Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run antivirus scan with mbam. Computer unresponsive.


  • Please log in to reply

#46
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

Completed the steps above.  i have included a screenshot for your review as well before I try anything else. Machine is rebooted.

Attached Thumbnails

  • Hotfix.JPG

  • 0

Advertisements


#47
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Can you now run the mse removal tool?
  • 0

#48
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

Still the same errormessage. Sorry this is such a pain.  I appreciate all you have done up to this point.  If you can think of anything else I will try it. I don't want you to waste any time over the holiday weekend on this. 


  • 0

#49
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Re-scan with FRST and post its report.

Then, please download SystemLook from one of the links below and save it to your Desktop.

32 bit Download Mirror #1
32 bit Download Mirror #2


For 64bit systems, Please download SystemLook from the link below and save it to your Desktop.

64 bit Download Mirror
  • Double-click SystemLook.exe (or SystemLook_x64.exe) to run the application.
  • Copy the content of the following quote box into the main textfield:

    :regfind
    Essentials
    Antimalware

    :folderfind
    Essentials
    Antimalware

    :filefind
    Essentials
    Antimalware

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#50
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

SystemLook 30.07.11 by jpshortstuff
Log created at 13:32 on 24/05/2014 by Presenter
Administrator - Elevation successful

========== regfind ==========

Searching for "Essentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FD7EE11154CF7C04897A57A34CB621BF]
"QuickTimeInternet"="QuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FD7EE11154CF7C04897A57A34CB621BF]
"QuickTimeEssentials"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FD7EE11154CF7C04897A57A34CB621BF]
"QuickTimeEffects"="QuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FD7EE11154CF7C04897A57A34CB621BF]
"QuickTimeMusic"="QuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FD7EE11154CF7C04897A57A34CB621BF]
"QuickTimeAuthoring"="QuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FD7EE11154CF7C04897A57A34CB621BF]
"QuickTimeCapture"="QuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FD7EE11154CF7C04897A57A34CB621BF]
"QuickTimeProResDecoder"="QuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\StartMenu]
"Microsoft Security Essentials"="MSEv2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\da.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\de.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\en.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\es.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\it.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pl.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ru.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0369C95EDE2453044A2BA81207ACC471]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AE4C50F5CC339A4193B63A2526DB4C5]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E624681DEB8CA46857E0E750C9E6BD]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36FC04C1C45EDA944A3E769A2C6D393D]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4ED3817279F1B444693E1657E9661A5E]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ru.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56FFE146F689A0A48921D36F155DA395]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pl.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B831A0FDCE9E8244B485BB72BF57437]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\672E4EF2BF96961449535E3B46C15FD8]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75DCC21C0411D4143BE4D347C90ADA87]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F3B3B61990048A47AC83BA0899D0762]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90BF72C38140E7D41AEB02CF108E3B15]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6919D2BFD7AE7D45B63E95B0899D889]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD803F5DDC3CCD945B6475C9AB491EF7]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B353494E51F969A4A8A10B04706283BE]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BDC895BB6777AAC40B3D075BCB71C42D]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4D2E4A586EF7A4408C6942FA6227270]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D86DA654C020E4845B97A09D40C7EE2F]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D94D84B677F19A044AACEF9390A030B3]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E75E5087BE2EA9A4DB2455053A763171]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F017141CB34E326519C027A06128ED48]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\StartMenu\Microsoft Security Essentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F01E66DF13123DF4B900B53867B3F9D7]
"FD7EE11154CF7C04897A57A34CB621BF"="C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7EE11154CF7C04897A57A34CB621BF\Features]
"QuickTimeInternet"="E2S~R1+_X@e0Mh'_'!ceE7eZJ!n%Z=yj)yoGjyYki!7k5]uyi=9k.U(wA)N&4rtB6h_b2@pX=rz0Az[^j?v3pZBU19zkX}V{xD[109la%}&x}8GmzkSb9BbQCsi2Q7(Bd?v-$uoupzZu)ryT)y!t(9fsJbZocP0]Kk^rxIU3)='}+@)MHf70{iN&0BP}.9p^5V3$jdszP)JwYQ(1X=G}LNC(qloWq!LOs4Xbo?k'X)Viy,oIrHZEXGsES95igcYfu2@7@Mvr6SfSp=ctYIEyW@tBx]~3vXB_y8=+z2?ZxK=?)fiu_@aND?hc&1%E2bY51L(*81)jD?!Ve,FYhN-cC&com,!Cv8%tLweM,Ajw+rJ-+u}gJA5EHeQnm1MOD%$+XUwq~=RevdSl`GJ3UIx%1V@lI=7J3dviV+7fBpHuZ~Ibf=}NJJx,[email protected]`hT@okGamN8*trh8ac@AC97)7n`&UG1{*Y+@E`fwbx6G{LuE65&AB0U?'_VRuvh%`+e^ChfQpXb9+Qg1[O8FuyQ{}_I=_NR=@UEqhl]i$Q,l0'S}qF]AeER{3.fpVVB1k5Xhz!F=TJ1NR=PHz4ZY&ktg6lz9_sVWOs0*+9}Gh[%31y)9c{Jp?NGv{,L%3$V-wl==NMUe.A,.~J1XJ-Gx7ow8aPiH[)6l8HUF=SyDi~e9P_iBH~CksxI4f'=oYJ?9ef0CoG)ewV+GkoA14nt@E@vc2RJn5otzm$u.IFI?uEgk*gw%by9W9v%6EHq@TQ7=0J?O4%+t12_(*}Z9ICRS_4tksq?R@%+JMzN@g=hoAz5dz]Vlvmh3-DD9H%U5`cC&Dlfnw2+Yfm09*AkpVE)dL+
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7EE11154CF7C04897A57A34CB621BF\Features]
"QuickTimeEssentials"="Y(M'Oa8YX?JlP@zA]?dPU'[}?D]p_8aFZU26(O)[hD8f.KZhu?&dw?G7u'fPzfo.6e(KeAg$b)n.g0eYg!k!9TzPM@)}t+*JIz1i4z2ey8W`a?D][email protected]{wUL^qGU9+V'pFBY167$8!_Ybs}-?.O0CEPt)N@bsHu3,B]h(ksa%rs3MzYfx]&i`tLc?e@(-c[U,Tp3xCRE$sf??9s4rg{{amE9@pQtORFU9&N5+$Z7WNRdA*0[DkQS9~j=6,?!GhQr&yS?)jd2=s4qL'&K&]DA[hddxHdg=T$[77]0RY(Pq8G!DDJ+?XUH52f{V.hT7DPfb2`h(ROc{nt3MzY@=UBE4J}W@((MkkP8^GfMqkwbm~Rq8%Xk!`%M'$Y?s]i^Eh$4=V0~{Irc5!(LSq@vvIH(?E=5m3sDcoY`5uXN,k-}?yq[nA^NJK*OU-WKewhJAW+cnwVo8~Gi?iObgW!Y@Kt%dM.{HTu4Zi4U$vly9[eA(A3zHmm$jm8[TD!C?ZGQvISNfy^e$h)4K2}]@PnN.ONtwG320p4YymJ+=^jfLO9!NbRWfNVY4!3cA-F6n2-atXtQ[[w?O[Ft?i+]O!&C?toqHQLl~S?P?&zn*j^s![%d.`~iCf8i95{uiHa!YeXs$WU*D`[R=W%PnUfuFIs}Bjjlbus,9%?gUr4Jp'W}RG*ZF5,)@O@9N@378'mtPo1sY[kS@PwRbb2Ibjng2O@l!Y!b9!DZ[LuVLHIlbWA+?]PE=O[-s-.*`p=9iRW^FgfN@4PdUWvj+jbRRonF4V4w=WkJbX.d,bY~%VFt.4f%=$tPK_sK!J!MM}&yQAt.9'V?I2p~%?')4b`kql0s953rb(Db`
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7EE11154CF7C04897A57A34CB621BF\Features]
"QuickTimeEffects"="puG~0+-SH=R3H,RP'l-7ZgfD(v`xV?xwmDv9ivqv(.4~G!lK[=vkXvGRIarLvT*6_YSDj@(BhbUO*351~Wv`_H%!e@C?0.z=I)1y,[Tlg$&=v9PHR-0H[C`0teccu&a689C]2+d[zROnY5N$TF9[O=Lf.^8a*(?a]bCxzbwO+AMJ+M,s=j+tKYfh.IEu8=W$Z1LPB%2.zE%!?b!gRApFMTJpUVOXE%m[H(POF=B_Xhhx?8wt96-{Xbk6b?U}$r`~lPGiYp.VTW*s[?-$HFib)ULIUD!$9Xv)d@H6o{4AJ509ah9XbVgZV9f8lhZQp4Gc6ygj7I$iVALo@H,N,s`.Z~@gFwMQe@X~gA^k0nBDX,Hhu0r=E=rHVkeRQ.(wU.z[*b7tB9?UY?QCBW-dQuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7EE11154CF7C04897A57A34CB621BF\Features]
"QuickTimeMusic"="(C`+e@z)U=X`HGQ%rs3Mrv!6,.PxO?-`i2!['{giJoD(H(CdG9](Zt0$ArW%(EP`?oQW3=%zuQtiU$ie_v$$W2Ft!?6!r(^_$jDNDzwHOx$-Z?zf(Uia'%~+W`*X@IIlp@gfZ2E}qF5VCp[q8$Do5Aw1GYazRbF%sZv*6fB@d?8bLvA0mz4$lc%$r7&cZAV&KP$ltB}ISMjmS2~P$AV-IT4KC,4@F)J5m=uy]?ZJ)e_d.=ia&v[rE@q0c=V49NX]_[}=bu]@3{ziU9YOwi8i-MrYdZx66I0Yn87H)v_?cIA3s[9y){t.q@j2kmcJ}C`Jy_9vZtt]%=BMl}ToAc[qXY^k?wI=C=[ILv)ytU=nK]h_P4J8D9Ga^KFf)URgjzHm.F8h99CSD(0`ZzO*4Uj@60WW[A`gw1Jws~bMQuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7EE11154CF7C04897A57A34CB621BF\Features]
"QuickTimeAuthoring"="JHz1WY@l'AWx^Htk}il$~WDx!D=[L?2^KKq0Jx`1cafq*WfPG?C{4r7eU^p1kH?oShBz&=ekWtx&*j}EDbg}VlV,0?(LHJ7^3'gy}R-uqJoRO=uy^@'C7gTj7'fvq)sl{=D4-1j=yrtE6o(`xxc&}9.5wWOVh2F,MMU?YMBsp9PJd,ItOf$R_zQ0$jgT?9qgt]8pY}sb[38N,mE!k?([Rp9ob}8{w9_$QF!$u@gYX0_mDXDVm@EaH,[SZ@f,DRsMgL`Hs9A50`54x=eB!KGK)_DZZsiyB~PjU?P@soAgYVhlL9nmjm$%[?u!bhv%Z]g$VnRD&{XO-AbgsBiDwUc(V,&N@v{(h=m8oiY(eM+F%M2ARv'$=AGK0-!lh=8.}J{7=N}Df8N^N(Iy%NoS'Y,_oqjX@?J`,}lZYR.`1J+wV5-tk@G!'D59F8HuT[~PNsJrt?0QCk87.b1B&ll+rk31T=VP`j5r}X68U3WU]c^sQ@5qh}dglvf&IDRVOB=fk=SexYk2[~0P5ab~eflPk=SFf$?1*]4rRTD`qGnOd8DeRk=Wu4N'NI0't0(.5@U}tsn{2L!`c^gb`)hKq=Mr%R`KTT5Af`chV{o+@?6U'b1N0f@JPVqkVAZ_o?D8cW_UoScqnjcEaNc6GA^scq%@N,pA-qJ6(_t@d8_{GaTH~FmVp0EUnuBMh99bu@ZK_G*KYXhLWK1{PAk9kr)YZHC1LjSb7Q+rE=yrpwE~OL5g&)=Y'*eZLALnxgZ-0v}l!$]?2mOGs8GajX4jA(Q6gSCg+!pxY9qSC21etQCPeX*,(W!xE@Zs58u3'sCT$oJ0U[2RL@L3,0%i?$RK!N$Rwi[p2=pO[ZFNTNh
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7EE11154CF7C04897A57A34CB621BF\Features]
"QuickTimeCapture"="03HJeu6vm=K]Uvz1[8JlMM9Vf9S-99om09{'Aw4'vJk87oauh9WQWcSy^Kdr(bwcU,?pMAIfL'ZE.jmQh[}%x]y0==sbXdK@eU*itb]U24C{n8h]WX=NPk+5*CebjoazG@(Z`IU@wQ=0Z5}lnUkNY?uHkqQ@4AVn=sV(Lq2tcAM8cJZ~_q!)}6wrDLapi=W4$oR)FOUc73@DvT(W)=_^%7a`asuo74088{.pZ8BbrV$gG'iWC-?$)tcv8?1l(g8lX6s&f1M8-2,=r8g,)$EKHLlGdz{(T46bv@oLxGmu~p=)n'gsy_460=YRvDbU9M[1R$BbT)M}q@k3v[U,-_.AA}5}wFZ24@FL~sQ0YmYv6tkJ%Ezdw94VDs^n-G,'p.X0cegt!9g%H`xeZeyJQuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7EE11154CF7C04897A57A34CB621BF\Features]
"QuickTimeProResDecoder"="EZ&QzHU&h(nXiE0&lrLWQuickTimeEssentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
"DisplayName"="Microsoft Security Essentials"

