 登錄值中的效能字串已損毀。Performance 登錄中的
BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD，而 LastHelp 值則是
Data 區段中的第三個 DWORD。

Error - 27/8/2012 7:15:29 AM | Computer Name = RoyYip-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。

[ System Events ]
Error - 25/8/2012 7:44:49 AM | Computer Name = RoyYip-PC | Source = Schannel | ID = 36874
Description = 收到來自遠端用戶端應用程式的 SSL 3.0 連線要求，但用戶端應用程式支援的加密套件伺服器都不支援。SSL 連線要求失敗。

Error - 25/8/2012 7:44:49 AM | Computer Name = RoyYip-PC | Source = Schannel | ID = 36888
Description = 已產生以下的嚴重警示: 40。內部錯誤狀態為 107。

Error - 25/8/2012 7:45:05 AM | Computer Name = RoyYip-PC | Source = Schannel | ID = 36874
Description = 收到來自遠端用戶端應用程式的 SSL 3.0 連線要求，但用戶端應用程式支援的加密套件伺服器都不支援。SSL 連線要求失敗。

Error - 25/8/2012 7:45:05 AM | Computer Name = RoyYip-PC | Source = Schannel | ID = 36888
Description = 已產生以下的嚴重警示: 40。內部錯誤狀態為 107。

Error - 25/8/2012 7:45:06 AM | Computer Name = RoyYip-PC | Source = Schannel | ID = 36874
Description = 收到來自遠端用戶端應用程式的 SSL 3.0 連線要求，但用戶端應用程式支援的加密套件伺服器都不支援。SSL 連線要求失敗。

Error - 25/8/2012 7:45:06 AM | Computer Name = RoyYip-PC | Source = Schannel | ID = 36888
Description = 已產生以下的嚴重警示: 40。內部錯誤狀態為 107。

Error - 26/8/2012 1:58:23 PM | Computer Name = RoyYip-PC | Source = Service Control Manager | ID = 7030
Description = PEVSystemStart 服務被標示為互動服務。但是系統被設定成不允許互動服務。這項服務可能無法正常運作。

Error - 26/8/2012 2:00:29 PM | Computer Name = RoyYip-PC | Source = Service Control Manager | ID = 7030
Description = PEVSystemStart 服務被標示為互動服務。但是系統被設定成不允許互動服務。這項服務可能無法正常運作。

Error - 27/8/2012 7:10:11 AM | Computer Name = RoyYip-PC | Source = Service Control Manager | ID = 7000
Description = StarWind AE Service 服務無法啟動，因為下列錯誤: %%2

Error - 27/8/2012 7:17:12 AM | Computer Name = RoyYip-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\ROYYIP~1\AppData\Local\Temp\OnlineScanner\Anti-Vir 已被防止載入，原因是其與此系統不相容。請連絡您的軟體廠商，以取得相容的驅動程式版本。


< End of report >

 

[Jay Pfoutz]

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :OTL
  O4 - Startup: C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk = File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
  O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
  ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
  ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
  ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
  ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
  ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
  
  :files
  C:\Users\Roy Yip\AppData\Local\{05e0d007-0ba5-6505-bd5f-380e814a59a0}
  
  :commands
  [emptytemp]
  [reboot]
  
• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

 

[roy392003]

