1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Malwarebytes Anti-Malware stopped working

Discussion in 'Malware and Virus Removal Archive' started by rwirsig, 2014/04/12.

  1. 2014/05/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\KEW\Downloads
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\..\SearchScopes\{F46DBD5C-8D30-4BA0-982D-E0D45B49D8B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10469
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-592423314-1620390198-4279179177-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\PremierOpinion\firefox

    [2013-11-21 18:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KEW\AppData\Roaming\mozilla\Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://search.us.com/?guid={A0C59675-4F4E-4680-8A71-CB42ADD33E6E}&serpv=5
    CHR - plugin: Error reading preferences file
    CHR - Extension: WOT = C:\Users\KEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\
    CHR - Extension: SaleSCheckeR = C:\Users\KEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcagdchhjghncjmpdmgnldijpfhphec\2.2\
    CHR - Extension: TidyNetwork = C:\Users\KEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjecgnddnjfognpjggmmihfphggdfka\5.0.0.0_0\
    CHR - Extension: Google Wallet = C:\Users\KEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: FineuDaealSoft = C:\Users\KEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\polabhfcgkfnhjmjmbjnmoboonghdhon\4.4\

    O1 HOSTS File: ([2013-08-22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
    O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
    O4 - HKU\S-1-5-21-592423314-1620390198-4279179177-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D77520DF-E08F-40B0-80F8-77FD80E20498}: DhcpNameServer = 192.168.24.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB718CF8-09D1-4A54-B834-5DE44ED5FBD7}: DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\WINDOWS\system32\blzblk.exe \??\C:\WINDOWS\system32\blzblk.dat blzblk)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014-05-06 07:19:59 | 000,000,000 | ---D | C] -- C:\FRST
    [2014-05-01 11:18:55 | 000,000,000 | -HSD | C] -- C:\Users\KEW\AppData\Local\EmieUserList
    [2014-05-01 11:18:55 | 000,000,000 | -HSD | C] -- C:\Users\KEW\AppData\Local\EmieSiteList
    [2014-05-01 08:22:44 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
    [2014-05-01 08:18:53 | 000,000,000 | ---D | C] -- C:\Users\KEW\Desktop\OpenOffice 4.1.0 (en-US) Installation Files
    [2014-04-30 06:57:20 | 000,013,312 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\SysNative\drivers\blzblk.sys
    [2014-04-22 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2014-04-22 21:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2014-04-16 21:27:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014-04-16 07:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2014-04-13 06:56:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2014-04-12 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2014-04-12 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2014-04-12 09:19:54 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
    [2014-04-12 09:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014-04-12 09:19:20 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
    [2014-04-12 09:19:20 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
    [2014-04-12 09:19:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
    [2014-04-12 09:19:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014-05-06 20:41:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014-05-06 00:40:00 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014-05-06 00:40:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014-05-05 20:17:42 | 000,867,660 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
    [2014-05-05 20:17:42 | 000,738,836 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
    [2014-05-05 20:17:42 | 000,140,660 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
    [2014-05-05 20:17:27 | 000,074,240 | ---- | M] () -- C:\WINDOWS\SysNative\blzblk.exe
    [2014-05-05 20:17:27 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\SysNative\drivers\blzblk.sys
    [2014-05-05 20:17:27 | 000,000,276 | ---- | M] () -- C:\WINDOWS\SysNative\blzblk.dat
    [2014-05-05 20:16:53 | 000,000,074 | ---- | M] () -- C:\Users\KEW\AppData\Roaming\sp_data.sys
    [2014-05-05 20:14:19 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014-05-05 20:12:18 | 3340,107,776 | -HS- | M] () -- C:\hiberfil.sys
    [2014-05-05 20:12:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2014-05-05 11:55:18 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
    [2014-05-05 01:43:05 | 000,377,968 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
    [2014-05-01 08:22:46 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
    [2014-04-16 21:48:05 | 000,001,124 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2014-04-13 11:13:57 | 000,872,506 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
    [2014-04-12 19:33:10 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014-04-12 09:19:30 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014-05-05 20:17:27 | 000,074,240 | ---- | C] () -- C:\WINDOWS\SysNative\blzblk.exe
    [2014-05-05 20:17:27 | 000,000,276 | ---- | C] () -- C:\WINDOWS\SysNative\blzblk.dat
    [2014-05-01 08:22:46 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
    [2014-04-29 14:36:28 | 000,139,600 | ---- | C] () -- C:\WINDOWS\SysNative\systemsf.ebd
    [2014-04-29 14:34:53 | 000,262,335 | ---- | C] () -- C:\WINDOWS\SysNative\dfpinc.dat
    [2014-04-29 14:32:58 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
    [2014-04-29 14:32:58 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysNative\WimBootCompress.ini
    [2014-04-29 14:32:17 | 000,100,197 | ---- | C] () -- C:\WINDOWS\SysWow64\RacRules.xml
    [2014-04-29 14:32:17 | 000,100,197 | ---- | C] () -- C:\WINDOWS\SysNative\RacRules.xml
    [2014-04-29 14:32:16 | 000,007,762 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-suggestions.searchconnector-ms
    [2014-04-29 14:32:16 | 000,007,762 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-suggestions.searchconnector-ms
    [2014-04-29 14:32:16 | 000,007,130 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-zeroinput.searchconnector-ms
    [2014-04-29 14:32:16 | 000,007,130 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-zeroinput.searchconnector-ms
    [2014-04-29 14:31:57 | 000,011,109 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
    [2014-04-29 14:31:57 | 000,011,109 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
    [2014-04-29 14:31:53 | 000,050,053 | ---- | C] () -- C:\WINDOWS\SysNative\srms.dat
    [2014-04-29 14:31:48 | 000,002,440 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
    [2014-04-29 12:44:12 | 000,387,210 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
    [2014-04-18 07:03:04 | 000,000,512 | ---- | C] () -- C:\Users\KEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OS (C).lnk
    [2014-04-18 07:03:04 | 000,000,470 | ---- | C] () -- C:\Users\KEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DATA (D).lnk
    [2014-04-18 07:03:04 | 000,000,323 | ---- | C] () -- C:\Users\KEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud Photos.lnk
    [2014-04-16 21:48:05 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2014-04-16 21:48:04 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    [2014-04-13 11:13:57 | 000,872,506 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
    [2014-04-12 19:33:10 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2014-04-12 19:33:10 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014-04-12 09:19:30 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014-04-01 01:17:54 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
    [2013-12-19 08:16:01 | 000,000,187 | ---- | C] () -- C:\Users\KEW\AppData\Roaming\WB.CFG
    [2013-11-11 16:11:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2013-10-01 14:02:30 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
    [2013-10-01 14:02:26 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
    [2013-10-01 14:02:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
    [2013-09-07 16:57:38 | 000,000,074 | ---- | C] () -- C:\Users\KEW\AppData\Roaming\sp_data.sys
    [2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
    [2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
    [2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
    [2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
    [2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
    [2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
    [2013-06-07 11:24:46 | 000,013,973 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCoInst.dat
    [2012-11-27 14:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
    [2012-07-25 16:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
    [2012-07-25 16:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin

    ========== ZeroAccess Check ==========

    [2013-11-11 12:49:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    " " = C:\Windows\SysNative\shell32.dll -- [2014-03-19 23:48:41 | 021,232,792 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2014-03-19 21:20:53 | 018,679,216 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    " " = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    " " = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013-11-09 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
    [2013-11-09 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
    [2013-11-21 18:11:51 | 000,000,000 | ---D | M] -- C:\Users\KEW\AppData\Roaming\addpcs
    [2013-11-12 22:16:58 | 000,000,000 | ---D | M] -- C:\Users\KEW\AppData\Roaming\AffiliatedUpdate
    [2013-09-07 16:56:50 | 000,000,000 | ---D | M] -- C:\Users\KEW\AppData\Roaming\ASUS WebStorage
    [2014-05-03 12:22:04 | 000,000,000 | ---D | M] -- C:\Users\KEW\AppData\Roaming\KeePass
    [2013-12-01 13:17:07 | 000,000,000 | ---D | M] -- C:\Users\KEW\AppData\Roaming\OpenOffice
    [2013-11-11 13:17:11 | 000,000,000 | ---D | M] -- C:\Users\KEW\AppData\Roaming\OpenOffice.org

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 237 bytes -> C:\Users\KEW\SkyDrive:ms-properties
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

    < End of report >
     
  2. 2014/05/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    OTL Extras logfile created on: 2014-05-06 8:53:08 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KEW\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17031)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

    3.89 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.45% Memory free
    4.58 Gb Paging File | 2.32 Gb Available in Paging File | 50.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 185.96 Gb Total Space | 148.86 Gb Free Space | 80.05% Space Free | Partition Type: NTFS
    Drive D: | 258.15 Gb Total Space | 258.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