Searching for "Antimalware"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Tasks]
"Microsoft Antimalware Scheduled Scan.job"="800"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguardpro.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwaremasterpro.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newsantimalware.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pcantimalwaresolution.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}]
@="Microsoft Antimalware IOfficeAntiVirus implementation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}]
@="Microsoft AntiMalware Com Layer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}]
@="Microsoft AntiMalware Com Layer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsMpComExports.MsMpComFactoryFcs]
@="Microsoft AntiMalware Com Layer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsMpComExports.MsMpComFactoryFcs.1]
@="Microsoft AntiMalware Com Layer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0]
@="Microsoft AntiMalware 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
"ProductAppDataPath"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan]
"CacheFile"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates]
"SignatureLocation"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA9A043-5167-46F4-B47A-7C0D97A800EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet]
"SpyNetReportingLocation"="SOAP:https://spynet2.micr...ReportSrvc.asmx REST:https://spynet2.microsoft.com/spyNet.svc/submitReport BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Telemetry\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Clean Store\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01523D0AED689EC4C984FDC19AC4342F]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0764D1BCF624D2D4699B30ABC24117CD]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\InstallLocation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A38F93931709064A97199C5B30DA7BD]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\110835ADFF534005B838A217625EE0A8]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\PRODUCTLOCALIZEDNAME"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1311F3F504E9F0F4BAC62F4E7237D588]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13F5DB82871A3914DA4348BBF344C017]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\196A0536A65942B56AF8AF30A2339CFB]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\WATCHECKDLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A7B0AB320607A853B26CD1CF7D45BAD]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\SIGNATURECATEGORYID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\201E8C08E76091D4A96D005995980E82]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Miscellaneous Configuration\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\246448638228C9F478B8F0DD9C8EDC0F]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24BF93A1A95F6B640AA45B1A0CF9B672]
"9C543A6319601A54EAFE92CECEB80541"="02:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\ParameterMessageFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F55144FDF8EBEF4A95CCCDE24A75D6A]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FCA3AAFCA8A4FD49983C80E699E21C3]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\ProductAppDataPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\336521FC0AB4FA655BE6D4B0149C5B17]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\PRODUCT_SKU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3386AF4CE048AAA4DAB6E5788EDB3675]
"9C543A6319601A54EAFE92CECEB80541"="02:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37127518BB68D8D429BA62853BBC27F1]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3742CF8B53D00F64E8E290AD08A23CC1]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\ProductIcon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3846296071D4E1443AED4EEF4156E478]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Quarantine\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B6EDEEFE3154164BA5AAD33E9ABD934]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\TemporaryPaths\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4098B2BC658CD15418E9ECFEBDD34E69]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\SpyNetReportingLocation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464715AA154AD2D4FBB57D17562203E1]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Telemetry\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EF3CBA799A118A59A98AAD00FAEEC6D]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\REMEDIATIONEXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5028D3938B676A543B9FB1B5F55D2DF3]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Features\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51FDF9B6C3F3F854CAA98C64C5F5B3CE]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Clean Store\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BE0645DC6E725E4ABC6B35DD4DFC85F]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates\SignatureCategoryID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5FB70423FA556D241B8E34C4243C5B8E]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61F3ED661912E5057B458F0B145D3177]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\INSTALLDIR"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6504C15F8F2C17C4498F972591E3B4B4]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66C49D5ED52C47A4C94E676318AA7C05]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B99332E3347BC04683E026C1676560B]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CAA120FC6000CD5FBEEB57976EFF0ED]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\MARKET"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70428969E2D1B83489B8805568E08EEA]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76ED05BECD2E1F848A1546938A49DFC1]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Quarantine\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7963C7D62CF0C7A59A4D795F95DEE3BC]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\PRODUCTICON"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98EA2D1B13919E34DA698B457CA492CA]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A1D4DD62B81D634FA0BD987A1C30E40]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\SKU Differentiation\{7A692DFC-A587-4230-B53B-6B8E867B3212}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1678F0F9F326004193D9E00E3F80B54]
"9C543A6319601A54EAFE92CECEB80541"="02:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\TypesSupported"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACE6A9D22E99C7C44A202641BFCEF83C]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF4CE8622F10D45478F7C3DA6F84366A]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\MpEngine\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66DBA035CFB2BA40A2EACC8E31814B8]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B82C3B6FEF01EE942B924482B10CBD4E]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9C46CC2CB9C476499A0DC5180A107F6]
"9C543A6319601A54EAFE92CECEB80541"="02:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\EventMessageFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA3A91F8AB8FC7A498D1F7F5FB819379]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE451D3AC2AD74243B21D75A79530ADF]
"9C543A6319601A54EAFE92CECEB80541"="c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C90EA83C2A8755E4D9688958683ACA52]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Reporting\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3CEFCDEF14D185488F6E15BB6478450]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\RemediationExe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4E1364141ED6BB46B4B7EE9258F7209]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF092BF2B798DD1489401928B38D44E2]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\UX Configuration\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF374A3F802F8614DA7AEB27861167E9\9C543A6319601A54EAFE92CECEB80541]
"File"="Antimalware_MsMpEng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F017141CB34E326519C027A06128ED48]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\StartMenu\Microsoft Security Essentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F629A82DD11CF0848B6C04479C6F9FFC]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\ProductLocalizedName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE4E8CC936BE0164EAD2B6162BB90382]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\WATPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE4E8CC936BE0164EAD2B6162BB90392]
"9C543A6319601A54EAFE92CECEB80541"="02:\SOFTWARE\Microsoft\Microsoft Antimalware\Edt"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSMPSVC\0000]
"DeviceDesc"="Microsoft Antimalware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WpdUsb WPDMTPDriver WPDClassInstaller Workstation WMPNetworkSvc WinRM WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WgaNotify WGA Wdf01009 Wdf01007 Wdf01005 Wdf01000 W32Time VolSnap viaide VgaSave USER32 UPS ultra udfs toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RSVP rismc32 Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF nv null NtServicePack ntfs npfs Nla NIC1394 NETw5x32 Netlogon NetDDE NetBT NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WpdUsb WPDMTPDriver WPDClassInstaller Workstation WMPNetworkSvc WinRM WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WgaNotify WGA Wdf01009 Wdf01007 Wdf01005 Wdf01000 W32Time VolSnap viaide VgaSave USER32 UPS ultra udfs toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RSVP rismc32 Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF nv null NtServicePack ntfs npfs Nla NIC1394 NETw5x32 Netlogon NetDDE NetBT NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsMpSvc]
"DisplayName"="Microsoft Antimalware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSMPSVC\0000]
"DeviceDesc"="Microsoft Antimalware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WpdUsb WPDMTPDriver WPDClassInstaller Workstation WMPNetworkSvc WinRM WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WgaNotify WGA Wdf01009 Wdf01007 Wdf01005 Wdf01000 W32Time VolSnap viaide VgaSave USER32 UPS ultra udfs toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RSVP rismc32 Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF nv null NtServicePack ntfs npfs Nla NIC1394 NETw5x32 Netlogon NetDDE NetBT NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MsMpSvc]
"DisplayName"="Microsoft Antimalware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSMPSVC\0000]
"DeviceDesc"="Microsoft Antimalware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WpdUsb WPDMTPDriver WPDClassInstaller Workstation WMPNetworkSvc WinRM WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WgaNotify WGA Wdf01009 Wdf01007 Wdf01005 Wdf01000 W32Time VolSnap viaide VgaSave USER32 UPS ultra udfs toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RSVP rismc32 Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF nv null NtServicePack ntfs npfs Nla NIC1394 NETw5x32 Netlogon NetDDE NetBT NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WpdUsb WPDMTPDriver WPDClassInstaller Workstation WMPNetworkSvc WinRM WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WgaNotify WGA Wdf01009 Wdf01007 Wdf01005 Wdf01000 W32Time VolSnap viaide VgaSave USER32 UPS ultra udfs toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RSVP rismc32 Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF nv null NtServicePack ntfs npfs Nla NIC1394 NETw5x32 Netlogon NetDDE NetBT NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MsMpSvc]
"DisplayName"="Microsoft Antimalware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSMPSVC\0000]
"DeviceDesc"="Microsoft Antimalware Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WpdUsb WPDMTPDriver WPDClassInstaller Workstation WMPNetworkSvc WinRM WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WgaNotify WGA Wdf01009 Wdf01007 Wdf01005 Wdf01000 W32Time VolSnap viaide VgaSave USER32 UPS ultra udfs toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RSVP rismc32 Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF nv null NtServicePack ntfs npfs Nla NIC1394 NETw5x32 Netlogon NetDDE NetBT NetB
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WpdUsb WPDMTPDriver WPDClassInstaller Workstation WMPNetworkSvc WinRM WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WgaNotify WGA Wdf01009 Wdf01007 Wdf01005 Wdf01000 W32Time VolSnap viaide VgaSave USER32 UPS ultra udfs toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RSVP rismc32 Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF nv null NtServicePack ntfs npfs Nla NIC1394 NETw5x32 Netlogon NetDDE NetBT NetB
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsMpSvc]
"DisplayName"="Microsoft Antimalware Service"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Microsoft Antimalware]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Microsoft Antimalware]
[HKEY_USERS\S-1-5-21-3866077675-454247996-117300071-1006\Software\BillP Studios\WinPatrol\Tasks]
"Microsoft Antimalware Scheduled Scan.job"="800"
[HKEY_USERS\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com]
[HKEY_USERS\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguardpro.com]
[HKEY_USERS\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwaremasterpro.com]
[HKEY_USERS\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newsantimalware.com]
[HKEY_USERS\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pcantimalwaresolution.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Microsoft Antimalware]