All processes killed
========== OTL ==========
C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ not found.
========== FILES ==========
C:\Users\Roy Yip\AppData\Local\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U folder moved successfully.
C:\Users\Roy Yip\AppData\Local\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\L folder moved successfully.
C:\Users\Roy Yip\AppData\Local\{05e0d007-0ba5-6505-bd5f-380e814a59a0} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Roy Yip
->Temp folder emptied: 501264232 bytes
->Temporary Internet Files folder emptied: 47660558 bytes
->Java cache emptied: 29633 bytes
->Flash cache emptied: 347222 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 769294 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62777904 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 801926 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 585.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 08312012_093353
Files\Folders moved on Reboot...
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\flaBADF.tmp not found!
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\flaEB31.tmp not found!
C:\Users\Roy Yip\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\~DF1E46C7F72815FF86.TMP not found!
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\~DF26727B53AA06D297.TMP not found!
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\~DF29D0A1D47426FC80.TMP not found!
C:\Users\Roy Yip\AppData\Local\Temp\~DF3E8B01BEA5ED6963.TMP moved successfully.
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\~DF4A9364223A3CA3F9.TMP not found!
C:\Users\Roy Yip\AppData\Local\Temp\~DF7E8F073F26F16812.TMP moved successfully.
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\~DFAC6A82FD654CFA35.TMP not found!
C:\Users\Roy Yip\AppData\Local\Temp\~DFDA32C123B50AFC30.TMP moved successfully.
File\Folder C:\Users\Roy Yip\AppData\Local\Temp\~DFDC53494F7173F0F0.TMP not found!
C:\Users\Roy Yip\AppData\Local\Temp\~DFFB0B2FD44429C2ED.TMP moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHD3I067\43241694-1666688497[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHD3I067\quality[1].php moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHD3I067\quality[2].php moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTFBXCEE\300250xlspny[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTFBXCEE\playflash[1].js moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1WJ2M10\csc-render[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1WJ2M10\st[3] moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XVM47D\adServer[2].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XVM47D\alimama[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XVM47D\danpin250x250ceshi0915[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XVM47D\outside[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XVM47D\quality[1].php moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XVM47D\rsa[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ151JO8\272[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ151JO8\tanx[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ151JO8\_cid__time_160_sort_score_display_album_high_0[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0MTEPSI\0[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0MTEPSI\300250xlspny[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0MTEPSI\Ad_shot[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0MTEPSI\alimama[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0MTEPSI\storage[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUX09R0Q\ext-render-secure[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUX09R0Q\storage[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUX09R0Q\taglist[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\0[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\451399[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\8[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\Ad_shot[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\alimama[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\ext-render-secure[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\fc[2].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\info_wb[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\launch[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\outside[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\search[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\st[4] moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO90VJGQ\st[5] moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TLVRJ6A\300250xlspny[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TLVRJ6A\300250xlspny[2].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TLVRJ6A\a[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TLVRJ6A\page-2[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QC9O7B0\0[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QC9O7B0\53181102-1774605283[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QC9O7B0\Ad_shot[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QC9O7B0\alimama[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU4EBNK\0[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU4EBNK\53181102-1774605283[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU4EBNK\74101605-2660384277[1].html moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU4EBNK\alimama[1].htm moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU4EBNK\index[1].php moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU4EBNK\quality[3].php moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU4EBNK\quality[4].php moved successfully.
C:\Users\Roy Yip\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_ROYYIP-PC$\3668 not found!
C:\Windows\temp\etilqs_5uJop9dCSOMX0hqDmaw3 moved successfully.
C:\Windows\temp\etilqs_5wtSfHq2Zv01Cb3RLRQu moved successfully.
C:\Windows\temp\etilqs_ab79tQ5HmlYV232QhL8R moved successfully.
C:\Windows\temp\etilqs_eLS0lMRsIwywf3K6UidX moved successfully.
C:\Windows\temp\etilqs_nxzpXoFZL7vZojEwFQTO moved successfully.
C:\Windows\temp\etilqs_PURhNTonfxcMu7RkHl0Z moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[Jay Pfoutz]

Now how's it working?

 

[roy392003]

My computer back to normal, it seem have been fixed.Thank for help!(y)
If I still have a problem with it will let you know.Thank again!!

 

[Jay Pfoutz]

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
• Ran OTC
• Ran CCleaner
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

 

[roy392003]

Hi! I completed every step you said.

• Cleaned System Restore
• Ran OTC
• Ran CCleaner
• [LEFT]Ran Security Check[/LEFT]

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CA Yahoo! Anti-Spy (remove only)
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 32
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


I have a ESET Smart Security already.Do I still need Malwarebytes Anti-Malware?Can I remove Malwarebytes Anti-Malware ?
[LEFT] [/LEFT]
[LEFT] [/LEFT]
[LEFT] [/LEFT]
[LEFT] [/LEFT]

 

[Jay Pfoutz]

You can remove it, if you wish!

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet. Please go to
Microsoft Windows and Internet Explorer Updates to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

 

[roy392003]

Hi! My computer running good, you can make this topic solved.Thank for help!

 

[Jay Pfoutz]

You're welcome.