    Computer Name: KEW_PC | User Name: KEW | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1 "
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1 "
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
    "UpgradeTime" = [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
    "UpgradeTime" = Reg Error: Unknown registry data type -- File not found

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0733E3CE-120A-42E7-98EE-6DA9C433CC60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{07E83DDB-AA72-4594-AC6B-B0E14928F497}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1932E194-64BA-4BDC-AA5A-605719D32680}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3FDF5276-7832-450B-8729-C4BBE349A700}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{4840C53D-D942-42ED-8868-540FFFE26A79}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{66432F86-EFF8-4901-AC69-384E300E4CE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{85C489BF-4998-43B8-A3D9-16616E21A9B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{8F8EF164-8C0E-4CA3-8B39-E14B3ED362F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{963C85A6-046F-40AB-92E5-424F10D98037}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E2EFCB74-4CC7-4638-A093-BC2B5EFB7028}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E5A35DB4-3340-4A59-B66F-98470DB8BB94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EF22ED3F-98BA-4EC7-88B3-BB74F30F5AA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{017217BC-7B3F-42BE-99DD-F4EB6286DD09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0BAE2DC9-39EE-455E-9765-B5E37B0914C6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{0EF8286A-D8B1-402F-8B13-244ECB9AB88A}" = protocol=6 | dir=out | app=system |
    "{0F003EF9-4ABF-483A-AB5E-5A2C9F33D527}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{10ADAFAC-1CD8-42FE-902D-93A9578D0414}" = dir=out | name=f5 vpn |
    "{123FEF31-1EC8-4F39-A06D-220C19A7031E}" = dir=out | name=@{microsoft.bingnews_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
    "{1BC014AB-75D0-4C95-8257-A1D0B0954E79}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    "{1D3668ED-1332-4546-84BC-C38F18A0C273}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1E2B0167-C004-409D-8E55-72C2409D12B1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{1F3580A7-8CB9-4B9A-96B3-391D3E627D31}" = dir=out | name=@{microsoft.zunevideo_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    "{2377A78A-A90E-437F-B5C6-70E842C4C694}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2A3273B7-FC90-4646-8F83-301AA5EE528C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{30108C93-6368-4B12-917A-095AD851E776}" = dir=out | name=check point vpn |
    "{337A200F-A3F1-4DE1-86AA-7AA6949FB287}" = dir=in | name=skype |
    "{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 |
    "{367AC9B9-C4C5-430D-BEE8-57E406FAE86B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{381E8562-61F2-430C-9154-FB9EA4AC6E37}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{39B69072-34E0-4BF0-86CD-CA5DB1234C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{39E4DDC0-7F05-4A9A-9D71-7764D7DECF2E}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
    "{3D6EB44D-59C2-41CA-B318-EC0446261B70}" = dir=in | name=taptiles |
    "{3EFD1512-E1A4-4B0B-9B8A-606C8FC4B7DE}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
    "{4798BC15-BF6B-49D9-AC2F-2D0B7FC230B1}" = dir=out | name=juniper networks junos pulse |
    "{4CB67C35-F513-40DC-898C-02B0684592A4}" = dir=in | name=f5 vpn |
    "{4D02A447-2D4D-47BD-A418-EEE4B0095971}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
    "{5A438B2D-710C-46A6-9C7F-47AD7D9D2120}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
    "{5C0086C6-CC94-42A5-9292-FF72986AF37E}" = dir=out | name=cbc |
    "{5CE1C191-C01A-4B5B-8587-A0021D3CCE51}" = dir=out | name=windows_ie_ac_001 |
    "{5CEC3532-8335-4D4A-83C7-50B85E958F9E}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
    "{6317D92F-2C16-480B-979E-E9B785B60551}" = dir=out | name=@{microsoft.bingsports_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
    "{63DE4FA4-5F18-4522-8622-2BFB5D30ED64}" = dir=out | name=allthecooks recipes |
    "{651C71DC-442A-425B-8B5A-77E4C824B532}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{68630576-7D3C-4ABE-8D66-EF9FB0399595}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6C57BE11-D02E-47F5-A145-2E495B6B6376}" = dir=in | name=sonicwall mobile connect |
    "{6D908F4A-0D33-419C-BE41-7B3A2140C4C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7A6935D1-8291-4411-A925-98CB8330F6DB}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{7CE96F37-CCAF-4ABD-8066-CCC2FEDE7758}" = dir=out | name=microsoft solitaire collection |