========== folderfind ==========

Searching for "Essentials"
No folders found.

Searching for "Antimalware"
No folders found.

========== filefind ==========

Searching for "Essentials"
No files found.

Searching for "Antimalware"
No files found.

-= EOF =-


  • 0

#51
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts

These seems to be remnants of MSE. The program itself is gone. Lets remove these remnants.

Download the enclosed file. 

Save it on the desktop. Open it with Notepad.

On Notepad click on File, then Save as.

Type MSEFix.reg as the File name. Change the Save as Type to All Files and Save it on the desktop

Once saved, double click on the MSEFix.reg file and merge it into the Registry.

Restart the computer.

 

That should remove all MSE remnants.

 

How is the computer doing?


  • 0

#52
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

Followed the instructions but MSE still pops upon start up. 

 

Computer is running very well.  Tried downloading and installing latest itunes just now but had the same issue with windows installer.  Other than that, all appears well.  I have especially noticed that system idle process doesn't run at 97% constantly as it did prior to your assistance.  Everything appears to be working very well outside of windows installer.  I can now back up everything to an external drive and eitehr update this machine or get a new one. 


  • 0

#53
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts

Run this command and post the Report.txt it will produce on your desktop:

 

CMD /C Reg Query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer" /s >"%Userprofile%\desktop\Report.txt"

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
 

 

 

  • 0

#54
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer
    Type REG_DWORD 0x20
    Start REG_DWORD 0x3
    ErrorControl REG_DWORD 0x1
    ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\msiexec.exe /V
    DisplayName REG_SZ Windows Installer
    DependOnService REG_MULTI_SZ RpcSs\0\0
    DependOnGroup REG_MULTI_SZ \0
    ObjectName REG_SZ LocalSystem
    Description REG_SZ Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Security
    Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-05-2014 1
Ran by Presenter (administrator) on TS8730WIMAGE on 24-05-2014 17:02:41
Running from C:\Documents and Settings\Presenter\Desktop
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(IBM) C:\Program Files\Lotus\Notes\nsd.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(IBM Corp) C:\Program Files\Lotus\Notes\ntmulti.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Old McDonald's Farm) C:\Program Files\Autorun Eater\oldmcdonald.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Old McDonald's Farm) C:\Program Files\Autorun Eater\billy.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-02] (Analog Devices, Inc.)
HKLM\...\Run: [AccelerometerSysTrayApplet] => C:\WINDOWS\system32\AccelerometerSt.Exe [82224 2008-10-14] (Hewlett-Packard Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [181816 2009-04-15] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2009-02-27] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-02-27] (Intel® Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [367128 2009-07-02] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Autorun Eater] => C:\Program Files\Autorun Eater\oldmcdonald.exe [549400 2009-05-26] (Old McDonald's Farm)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [110696 2010-12-04] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13933160 2010-12-04] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Run: [Adobe CSx Manager] => C:\Documents and Settings\NetworkService\Application Data\e08c65b2-6be0-44ba-9628-b61063a7657dad\ecbbebabadad.exe [0 2013-05-06] ()
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Google Update] => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-08-21] (Google)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk
ShortcutTarget: Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...cr=282919698=
SearchScopes: HKCU - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...cr=282919698=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...cr=282919698=
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: speedial.com
CHR DefaultSearchProvider: Speedial
CHR DefaultNewTabURL:
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Speedial) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2011-12-16]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2011-12-16]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1164536 2008-06-12] (AuthenTec, Inc.)
S4 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] ()
S4 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] ()
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation)
R2 Lotus Notes Diagnostics; C:\Program Files\Lotus\Notes\nsd.exe [3315080 2008-12-06] (IBM)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 Multi-user Cleanup Service; C:\Program Files\Lotus\Notes\ntmulti.exe [58760 2008-12-06] (IBM Corp)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-02] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2011-02-15] (Printing Communications Assoc., Inc. (PCAUSA))
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539512 2009-07-02] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2009-07-02] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2009-07-02] (Broadcom Corporation.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [239760 2009-03-27] (Intel Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2009-07-02] (Infineon Technologies AG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-24] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-07-02] (Intel Corporation)
S3 NWUSBCDFIL; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rismc32; C:\WINDOWS\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2009-07-02] (Sonic Focus, Inc)
R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-12-02] ()
R2 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
U2 CertPropSvc;
S4 IntelIde; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-24 17:02 - 2014-05-24 17:03 - 00024827 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt
2014-05-24 17:02 - 2014-05-24 17:02 - 01055232 _____ (Farbar) C:\Documents and Settings\Presenter\Desktop\FRST.exe
2014-05-24 17:00 - 2014-05-24 17:00 - 00001035 _____ () C:\Documents and Settings\Presenter\Desktop\Report.txt
2014-05-24 16:24 - 2014-05-24 16:24 - 111121232 _____ (Apple Inc.) C:\Documents and Settings\Presenter\Desktop\iTunesSetup.exe
2014-05-24 16:07 - 2014-05-24 16:07 - 00014279 _____ () C:\Documents and Settings\Presenter\Desktop\MSEFIX.reg
2014-05-24 16:06 - 2014-05-24 16:06 - 00014279 _____ () C:\Documents and Settings\Presenter\Desktop\MSEFIX.txt
2014-05-24 13:32 - 2014-05-24 13:35 - 00086430 _____ () C:\Documents and Settings\Presenter\Desktop\SystemLook.txt
2014-05-24 13:32 - 2014-05-24 13:32 - 00139264 _____ () C:\Documents and Settings\Presenter\Desktop\SystemLook.exe
2014-05-24 13:20 - 2014-05-24 13:20 - 00899584 _____ () C:\Documents and Settings\Presenter\Desktop\MicrosoftFixit50535.msi
2014-05-24 07:38 - 2014-05-24 17:01 - 00000430 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{DC2ABE27-FEA3-4C83-AFF4-55B4F05FBEF4}.job
2014-05-23 13:26 - 2014-05-23 14:37 - 00001538 _____ () C:\Documents and Settings\Presenter\Desktop\installer.reg
2014-05-22 22:49 - 2014-05-22 22:49 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-22 22:49 - 2014-05-22 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2014-05-22 17:51 - 2014-05-22 17:52 - 00001852 _____ () C:\Documents and Settings\Presenter\Desktop\fix.reg
2014-05-22 16:17 - 2014-05-22 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2014-05-20 18:10 - 2014-05-20 18:10 - 00000134 _____ () C:\Documents and Settings\Presenter\Desktop\Internet Explorer Troubleshooting.url
2014-05-20 18:08 - 2014-05-20 18:08 - 00000000 ____D () C:\Program Files\MSECache
2014-05-19 11:14 - 2014-05-19 11:14 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\New Folder
2014-05-18 20:56 - 2014-05-18 20:56 - 00001050 _____ () C:\mbam.txt
2014-05-18 20:26 - 2014-05-24 16:20 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 20:25 - 2014-05-18 20:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-18 20:25 - 2014-05-18 20:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 20:25 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-18 19:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-18 19:42 - 2014-05-18 19:46 - 00000000 ____D () C:\AdwCleaner
2014-05-18 16:10 - 2014-05-18 16:10 - 00000641 _____ () C:\Documents and Settings\Presenter\Desktop\Shortcut to JRT.exe.lnk
2014-05-18 16:10 - 2014-05-18 16:10 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-18 15:59 - 2014-05-18 15:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2014-05-18 15:58 - 2014-05-18 15:58 - 00000641 _____ () C:\Documents and Settings\Presenter\Desktop\Shortcut to TFC.exe.lnk
2014-05-18 13:10 - 2009-02-09 06:56 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2014-05-15 19:59 - 2014-05-24 17:02 - 00000000 ____D () C:\FRST
2014-05-14 12:18 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-05-14 12:18 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2014-05-14 12:16 - 2014-05-17 03:59 - 00000000 ____D () C:\VIPRERESCUE
2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
2014-05-08 10:38 - 2014-05-08 20:57 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
2014-05-02 20:50 - 2014-05-02 20:51 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log