    "{7F0AAE24-9105-4147-BFE4-4188462B5FF3}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{7F155174-C703-419F-9D3B-48A564F7D5A1}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{81CC591D-AAA2-4C8F-95E2-C494930766FD}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
    "{8234E993-FA5D-4CE5-B470-89C455EBBE1F}" = dir=out | name=pinball fx2 |
    "{8E111FFA-7403-41C1-8090-B3DCD1869FE8}" = dir=out | name=windows_ie_ac_001 |
    "{90FAEE42-C197-426A-8595-83B5D381CF79}" = dir=out | name=tripadvisor hotels flights restaurants |
    "{97EA3E69-D1C8-424E-9099-91A19F73511A}" = dir=out | name=@{microsoft.zunemusic_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{A126DC84-093D-4962-92F3-DA6641F7B1E8}" = dir=out | name=@{microsoft.bingtravel_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
    "{A63F478A-4F0A-4AA3-80FE-3B6388BDFE74}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{AB4432EA-EC7D-4819-BB07-3A46C3C91684}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
    "{B3962AB1-6974-4BD6-B827-B64641F5C59D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B44D8EF5-40FC-463E-B572-26131627B85E}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    "{B4DBABA1-3AC0-4BE2-A169-39AC2404601B}" = dir=in | name=check point vpn |
    "{B7BCA895-62EB-4629-9385-3E6BE8021D5F}" = dir=in | name=juniper networks junos pulse |
    "{B817702A-CB1E-4ABB-8461-53568BAEC851}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{B960D412-5033-4DB2-9CF0-B2454FCF3541}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{BBC07EBD-D5CC-4922-A743-1C72068478EA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{C66BEA00-FC58-460D-994F-9381C4344607}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CA0B5BD7-FB88-4A9A-ADD2-698BD6012607}" = dir=out | name=@{microsoft.bingfinance_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
    "{CBB51231-1074-4E04-9602-6152B00E03F3}" = dir=out | name=skype |
    "{CF93643E-D6CA-4412-A295-D6ADB9132577}" = dir=in | name=microsoft solitaire collection |
    "{D01CC3F9-13E3-430A-B336-54FED453B895}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{D20AD440-14DA-4275-911A-5BE4A8E2931A}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{D5BCAF76-2CBD-4619-B261-F56C6A1329C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
    "{D78EB0B6-1940-4A40-AF21-B71F6B3C3483}" = dir=out | name=play movie |
    "{D858172D-E514-4F71-B443-5676B9DE03A2}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
    "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
    "{DC98B7B6-18CF-43DA-8556-E6390E66CE54}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{DDE9E423-7BEF-4AF8-9BA1-B77F2AE8DEF8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{E78F1FDA-AFD6-4229-96F8-C71D17DA8543}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{E7B6CA88-7029-43B9-AC67-9B16FA4563EB}" = dir=out | name=@{microsoft.bingweather_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
    "{ED28C212-D163-46F9-A22C-EEDFEA237536}" = dir=out | name=taptiles |
    "{ED875AD2-4EEB-43C5-87C9-39DA74990DBC}" = dir=out | name=facebook |
    "{EED64E2F-C18E-450F-870E-671C112A8A1C}" = dir=in | name=@{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{F22387DF-D8DB-409E-AFD3-9144486A120A}" = dir=in | name=pinball fx2 |
    "{F3030837-1F26-4CF9-8986-57809E2DD15D}" = dir=out | name=sonicwall mobile connect |
    "{F5554430-DC76-4849-A580-C68FAC76223B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F5897594-7E46-4ACA-B106-07C89265E1A2}" = dir=out | name=fresh paint |
    "{F5D38C96-98E4-4717-A69C-478B98160001}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
    "{F68D7742-BB5B-4707-8996-1133F6214493}" = dir=out | name=adera |
    "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
    "{FCC60B60-8EF3-4C97-B945-C1E3F9242C77}" = dir=out | name=@{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{FDCA94DA-E612-42C9-9361-01DC1BF7E6F8}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "TCP Query User{843F298C-EC7A-49BB-802C-E83E578BDA40}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{B957A67A-66A8-40DC-B99E-AA96A216D0A1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}" = ASUS Screen Saver
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
    "{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
    "{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
    "4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5" = Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170)
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Temp File Cleaner" = Temp File Cleaner

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{022C7C52-B294-4346-88BC-C7C2FF7FF1B7}" = Movie Maker
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
    "{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
    "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
    "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
    "{44A3A561-AE74-472D-A51C-43F4C9E7B5E5}" = Windows Live 软件包
    "{4592BAE7-B99A-47A5-9B6B-3BC236B9D3E9}" = Alcor Micro USB Card Reader
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
    "{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
    "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
    "{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{802E137D-DA8F-47CC-AC21-6DD075CD948C}" = Windows Live UX Platform Language Pack
    "{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
    "{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C87EF11D-36E9-479D-9898-7541EA1E8A6A}" = OpenOffice 4.1.0
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
    "{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
    "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
    "{EE2E1BED-0821-4244-ABDC-149E9F9750C3}" = Photo Common
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
    "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
    "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "AmUStor" = Alcor Micro USB Card Reader
    "ASUS WebStorage" = ASUS WebStorage Sync Agent
    "BrowserPlus2 Toolbar" = BrowserPlus2 Toolbar
    "ESET Online Scanner" = ESET Online Scanner v3
    "Google Chrome" = Google Chrome
    "InstallConverter" = InstallConverter
    "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.25
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "MyBitCast" = MyBitCast 2.0
    "Secunia PSI" = Secunia PSI (3.0.0.9016)
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{d4c7ef13-32c8-42fb-a387-fa6a07c5de9f}" = Snap.Do Engine
    "AffiliatedUpdate" = Extended Update
    "VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2014-05-04 6:30:17 AM | Computer Name = KEW_PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe ".Error in manifest or policy file " " on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
    Component
    2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

    Error - 2014-05-05 2:01:31 AM | Computer Name = KEW_PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe ".Error in manifest or policy file " " on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
    Component
    2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

    Error - 2014-05-05 2:26:39 AM | Computer Name = KEW_PC | Source = Application Hang | ID = 1002
    Description = The program LiveComm.exe version 17.5.9600.20461 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 8b8 Start
    Time: 01cf682ac0131071 Termination Time: 4294967295 Application Path: C:\Program
    Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe

    Report
    Id: 3614f002-d41e-11e3-bebf-74d02bd94db8 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe

    Faulting
    package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error - 2014-05-05 6:30:24 AM | Computer Name = KEW_PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe ".Error in manifest or policy file " " on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
    Component
    2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

    Error - 2014-05-05 6:32:59 AM | Computer Name = KEW_PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe ".Error in manifest or policy file " " on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
    Component
    2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

    Error - 2014-05-05 12:27:10 PM | Computer Name = KEW_PC | Source = Application Hang | ID = 1002
    Description = The program backgroundTaskHost.exe version 6.3.9600.16384 stopped
    interacting with Windows and was closed. To see if more information about the problem
    is available, check the problem history in the Action Center control panel. Process
    ID: dac Start Time: 01cf687e262b6de0 Termination Time: 4294967295 Application Path:
    C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: 1a4d197f-d472-11e3-bec0-74d02bd94db8

    Faulting
    package full name: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt Faulting package-relative
    application ID: App

    Error - 2014-05-05 8:30:33 PM | Computer Name = KEW_PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe ".Error in manifest or policy file " " on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
    Component
    2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

    Error - 2014-05-05 11:02:26 PM | Computer Name = KEW_PC | Source = Application Hang | ID = 1002
    Description = The program backgroundTaskHost.exe version 6.3.9600.16384 stopped
    interacting with Windows and was closed. To see if more information about the problem
    is available, check the problem history in the Action Center control panel. Process
    ID: 10f8 Start Time: 01cf68d6e541827b Termination Time: 4294967295 Application Path:
    C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: d8c22b4c-d4ca-11e3-bec1-74d02bd94db8

    Faulting
    package full name: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt Faulting package-relative
    application ID: App

    Error - 2014-05-06 3:04:30 AM | Computer Name = KEW_PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe ".Error in manifest or policy file " " on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
    Component
    2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

    Error - 2014-05-06 3:04:47 AM | Computer Name = KEW_PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe ".Error in manifest or policy file " " on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
    Component
    2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

    [ System Events ]
    Error - 2014-05-05 1:41:28 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:28 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:28 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:28 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:28 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:28 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:29 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:29 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 1:41:29 AM | Computer Name = KEW_PC | Source = DCOM | ID = 10010
    Description =

    Error - 2014-05-05 12:25:42 PM | Computer Name = KEW_PC | Source = Service Control Manager | ID = 7022
    Description = The Software Protection service hung on starting.