==================== One Month Modified Files and Folders =======

2014-05-24 17:03 - 2014-05-24 17:02 - 00024827 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt
2014-05-24 17:02 - 2014-05-24 17:02 - 01055232 _____ (Farbar) C:\Documents and Settings\Presenter\Desktop\FRST.exe
2014-05-24 17:02 - 2014-05-15 19:59 - 00000000 ____D () C:\FRST
2014-05-24 17:01 - 2014-05-24 07:38 - 00000430 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{DC2ABE27-FEA3-4C83-AFF4-55B4F05FBEF4}.job
2014-05-24 17:00 - 2014-05-24 17:00 - 00001035 _____ () C:\Documents and Settings\Presenter\Desktop\Report.txt
2014-05-24 17:00 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.001
2014-05-24 16:34 - 2014-02-06 09:12 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 16:24 - 2014-05-24 16:24 - 111121232 _____ (Apple Inc.) C:\Documents and Settings\Presenter\Desktop\iTunesSetup.exe
2014-05-24 16:21 - 2010-02-01 22:09 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
2014-05-24 16:20 - 2014-05-18 20:26 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 16:20 - 2014-02-06 09:12 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 16:20 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-24 16:18 - 2013-05-07 07:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-24 16:10 - 2009-07-02 08:30 - 01355651 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-24 16:09 - 2009-07-02 08:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-24 16:09 - 2009-07-02 04:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-24 16:09 - 2009-07-02 04:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-24 16:07 - 2014-05-24 16:07 - 00014279 _____ () C:\Documents and Settings\Presenter\Desktop\MSEFIX.reg
2014-05-24 16:07 - 2010-02-16 15:38 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-05-24 16:07 - 2009-07-02 08:36 - 00032630 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-24 16:06 - 2014-05-24 16:06 - 00014279 _____ () C:\Documents and Settings\Presenter\Desktop\MSEFIX.txt
2014-05-24 13:35 - 2014-05-24 13:32 - 00086430 _____ () C:\Documents and Settings\Presenter\Desktop\SystemLook.txt
2014-05-24 13:32 - 2014-05-24 13:32 - 00139264 _____ () C:\Documents and Settings\Presenter\Desktop\SystemLook.exe
2014-05-24 13:20 - 2014-05-24 13:20 - 00899584 _____ () C:\Documents and Settings\Presenter\Desktop\MicrosoftFixit50535.msi
2014-05-24 13:19 - 2013-01-27 14:21 - 00042272 _____ () C:\WINDOWS\KB942288-v3.log
2014-05-24 10:21 - 2010-02-01 22:09 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
2014-05-24 07:44 - 2014-03-25 21:26 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-05-23 15:22 - 2010-02-01 22:10 - 00002316 _____ () C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
2014-05-23 14:37 - 2014-05-23 13:26 - 00001538 _____ () C:\Documents and Settings\Presenter\Desktop\installer.reg
2014-05-22 23:24 - 2012-08-21 21:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstallMate
2014-05-22 22:49 - 2014-05-22 22:49 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-22 22:49 - 2014-05-22 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2014-05-22 22:32 - 2009-07-02 10:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WinZip
2014-05-22 22:14 - 2009-07-15 11:43 - 00000803 _____ () C:\Documents and Settings\Presenter\Start Menu\Programs\Internet Explorer.lnk
2014-05-22 21:54 - 2009-07-02 11:05 - 00033666 _____ () C:\WINDOWS\spupdsvc.log
2014-05-22 21:53 - 2009-07-02 04:11 - 00000000 ____D () C:\WINDOWS\Media
2014-05-22 21:53 - 2009-07-02 04:11 - 00000000 ____D () C:\WINDOWS\Help
2014-05-22 19:31 - 2011-10-12 17:09 - 00533034 _____ () C:\WINDOWS\ie8_main.log
2014-05-22 19:30 - 2013-08-12 15:25 - 00000000 __HDC () C:\WINDOWS\ie8
2014-05-22 19:30 - 2011-10-12 17:17 - 00256890 _____ () C:\WINDOWS\ie8.log
2014-05-22 19:30 - 2009-07-02 04:18 - 02164069 _____ () C:\WINDOWS\FaxSetup.log
2014-05-22 19:30 - 2009-07-02 04:18 - 01048066 _____ () C:\WINDOWS\ocgen.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00995035 _____ () C:\WINDOWS\tsoc.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00732855 _____ () C:\WINDOWS\comsetup.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00664600 _____ () C:\WINDOWS\msmqinst.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00442832 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00380490 _____ () C:\WINDOWS\netfxocm.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00367632 _____ () C:\WINDOWS\iis6.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00149885 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00120069 _____ () C:\WINDOWS\ocmsn.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00110156 _____ () C:\WINDOWS\tabletoc.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00108661 _____ () C:\WINDOWS\msgsocm.log
2014-05-22 19:30 - 2009-07-02 04:18 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-05-22 19:29 - 2009-07-02 11:03 - 00417304 _____ () C:\WINDOWS\updspapi.log
2014-05-22 19:18 - 2013-02-19 08:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2778344$
2014-05-22 19:13 - 2012-01-16 12:59 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2014-05-22 17:54 - 2009-07-15 11:43 - 00000178 ___SH () C:\Documents and Settings\Presenter\ntuser.ini
2014-05-22 17:52 - 2014-05-22 17:51 - 00001852 _____ () C:\Documents and Settings\Presenter\Desktop\fix.reg
2014-05-22 16:17 - 2014-05-22 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2014-05-21 06:51 - 2009-07-02 04:11 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-20 19:01 - 2009-07-15 11:43 - 00000000 ____D () C:\Documents and Settings\Presenter
2014-05-20 18:28 - 2009-07-02 15:36 - 00000281 __RSH () C:\boot.ini
2014-05-20 18:28 - 2008-04-14 08:00 - 00000673 _____ () C:\WINDOWS\win.ini
2014-05-20 18:28 - 2008-04-14 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-20 18:21 - 2010-03-11 13:43 - 00652416 _____ () C:\WINDOWS\setupapi.log
2014-05-20 18:10 - 2014-05-20 18:10 - 00000134 _____ () C:\Documents and Settings\Presenter\Desktop\Internet Explorer Troubleshooting.url
2014-05-20 18:10 - 2013-08-12 13:45 - 00072868 _____ () C:\WINDOWS\ie8Uninst.log
2014-05-20 18:10 - 2011-10-12 17:21 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-20 18:08 - 2014-05-20 18:08 - 00000000 ____D () C:\Program Files\MSECache
2014-05-20 18:08 - 2011-12-15 04:05 - 00099648 _____ () C:\WINDOWS\KB2618444-IE8.log
2014-05-19 11:33 - 2014-04-09 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-05-19 11:29 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.dat
2014-05-19 11:14 - 2014-05-19 11:14 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\New Folder
2014-05-18 20:56 - 2014-05-18 20:56 - 00001050 _____ () C:\mbam.txt
2014-05-18 20:25 - 2014-05-18 20:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-18 20:25 - 2014-05-18 20:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 20:25 - 2012-01-01 16:01 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 20:25 - 2010-04-15 16:02 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\Malwarebytes
2014-05-18 20:25 - 2010-04-15 16:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-18 19:46 - 2014-05-18 19:42 - 00000000 ____D () C:\AdwCleaner
2014-05-18 16:10 - 2014-05-18 16:10 - 00000641 _____ () C:\Documents and Settings\Presenter\Desktop\Shortcut to JRT.exe.lnk
2014-05-18 16:10 - 2014-05-18 16:10 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-18 15:59 - 2014-05-18 15:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2014-05-18 15:58 - 2014-05-18 15:58 - 00000641 _____ () C:\Documents and Settings\Presenter\Desktop\Shortcut to TFC.exe.lnk
2014-05-17 07:07 - 2013-03-29 21:07 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\uTorrent
2014-05-17 03:59 - 2014-05-14 12:16 - 00000000 ____D () C:\VIPRERESCUE
2014-05-10 08:37 - 2010-03-22 21:08 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-10 08:03 - 2014-03-17 19:18 - 00000085 _____ () C:\WINDOWS\system32\miiii.jgf
2014-05-08 20:57 - 2014-05-08 10:38 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
2014-05-08 20:57 - 2009-08-12 07:32 - 00029184 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-08 10:41 - 2012-04-02 23:23 - 00001771 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.Desktop.Exception.log
2014-05-08 10:41 - 2012-04-02 23:23 - 00001694 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.DesktopHelper.Exception.log
2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
2014-05-07 07:40 - 2012-08-21 21:00 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-07 07:40 - 2011-06-15 20:46 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-04 17:14 - 2009-07-02 11:06 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-02 20:51 - 2014-05-02 20:50 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-02 20:51 - 2009-07-02 04:18 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-28 08:12 - 2009-08-12 07:32 - 00000000 ____D () C:\Documents and Settings\Presenter\Local Settings\Application Data\Adobe

Some content of TEMP:
====================
C:\Documents and Settings\Presenter\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

#55
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts

Modify the Registry as follows:

  • Copy the entire contents of the Quote Box below to Notepad (except the word Quote)
  • Leave an empty line at the end of the script
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the fix.reg file and merge it into the Registry.

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
  5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,\
  00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,20,00,2f,00,56,00,00,00
"DisplayName"="Windows Installer"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start."
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Enum]
"0"="Root\\LEGACY_MSISERVER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

 

 

 
Download the enclosed file. 
 
Save it in the same location FRST is saved.
 
Run FRST and click on the Fix button.
 
The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 

  • 0

Advertisements


#56
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-05-2014 1
Ran by Presenter at 2014-05-24 20:19:14 Run:2
Running from C:\Documents and Settings\Presenter\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
c:\Program Files\Microsoft Security Client
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Documents and Settings\Presenter\Local Settings\temp\Quarantine.exe
File: C:\WINDOWS\system32\msi.dll
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value deleted successfully.
"c:\Program Files\Microsoft Security Client" => Warning: FRST is scripted not to move this directory.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Documents and Settings\Presenter\Local Settings\temp\Quarantine.exe => Moved successfully.

========================= File: C:\WINDOWS\system32\msi.dll ========================

MD5: 8c22083ed515dc94d575438662f0be6a
Creation and modification date: 2008-04-14 08:00 - 2008-05-19 07:33
Size: 4445184
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: msi
Original Name: msi.dll
Product Name: Windows Installer - Unicode
Description: Windows Installer
File Version: 4.5.6001.22159
Product Version: 4.5.6001.22159
Copyright: © Microsoft Corporation. All rights reserved.

====== End Of File: ======

==== End of Fixlog ====


  • 0

#57
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts

Try installing the latest itunes and let me know the outcome.
 
FRST did not remove the folders, as it has a safeguard. Lets use a batch file.
 
Download the enclosed file. 

 

Save it on your desktop. Open the file on Notepad, then select File ->Safe as.
 
Type MSEFix.bat as the File name. Change the Save as Type to All Files and Save it on the desktop

Once saved, click on the MSEFix.bat
 
The computer will restart. Let me know the outcome.


  • 0

#58
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

MSEis gone, but still can't inatll latest revof itunes. Same error message. Everything else seems to be working well though.


  • 0

#59
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Please run this command once again and post the Report.txt on your desktop:
 
CMD /C Reg Query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer" /s >"%Userprofile%\desktop\Report.txt"


Please download SystemLook from one of the links below and save it to your Desktop.

32 bit Download Mirror #1
32 bit Download Mirror #2


For 64bit systems, Please download SystemLook from the link below and save it to your Desktop.