    < End of report >
     

  3. to hide this advert.

  4. 2014/05/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
    Code:
    :OTL
    
    
    :Services
    
    :Reg
    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
     "{d4c7ef13-32c8-42fb-a387-fa6a07c5de9f}" =-
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
     
  5. 2014/05/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{d4c7ef13-32c8-42fb-a387-fa6a07c5de9f} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4c7ef13-32c8-42fb-a387-fa6a07c5de9f}\ not found.
    ========== FILES ==========
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives\Users\00000002 folder moved successfully.
    C:\FRST\Hives\Users\00000001 folder moved successfully.
    C:\FRST\Hives\Users folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default.migrated

    User: KEW
    ->Temp folder emptied: 8547847 bytes
    ->Temporary Internet Files folder emptied: 377105290 bytes
    ->Google Chrome cache emptied: 265523920 bytes
    ->Flash cache emptied: 5348 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2383099 bytes
    RecycleBin emptied: 297607193 bytes

    Total Files Cleaned = 907.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Default.migrated

    User: KEW

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Default.migrated

    User: KEW
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05062014_213353

    Files\Folders moved on Reboot...
    C:\Users\KEW\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  6. 2014/05/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
    Code:
    :reg
    HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s
    
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  7. 2014/05/07
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    SystemLook 30.07.11 by jpshortstuff
    Log created at 07:38 on 07/05/2014 by KEW
    Administrator - Elevation successful

    ========== reg ==========

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    (No values found)

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AffiliatedUpdate]
    "DisplayIcon "= "C:\Users\KEW\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe "
    "DisplayName "= "Extended Update "
    "UninstallString "= "C:\Users\KEW\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe /Uninstall "

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CHCT3306060]
    "EstimatedSize "= 0x00000022a3 (8867)

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
    (No values found)

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint]
    "DisplayName "= "VisualBee for Microsoft PowerPoint "
    "UninstallString "= "C:\Users\KEW\AppData\Local\VisualBeeExe\uninst.exe "
    "DisplayIcon "= "C:\Users\KEW\AppData\Local\VisualBeeExe\uninst.exe "
    "DisplayVersion "= "V3.9 "
    "URLInfoAbout "= "http://www.visualbee.com "
    "Publisher "= "VisualBee.com "

    [HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d4c7ef13-32c8-42fb-a387-fa6a07c5de9f}]
    "DisplayName "= "Snap.Do Engine "
    "Publisher "= "ReSoft Ltd. "
    "DisplayVersion "= "1.167.1.12640 "
    "DisplayIcon "= "C:\Users\KEW\AppData\Local\Smartbar\Application\SmartbarInstallationIcon.ico "
    "UninstallString "= "MsiExec.exe /X{76D809C3-5493-44C2-80AF-E5DF1690A74F} /quiet ENGINE=1 "


    -= EOF =-
     
  8. 2014/05/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure why we're having issue deleting that key.
    Let see if you can do it manually.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Go Start and in "Start search" type:
    regedit
    Press Enter.

    Registry editor will open.
    Navigate to:
    HKEY_USERS\S-1-5-21-592423314-1620390198-4279179177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    You'll see several subkeys.
    Right click on {d4c7ef13-32c8-42fb-a387-fa6a07c5de9f} subkey, click "Delete ".
    If successful, restart computer and the listing should be gone.
     
  9. 2014/05/08
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    The Snap Do Engine is now gone in the uninstall page. I hope the procedure I used is correct: Under the name column I rt clicked on the line containing Snap Do Engine and then delete.
    Publisher Reg-SX ReSoft Ltd is there too. Is that not the publisher of Snap Do stuff? Should I remove that too?
     
  10. 2014/05/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Possibly you removed just one line.

    I posted:

    Right click on {d4c7ef13-32c8-42fb-a387-fa6a07c5de9f} subkey, click "Delete ".
     
  11. 2014/05/09
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    OK, I did it correctly this time. I cannot see Snap Do stuff nor ReSoft listings anywhere.
     
  12. 2014/05/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You should be good to go.

    Good luck and stay safe :)
     
  13. 2014/05/10
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    After a false start I purchased I believe one (only I hope) life time membership for 59.95 (a $60 option was not available)
    Thanks for your help.
    RW
     
  14. 2014/05/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome [​IMG]
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.