64 bit Download Mirror
  • Double-click SystemLook.exe (or SystemLook_x64.exe) to run the application.
  • Copy the content of the following quote box into the main textfield:

    :filefind
    Msi*.*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#60
Warden

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer
    Type REG_DWORD 0x20
    Start REG_DWORD 0x3
    ErrorControl REG_DWORD 0x1
    ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\msiexec.exe /V
    DisplayName REG_SZ Windows Installer
    DependOnService REG_MULTI_SZ RpcSs\0\0
    DependOnGroup REG_MULTI_SZ \0
    ObjectName REG_SZ LocalSystem
    Description REG_SZ Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Enum
    0 REG_SZ Root\LEGACY_MSISERVER\0000
    Count REG_DWORD 0x1
    NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Security
    Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 14:59 on 25/05/2014 by Presenter
Administrator - Elevation successful

========== filefind ==========

Searching for "Msi*.*"
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT ------- 16384 bytes [14:10 02/07/2009] [14:10 02/07/2009] C971AD9DEC9D441765D835313667DD16
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\MsiExec\MsiExec000.log ------- 2704 bytes [15:20 05/07/2012] [15:20 05/07/2012] 6D6C8F2429AADDF1665BF32D7844877C
C:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.INFOPATH.12.1033.hxn ---h--- 344 bytes [14:17 02/07/2009] [18:30 27/01/2010] 3B79AD37DE10715614C775AA186501AF
C:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.INFOPATHEDITOR.12.1033.hxn ---h--- 380 bytes [14:17 02/07/2009] [18:30 27/01/2010] 01279EE3AEDE293A6B0C4C5630E6DD1E
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT ------- 16384 bytes [03:36 09/07/2010] [03:36 09/07/2010] E21D76971F896ABAEBBBCBB64DFFD934
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT ------- 16384 bytes [23:30 08/07/2010] [23:30 08/07/2010] F24865FAF63DD9BF7051F2FD8A79B811
C:\Documents and Settings\Presenter\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT ------- 16384 bytes [12:43 15/07/2009] [12:43 15/07/2009] 144A619D4ED5D6732283C81D1244B5BF
C:\Documents and Settings\Presenter\My Documents\Downloads\msiserver.zip --a---- 1206 bytes [23:03 20/05/2014] [23:03 20/05/2014] F2036D28C1EDC7D089EA4A34A357B488
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT ------- 16384 bytes [14:02 02/07/2009] [14:02 02/07/2009] A9D905006A5E5A4B2443C942F21DE24F
C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll --a---- 114496 bytes [22:57 01/06/2011] [22:57 01/06/2011] 58FD272DCC17E83F4F013A899E2706F5
C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll ------- 268552 bytes [17:45 26/10/2006] [17:45 26/10/2006] 743E91B775E52ADCC67EE91A8130CDE1
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe --a---- 39936 bytes [12:30 02/07/2009] [12:00 14/04/2008] 090D5891041E35E18C77F664581C0BD6
C:\Program Files\Corel\WinDVD11\Setup\MSIInstaller.exe ------- 575000 bytes [04:02 18/08/2011] [04:02 18/08/2011] 66EE75D3545E0A39DF4C086B7F4D2DAC
C:\Program Files\Internet Explorer\Connection Wizard\msicw.isp ------- 158 bytes [12:29 02/07/2009] [12:00 14/04/2008] 2509C20A5DEC3B841A04E063DD75BD22
C:\Program Files\Outlook Express\msimn.exe --a---- 60416 bytes [12:29 02/07/2009] [12:00 14/04/2008] 1EEAE496A51F017D04DD41322935D2B9
C:\WINDOWS\$NtUninstallKB942288-v3$\msi.dll -----c- 2843136 bytes [18:22 27/01/2013] [12:00 14/04/2008] D3F72D50DE53F9F1F55240115AF4D42E
C:\WINDOWS\$NtUninstallKB942288-v3$\msiexec.exe -----c- 78848 bytes [18:22 27/01/2013] [12:00 14/04/2008] 5879D691E842574A20FE63817CB76DF9
C:\WINDOWS\$NtUninstallKB942288-v3$\msihnd.dll -----c- 271360 bytes [18:22 27/01/2013] [12:00 14/04/2008] D9319A6ADFA091B2A20788E57A73BBE5
C:\WINDOWS\$NtUninstallKB942288-v3$\msimsg.dll -----c- 884736 bytes [18:22 27/01/2013] [12:00 14/04/2008] D44D939E9A2DFA75A7E9B00AD74CED7F
C:\WINDOWS\$NtUninstallKB942288-v3$\msisip.dll -----c- 15360 bytes [18:22 27/01/2013] [12:00 14/04/2008] 88BEEF09C654252F3E46B6167B7F4ECB
C:\WINDOWS\AppPatch\msimain.sdb --a---- 204396 bytes [12:00 14/04/2008] [12:00 14/04/2008] 7DD67AB49879D9A2C53488126002D47E
C:\WINDOWS\ERDNT\cache\msimg32.dll ------- 4608 bytes [17:09 23/01/2013] [12:00 14/04/2008] AFFC87E2501FCE8F09D4C10BA6421CCF
C:\WINDOWS\Help\msinfo32.chm ------- 44271 bytes [12:00 14/04/2008] [12:00 14/04/2008] A78C786584B853AC0B0ABDC3287B3133
C:\WINDOWS\inf\msinfo32.inf ------- 3677 bytes [12:00 14/04/2008] [12:00 14/04/2008] 567BE05CDB03702305F4183FFDBBCC2D
C:\WINDOWS\inf\msinfo32.PNF ------- 9952 bytes [08:18 02/07/2009] [02:20 17/02/2010] B3E92225E28368E0CB8A553BACB47A3C
C:\WINDOWS\Installer\MSI13D.tmp ------- 167936 bytes [08:59 04/10/2010] [08:59 04/10/2010] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI13E.tmp ------- 167936 bytes [08:59 04/10/2010] [08:59 04/10/2010] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI13F.tmp ------- 167936 bytes [08:59 04/10/2010] [08:59 04/10/2010] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI14C.tmp ------- 167936 bytes [02:32 28/01/2013] [02:32 28/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI184.tmp ------- 167936 bytes [02:40 28/01/2013] [02:40 28/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI28.tmp ------- 167936 bytes [18:28 27/01/2013] [18:28 27/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI292.tmp ------- 167936 bytes [23:47 12/06/2012] [23:47 12/06/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI2C.tmp ------- 167936 bytes [20:40 12/10/2011] [20:40 12/10/2011] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI2D0.tmp ------- 167936 bytes [23:47 12/06/2012] [23:47 12/06/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI2E.tmp ------- 167936 bytes [04:42 15/12/2012] [04:42 15/12/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI2E4.tmp ------- 167936 bytes [12:02 16/11/2012] [12:02 16/11/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI2FA3.tmp ------- 167936 bytes [14:38 13/01/2013] [14:38 13/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI30A.tmp ------- 167936 bytes [12:19 16/11/2012] [12:19 16/11/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI31.tmp ------- 167936 bytes [04:00 14/12/2012] [04:00 14/12/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI339.tmp ------- 167936 bytes [00:38 29/01/2013] [00:38 29/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI36.tmp ------- 167936 bytes [23:47 24/01/2013] [23:47 24/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI373.tmp ------- 167936 bytes [00:47 29/01/2013] [00:47 29/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI3D9.tmp ------- 167936 bytes [12:33 03/01/2012] [12:33 03/01/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI417.tmp ------- 167936 bytes [12:34 03/01/2012] [12:34 03/01/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI418.tmp ------- 167936 bytes [12:34 03/01/2012] [12:34 03/01/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI419.tmp ------- 167936 bytes [12:34 03/01/2012] [12:34 03/01/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI41A.tmp ------- 167936 bytes [12:34 03/01/2012] [12:34 03/01/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI467.tmp ------- 167936 bytes [19:58 16/11/2012] [19:58 16/11/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI475.tmp ------- 167936 bytes [12:14 29/01/2013] [12:14 29/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI47F.tmp ------- 167936 bytes [23:38 25/01/2013] [23:38 25/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI48D.tmp ------- 167936 bytes [20:01 16/11/2012] [20:01 16/11/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI4B4.tmp ------- 167936 bytes [21:20 16/11/2012] [21:20 16/11/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI6A.tmp ------- 167936 bytes [20:41 12/10/2011] [20:41 12/10/2011] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI6A6.tmp ------- 167936 bytes [17:49 26/01/2013] [17:49 26/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI6B.tmp ------- 167936 bytes [20:41 12/10/2011] [20:41 12/10/2011] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI6B8.tmp ------- 167936 bytes [00:26 18/11/2012] [00:26 18/11/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSI6C.tmp ------- 167936 bytes [20:41 12/10/2011] [20:41 12/10/2011] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSIB2.tmp ------- 167936 bytes [19:18 27/01/2013] [19:18 27/01/2013] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSIB4B.tmp ------- 167936 bytes [12:28 15/11/2012] [12:28 15/11/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSID7E.tmp ------- 167936 bytes [17:51 11/04/2012] [17:51 11/04/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSIDBD.tmp ------- 167936 bytes [17:51 11/04/2012] [17:51 11/04/2012] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\Installer\MSIFF.tmp ------- 167936 bytes [08:58 04/10/2010] [08:58 04/10/2010] 4C3D34C59997EF8A53CCC4E536873442
C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll --a---- 376832 bytes [12:29 02/07/2009] [12:00 14/04/2008] 2278E5238F7F58C4205CBAE2C4BEBA77
C:\WINDOWS\pchealth\helpctr\System\sysinfo\msinfo.htm ------- 2501 bytes [13:06 02/07/2009] [13:06 02/07/2009] E81FF2B187B6A5751498D2B0343BDFD8
C:\WINDOWS\pchealth\helpctr\System\sysinfo\msinfo.xml ------- 371 bytes [13:06 02/07/2009] [13:06 02/07/2009] CEE65B2E464A68E5E34495316290FC48
C:\WINDOWS\pchealth\helpctr\System\sysinfo\msinfohss.css ------- 582 bytes [13:06 02/07/2009] [13:06 02/07/2009] BF832F7D015FAB5E0B6EC232851A4581
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --a---- 35904 bytes [17:26 23/05/2014] [03:56 25/05/2014] EE8DD80C61EC3BDC64962EB760B507E4
C:\WINDOWS\Prefetch\MSINFO32.EXE-29BA7538.pf --a---- 26296 bytes [11:39 24/05/2014] [11:39 24/05/2014] 8A4ABC69A035BC9D56B1E4F86DA2912C
C:\WINDOWS\system32\msi.dll --a---- 4445184 bytes [12:00 14/04/2008] [11:33 19/05/2008] 8C22083ED515DC94D575438662F0BE6A
C:\WINDOWS\system32\msi.old --a---- 4445184 bytes [12:00 14/04/2008] [11:33 19/05/2008] 8C22083ED515DC94D575438662F0BE6A
C:\WINDOWS\system32\msident.dll --a---- 51712 bytes [12:00 14/04/2008] [12:00 14/04/2008] 85AC5F11D4759D13674B3E92EAC3F140
C:\WINDOWS\system32\msidle.dll --a---- 6656 bytes [12:00 14/04/2008] [12:00 14/04/2008] E47E364C96467FD54FA44D59F927C3AB
C:\WINDOWS\system32\msidntld.dll --a---- 14848 bytes [12:00 14/04/2008] [12:00 14/04/2008] 7ED041C7F82A381417AA3F43AB55F95A
C:\WINDOWS\system32\msieftp.dll --a---- 248832 bytes [12:00 14/04/2008] [12:00 14/04/2008] 1B91D3900A53801716075C5EEC568C4B
C:\WINDOWS\system32\msiexec.exe --a---- 95744 bytes [12:00 14/04/2008] [06:57 19/05/2008] 7F7BC88C8FB6B52989E0E93084B5E678
C:\WINDOWS\system32\MsiExec.log ------- 308 bytes [13:14 02/07/2009] [13:14 02/07/2009] B7BA1112BEC255437ACC42DFC0D4E2B8
C:\WINDOWS\system32\msihnd.dll --a---- 332800 bytes [12:00 14/04/2008] [11:33 19/05/2008] 511F74A2C5764B5921CAB15D3CAB7F35
C:\WINDOWS\system32\msihnd.old --a---- 332800 bytes [12:00 14/04/2008] [11:33 19/05/2008] 511F74A2C5764B5921CAB15D3CAB7F35
C:\WINDOWS\system32\msimg32.dll --a---- 4608 bytes [12:00 14/04/2008] [12:00 14/04/2008] AFFC87E2501FCE8F09D4C10BA6421CCF
C:\WINDOWS\system32\msimsg.dll --a---- 2560 bytes [12:00 14/04/2008] [06:43 17/04/2008] 8EA69F32CA030BFE0FCEB798349F8349
C:\WINDOWS\system32\MSIMTF.dll --a---- 159232 bytes [12:00 14/04/2008] [12:00 14/04/2008] E11457C66FDD966EE415FBBC6D9BE643
C:\WINDOWS\system32\msisip.dll --a---- 18944 bytes [12:00 14/04/2008] [11:33 19/05/2008] 317C54DCAB9EE29CD4B9F55D197A90D1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT --a---- 16384 bytes [23:19 17/03/2014] [23:19 17/03/2014] F85CFC06FF0450F1B2C3C3B70A886C31
C:\WINDOWS\system32\dllcache\msi.dll --a--c- 4445184 bytes [12:00 14/04/2008] [11:33 19/05/2008] 8C22083ED515DC94D575438662F0BE6A
C:\WINDOWS\system32\dllcache\msident.dll -----c- 51712 bytes [12:00 14/04/2008] [12:00 14/04/2008] 85AC5F11D4759D13674B3E92EAC3F140
C:\WINDOWS\system32\dllcache\msidle.dll -----c- 6656 bytes [12:00 14/04/2008] [12:00 14/04/2008] E47E364C96467FD54FA44D59F927C3AB
C:\WINDOWS\system32\dllcache\msidntld.dll -----c- 14848 bytes [12:00 14/04/2008] [12:00 14/04/2008] 7ED041C7F82A381417AA3F43AB55F95A
C:\WINDOWS\system32\dllcache\msieftp.dll -----c- 248832 bytes [12:00 14/04/2008] [12:00 14/04/2008] 1B91D3900A53801716075C5EEC568C4B
C:\WINDOWS\system32\dllcache\msiexec.exe -----c- 95744 bytes [12:00 14/04/2008] [06:57 19/05/2008] 7F7BC88C8FB6B52989E0E93084B5E678
C:\WINDOWS\system32\dllcache\msihnd.dll --a--c- 332800 bytes [12:00 14/04/2008] [11:33 19/05/2008] 511F74A2C5764B5921CAB15D3CAB7F35
C:\WINDOWS\system32\dllcache\msimain.sdb -----c- 204396 bytes [12:00 14/04/2008] [12:00 14/04/2008] 7DD67AB49879D9A2C53488126002D47E
C:\WINDOWS\system32\dllcache\msimg32.dll -----c- 4608 bytes [12:00 14/04/2008] [12:00 14/04/2008] AFFC87E2501FCE8F09D4C10BA6421CCF
C:\WINDOWS\system32\dllcache\msimn.exe -----c- 60416 bytes [12:29 02/07/2009] [12:00 14/04/2008] 1EEAE496A51F017D04DD41322935D2B9
C:\WINDOWS\system32\dllcache\msimsg.dll -----c- 2560 bytes [12:00 14/04/2008] [06:43 17/04/2008] 8EA69F32CA030BFE0FCEB798349F8349
C:\WINDOWS\system32\dllcache\msimtf.dll -----c- 159232 bytes [12:00 14/04/2008] [12:00 14/04/2008] E11457C66FDD966EE415FBBC6D9BE643
C:\WINDOWS\system32\dllcache\msinfo.dll -----c- 376832 bytes [12:29 02/07/2009] [12:00 14/04/2008] 2278E5238F7F58C4205CBAE2C4BEBA77
C:\WINDOWS\system32\dllcache\msinfo32.exe -----c- 39936 bytes [12:30 02/07/2009] [12:00 14/04/2008] 090D5891041E35E18C77F664581C0BD6
C:\WINDOWS\system32\dllcache\msiprov.dll -----c- 273920 bytes [12:27 02/07/2009] [12:00 14/04/2008] 25702762863AF362A26537AF42F77B51
C:\WINDOWS\system32\dllcache\msir3jp.dll -----c- 98304 bytes [12:33 02/07/2009] [12:00 14/04/2008] EC57AD860A8BFBE497B03F017DA29CF1
C:\WINDOWS\system32\dllcache\msir3jp.lex -----c- 1875968 bytes [12:33 02/07/2009] [12:00 14/04/2008] ECC48F386F8B79D809AEDA327ACA7B0B
C:\WINDOWS\system32\dllcache\msiregmv.exe -----c- 40960 bytes [12:33 02/07/2009] [12:00 14/04/2008] 64024D168BA513F47E5A68BFD0630844
C:\WINDOWS\system32\dllcache\msisip.dll -----c- 18944 bytes [12:00 14/04/2008] [11:33 19/05/2008] 317C54DCAB9EE29CD4B9F55D197A90D1
C:\WINDOWS\system32\mui\0401\msimsg.dll.mui ------- 77824 bytes [06:42 17/04/2008] [06:42 17/04/2008] A97C6B3A6DA5A74B395CC800E7D0EFAE
C:\WINDOWS\system32\mui\0402\msimsg.dll.mui ------- 94208 bytes [06:42 17/04/2008] [06:42 17/04/2008] 8178C59F0FD4951D171CD2779147214F
C:\WINDOWS\system32\mui\0403\msimsg.dll.mui ------- 94208 bytes [06:42 17/04/2008] [06:42 17/04/2008] 7A812B6FB9A20D87CB3F911F0A8E6923
C:\WINDOWS\system32\mui\0404\msimsg.dll.mui ------- 45056 bytes [06:43 17/04/2008] [06:43 17/04/2008] E43675999257701691920DDCF7E4374E
C:\WINDOWS\system32\mui\0405\msimsg.dll.mui ------- 90112 bytes [06:42 17/04/2008] [06:42 17/04/2008] 2416244F07C58045D58B2DDBF45002BC
C:\WINDOWS\system32\mui\0406\msimsg.dll.mui ------- 90112 bytes [06:42 17/04/2008] [06:42 17/04/2008] 0979C4C039C0BE1F653B5FC954AE5060
C:\WINDOWS\system32\mui\0407\msimsg.dll.mui ------- 102400 bytes [06:42 17/04/2008] [06:42 17/04/2008] 801260EB79592FA0FD476C5813FE1FE7
C:\WINDOWS\system32\mui\0408\msimsg.dll.mui ------- 102400 bytes [06:42 17/04/2008] [06:42 17/04/2008] 43D9B1E2363E958D1ECC888C86CF4597
C:\WINDOWS\system32\mui\0409\msimsg.dll.mui ------- 86016 bytes [06:42 17/04/2008] [06:42 17/04/2008] 39CCE4630AF8A6DF0DE2D3C62D0E8B47
C:\WINDOWS\system32\mui\040b\msimsg.dll.mui ------- 86016 bytes [06:42 17/04/2008] [06:42 17/04/2008] 10F51AA87DD026B344EA3E6C6E73E055
C:\WINDOWS\system32\mui\040C\msimsg.dll.mui ------- 102400 bytes [06:42 17/04/2008] [06:42 17/04/2008] 598C650CCDB6F0D8DC824DF8E16BB45E
C:\WINDOWS\system32\mui\040D\msimsg.dll.mui ------- 73728 bytes [06:42 17/04/2008] [06:42 17/04/2008] 7FB35D3D18C12326FDD7BB836815B853
C:\WINDOWS\system32\mui\040e\msimsg.dll.mui ------- 94208 bytes [06:42 17/04/2008] [06:42 17/04/2008] 28BE3276736F681657C06E9E80CC8F0F
C:\WINDOWS\system32\mui\0410\msimsg.dll.mui ------- 98304 bytes [06:42 17/04/2008] [06:42 17/04/2008] B2924D5B9C7275401EFE89C32E591FD6
C:\WINDOWS\system32\mui\0411\msimsg.dll.mui ------- 61440 bytes [06:42 17/04/2008] [06:42 17/04/2008] FB0862378F48B9DFC9A4E50181C4A30D
C:\WINDOWS\system32\mui\0412\msimsg.dll.mui ------- 57344 bytes [06:42 17/04/2008] [06:42 17/04/2008] 5C7867DE84A946B1ABCAE71F392DEE63
C:\WINDOWS\system32\mui\0413\msimsg.dll.mui ------- 98304 bytes [06:43 17/04/2008] [06:43 17/04/2008] A75052BB467E996A7F0406DB36D1DB7D
C:\WINDOWS\system32\mui\0414\msimsg.dll.mui ------- 86016 bytes [06:43 17/04/2008] [06:43 17/04/2008] B09A1BF50E9F95D845411C041E4C14C6
C:\WINDOWS\system32\mui\0415\msimsg.dll.mui ------- 94208 bytes [06:43 17/04/2008] [06:43 17/04/2008] D6E45957763E470578B19947D17EAB49
C:\WINDOWS\system32\mui\0416\msimsg.dll.mui ------- 94208 bytes [06:43 17/04/2008] [06:43 17/04/2008] 19D41499688AAE322F5670991598E3BB
C:\WINDOWS\system32\mui\0418\msimsg.dll.mui ------- 90112 bytes [06:43 17/04/2008] [06:43 17/04/2008] A2C27753ED3FB9590CED067FC5776DD3
C:\WINDOWS\system32\mui\0419\msimsg.dll.mui ------- 90112 bytes [06:43 17/04/2008] [06:43 17/04/2008] 2BEB02BB68A03BAF2B8FEB2456D0EC3C
C:\WINDOWS\system32\mui\041a\msimsg.dll.mui ------- 90112 bytes [06:42 17/04/2008] [06:42 17/04/2008] BBA444C2A73D37040DC8BCAE7DBE35FF
C:\WINDOWS\system32\mui\041b\msimsg.dll.mui ------- 90112 bytes [06:43 17/04/2008] [06:43 17/04/2008] 73A7252CF464048967DEAF527B28DC28
C:\WINDOWS\system32\mui\041D\msimsg.dll.mui ------- 90112 bytes [06:43 17/04/2008] [06:43 17/04/2008] FF3AAD96ACC122FF9A9CBAD3976C0114
C:\WINDOWS\system32\mui\041e\msimsg.dll.mui ------- 86016 bytes [06:43 17/04/2008] [06:43 17/04/2008] E9EF31D6D6C563E972A23A6E7C26FC2B
C:\WINDOWS\system32\mui\041f\msimsg.dll.mui ------- 86016 bytes [06:43 17/04/2008] [06:43 17/04/2008] D4597BA7F3E15367812802C8505A74F8
C:\WINDOWS\system32\mui\0422\msimsg.dll.mui ------- 90112 bytes [06:43 17/04/2008] [06:43 17/04/2008] 93ED2A73A6B33D81387739E4C1BC6DB8
C:\WINDOWS\system32\mui\0424\msimsg.dll.mui ------- 90112 bytes [06:43 17/04/2008] [06:43 17/04/2008] 2A13730B84D0DE8F88E1C7E236031615
C:\WINDOWS\system32\mui\0425\msimsg.dll.mui ------- 86016 bytes [06:42 17/04/2008] [06:42 17/04/2008] 20E048859A67CA0E816AAA8AB8A39482
C:\WINDOWS\system32\mui\0426\msimsg.dll.mui ------- 90112 bytes [06:42 17/04/2008] [06:42 17/04/2008] 38720FCB9A1053B791903DDD2EF60154
C:\WINDOWS\system32\mui\0427\msimsg.dll.mui ------- 90112 bytes [06:42 17/04/2008] [06:42 17/04/2008] 932A5119CE1F96F4D7D84A1198A999CC
C:\WINDOWS\system32\mui\042a\msimsg.dll.mui ------- 94208 bytes [06:43 17/04/2008] [06:43 17/04/2008] 8899D2A032E5662880A29214515CE3A8
C:\WINDOWS\system32\mui\042d\msimsg.dll.mui ------- 94208 bytes [06:42 17/04/2008] [06:42 17/04/2008] B0FDE277547F6CC9BF06B029FF54D251
C:\WINDOWS\system32\mui\0804\msimsg.dll.mui ------- 45056 bytes [06:43 17/04/2008] [06:43 17/04/2008] D716D6E5DFB2F0A12270940C09F741D9
C:\WINDOWS\system32\mui\0816\msimsg.dll.mui ------- 94208 bytes [06:43 17/04/2008] [06:43 17/04/2008] 3DAD4DDD59D144F19C04A54CB8C9F225
C:\WINDOWS\system32\mui\081a\msimsg.dll.mui ------- 94208 bytes [06:43 17/04/2008] [06:43 17/04/2008] C3F459CB405B49BD732D86BE17CC1BD0
C:\WINDOWS\system32\mui\0C0A\msimsg.dll.mui ------- 98304 bytes [19:12 17/04/2008] [19:12 17/04/2008] B4D04FA5DB7B368B64198DBA01BF4AD6
C:\WINDOWS\system32\wbem\msi.mfl ------- 108452 bytes [12:27 02/07/2009] [12:00 14/04/2008] 4782F9362C16368C089A4CDE7F94BC6A
C:\WINDOWS\system32\wbem\msi.mof ------- 165430 bytes [12:27 02/07/2009] [12:00 14/04/2008] 5A38E55C0CCA3D599BD110BF53CC0485
C:\WINDOWS\system32\wbem\msiprov.dll --a---- 273920 bytes [12:27 02/07/2009] [12:00 14/04/2008] 25702762863AF362A26537AF42F77B51
C:\WINDOWS\WinSxS\Manifests\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e.manifest --a---- 383 bytes [15:08 02/07/2009] [02:11 12/02/2014] 05E2BF31ED6C369E0CBE6DABEADD04E7
C:\WINDOWS\WinSxS\Manifests\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5.manifest --a---- 491 bytes [11:47 29/08/2010] [02:04 12/02/2014] D61547AB472923CFF18F60AE74A9966E

-= EOF =-


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP