|
Plagegeister aller Art und deren Bekämpfung: "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das InternetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.04.2013, 14:14 | #1 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet Hallo Ich habe ein sehr nerviges Problem und überhaupt gar keine Ahnung, wie ich das beheben soll. Ich habe gerade erst mir ein neues Virenprogramm runtergeladen (Microsoft Security Essentials) und das hat auch einige Viren in Quarantäne verschoben. Fast alle Problem sind weg, aber eines passiert immer noch: Immer, wenn ich Bilder öffnen will, also in den Ordner gehe, kommt nach ein paar Sekunden das Schild: Internet Explorer funktioniert nicht mehr...es wird nach einer Lösung gesucht...Programm wird neu gestartet. Dann schließen sich einfach alle Ordner. Egal ob ich Internetverbindung habe oder nicht, ob ich den Internetexplorer geöffnet habe oder nicht. Es passiert trotzdem. Und komischerweise schließen sich auch nur die Ordner und nicht der Internetexplorer... Kann mir jemand helfen?! Das macht mich wahnsinnig und nervt tierisch!! Besteht irgendwie eine Gefahr von wegen Datenschutz oder so? MfG greenday |
29.04.2013, 14:39 | #2 | |
/// TB-Ausbilder | "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das InternetMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Zitat:
Ich will genau wissen, was da wo gefundne wurde. Kann ich dir ohne weitere Informationen nicht sagen. Anschließend geht es so weiter: Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex msconfig CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Bitte poste mit deiner nächsten Antwort
|
29.04.2013, 15:05 | #3 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 29.04.2013 15:55:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 49,66% Memory free 7,81 Gb Paging File | 5,46 Gb Available in Paging File | 69,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,30 Gb Total Space | 22,64 Gb Free Space | 12,15% Space Free | Partition Type: NTFS Drive D: | 254,46 Gb Total Space | 59,44 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Computer Name: LAURA-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe (AVG Secure Search) PRC - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) PRC - C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Users\ASUS\AppData\Roaming\Yhhyax\afre.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\SiteSafety.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\MACTrackBarLib.dll () MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll () MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll () MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll () MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll () MOD - C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Users\ASUS\AppData\Roaming\Yhhyax\afre.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be8209f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (vToolbarUpdater15.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe (AVG Secure Search) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7d576ebf-41da-4801-8162-ed48f32990ce&searchtype=ds&q={searchTerms}&installDate=25/02/2013 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7d576ebf-41da-4801-8162-ed48f32990ce&searchtype=ds&q={searchTerms}&installDate=25/02/2013 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/hxxp://www.web.de/ [binary data] IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7d576ebf-41da-4801-8162-ed48f32990ce&searchtype=ds&q={searchTerms}&installDate=25/02/2013 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7d576ebf-41da-4801-8162-ed48f32990ce&searchtype=ds&q={searchTerms}&installDate=25/02/2013 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7d576ebf-41da-4801-8162-ed48f32990ce&searchtype=ds&q={searchTerms}&installDate=25/02/2013 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={991FD0AB-0EC7-4F66-AFC8-7C465A36056A}&mid=560d3278e45e47d09424854de0d8e61c-f01dccd50f6aad3ed8d2f744849a20f9090fb821&lang=de&ds=AVG&pr=fr&d=2013-04-22 19:37:23&v=15.1.0.2&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\..\SearchScopes\{ED7CBCE1-CB2A-450D-9A8C-A36F82B39352}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949&CUI=UN18355153981525732&UM=1 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) O1 HOSTS File: ([2012.12.07 14:48:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000..\Run: [Browser Infrastructure Helper] C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar) O4 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000..\Run: [Caicnaoreq] C:\Users\ASUS\AppData\Roaming\Yhhyax\afre.exe () O4 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000..\Run: [Facebook Update] C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000..\Run: [Spotify] C:\Users\ASUS\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000..\Run: [Spotify Web Helper] C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22F19146-045E-4F5C-AB96-640FBCA82DD3}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll (AVG Secure Search) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.29 15:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2013.04.29 14:33:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\EMP Werbespot [2013.04.24 20:26:32 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\Mara bilder schule [2013.04.23 08:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.22 19:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.04.22 19:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.04.22 19:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2013.04.22 19:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2013.04.22 19:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2013.04.22 17:40:14 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\823WGTMA [2013.04.22 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\860OKMZO [2013.04.22 17:33:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.14 21:49:14 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\Green Day [2013.04.14 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\Rise Against [2013.04.14 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\DCIM [2013.04.14 21:10:49 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.04.14 21:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.14 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.14 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.14 21:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.14 21:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.14 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.14 21:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.14 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.04.14 18:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2013.04.14 18:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileConverter_1.3 [2013.04.14 18:20:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Conduit [2013.04.14 17:08:44 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.04.14 17:07:23 | 000,000,000 | ---D | C] -- C:\Windows\en [2013.04.14 17:07:16 | 000,000,000 | ---D | C] -- C:\Windows\el [2013.04.14 17:07:09 | 000,000,000 | ---D | C] -- C:\Windows\es [2013.04.14 17:07:05 | 000,000,000 | ---D | C] -- C:\Windows\fr [2013.04.14 17:07:01 | 000,000,000 | ---D | C] -- C:\Windows\he [2013.04.14 17:06:57 | 000,000,000 | ---D | C] -- C:\Windows\it [2013.04.14 17:06:48 | 000,000,000 | ---D | C] -- C:\Windows\nl [2013.04.14 17:06:31 | 000,000,000 | ---D | C] -- C:\Windows\ru [2013.04.14 17:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ar [2013.04.14 16:53:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2013.04.14 16:53:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2013.04.14 16:53:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2013.04.14 16:53:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2013.04.14 16:53:28 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2013.04.14 16:53:28 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2013.04.14 16:53:27 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2013.04.14 16:53:27 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2013.04.14 16:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.04.14 16:52:20 | 000,000,000 | R--D | C] -- C:\Users\ASUS\SkyDrive [2013.04.14 16:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.04.08 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\114___04 [2013.04.07 11:44:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\Images ========== Files - Modified Within 30 Days ========== [2013.04.29 15:55:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2013.04.29 15:02:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3021723594-1300924059-129605095-1000UA.job [2013.04.29 12:45:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 22:03:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 22:03:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 22:02:25 | 001,530,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.28 22:02:25 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.28 22:02:25 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.28 22:02:25 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.28 22:02:25 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.28 21:54:46 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys [2013.04.27 18:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3021723594-1300924059-129605095-1000Core.job [2013.04.26 15:11:48 | 000,241,105 | ---- | M] () -- C:\Users\ASUS\Desktop\IMG_1273.JPG [2013.04.26 15:11:23 | 000,250,044 | ---- | M] () -- C:\Users\ASUS\Desktop\IMG_1272.JPG [2013.04.26 15:10:22 | 000,246,888 | ---- | M] () -- C:\Users\ASUS\Desktop\IMG_1271.JPG [2013.04.26 14:55:44 | 000,339,618 | ---- | M] () -- C:\Users\ASUS\Desktop\IMG_1270.JPG [2013.04.26 14:52:29 | 000,311,620 | ---- | M] () -- C:\Users\ASUS\Desktop\IMG_1269.JPG [2013.04.26 14:52:20 | 000,385,014 | ---- | M] () -- C:\Users\ASUS\Desktop\IMG_1268.JPG [2013.04.23 17:09:12 | 000,002,119 | ---- | M] () -- C:\Users\ASUS\Desktop\Microsoft Security Essentials.lnk [2013.04.23 08:30:51 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe [2013.04.23 08:30:50 | 000,001,517 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.04.22 19:53:54 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.04.22 19:27:36 | 000,040,736 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.04.22 17:33:23 | 450,801,635 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.14 21:11:05 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.14 18:20:48 | 000,000,000 | ---- | M] () -- C:\END [2013.04.12 14:25:19 | 000,001,279 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ========== Files Created - No Company Name ========== [2013.04.26 15:16:54 | 000,250,044 | ---- | C] () -- C:\Users\ASUS\Desktop\IMG_1272.JPG [2013.04.26 15:16:54 | 000,246,888 | ---- | C] () -- C:\Users\ASUS\Desktop\IMG_1271.JPG [2013.04.26 15:16:54 | 000,241,105 | ---- | C] () -- C:\Users\ASUS\Desktop\IMG_1273.JPG [2013.04.26 14:57:14 | 000,385,014 | ---- | C] () -- C:\Users\ASUS\Desktop\IMG_1268.JPG [2013.04.26 14:57:14 | 000,339,618 | ---- | C] () -- C:\Users\ASUS\Desktop\IMG_1270.JPG [2013.04.26 14:57:14 | 000,311,620 | ---- | C] () -- C:\Users\ASUS\Desktop\IMG_1269.JPG [2013.04.23 17:09:12 | 000,002,119 | ---- | C] () -- C:\Users\ASUS\Desktop\Microsoft Security Essentials.lnk [2013.04.22 19:53:46 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.04.22 19:30:57 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.04.22 17:33:23 | 450,801,635 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.14 21:11:05 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.14 21:09:34 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.04.14 17:06:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.04.14 17:05:56 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.04.14 16:52:20 | 000,002,137 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013.04.11 22:40:06 | 000,002,419 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013.03.31 19:58:34 | 000,001,441 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.30 13:05:02 | 000,000,600 | ---- | C] () -- C:\Users\ASUS\PUTTY.RND [2012.12.02 20:30:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.02 20:30:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.02 20:30:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.02 20:30:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.02 20:30:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.08.29 01:30:45 | 000,000,016 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\blckdom.res [2012.07.21 11:13:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.02.28 14:42:05 | 000,003,584 | ---- | C] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.30 19:10:24 | 008,095,216 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.23 16:48:38 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.09.16 10:21:16 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.09.16 10:20:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.16 10:20:19 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.16 10:20:15 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.09.16 10:20:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.09.16 10:20:10 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.20 15:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 14:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.12.27 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ASUS WebStorage [2012.12.10 18:50:51 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\AVG2013 [2013.03.30 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Dropbox [2013.02.25 14:46:42 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\DVDVideoSoft [2013.02.25 14:46:58 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.10 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Fighters [2013.02.25 22:58:48 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Gawa [2012.08.29 01:30:29 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\kock [2011.11.30 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Nuance [2013.02.25 14:46:41 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\OpenCandy [2012.02.21 17:29:05 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\OpenOffice.org [2013.03.22 15:24:10 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Siro [2013.04.04 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\SoftGrid Client [2013.04.28 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Spotify [2011.11.30 19:10:58 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TP [2012.12.10 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TuneUp Software [2012.08.29 01:42:09 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\UAs [2012.08.29 01:42:39 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\xmldm [2012.02.22 11:10:08 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\XSManager [2013.02.25 22:58:48 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Yhhyax [2011.11.30 18:38:53 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2013 15:55:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 49,66% Memory free 7,81 Gb Paging File | 5,46 Gb Available in Paging File | 69,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,30 Gb Total Space | 22,64 Gb Free Space | 12,15% Space Free | Partition Type: NTFS Drive D: | 254,46 Gb Total Space | 59,44 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Computer Name: LAURA-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05AF5A13-822F-4782-9C4F-C2D4ACC2515D}" = lport=139 | protocol=6 | dir=in | app=system | "{39F71C17-FCFA-4DD1-B724-40244DD4C7BC}" = rport=137 | protocol=17 | dir=out | app=system | "{3CE4069B-2A44-4176-AD99-FB71F45219CC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4A4E9E47-A115-449A-A78C-F2196A97A92E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4BCD9A7B-2D1D-40B0-82C9-76CC96E0ABF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{6CDE0C70-7B58-4EC2-8204-78019CB45F90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{71D57DED-0077-4C69-BED3-76EF9F28CB02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8202EBC9-DB42-4A95-9BB7-920A1C6C0867}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{85016A81-69BB-4C2F-9DC3-03EED5C76C34}" = rport=445 | protocol=6 | dir=out | app=system | "{8573FC85-F023-441B-8AD2-3BE1C4E601C5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{89D14652-A970-49AB-B7EB-585D58DA275D}" = lport=445 | protocol=6 | dir=in | app=system | "{A22FF55A-A024-4C2E-B863-2E8CAC4D5688}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{AE240883-5432-4AA5-BF00-056728F929A0}" = rport=2869 | protocol=6 | dir=out | app=system | "{B053BB45-F167-450F-8432-0E3B0E4239DE}" = rport=138 | protocol=17 | dir=out | app=system | "{B87F5C40-7ECF-4B0A-88A6-A1AC09AB7C50}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BFC6774F-48E9-4F7D-94EF-4097C649DBB8}" = lport=138 | protocol=17 | dir=in | app=system | "{D549A624-6355-40D9-B957-A02DFA4A40FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D69DD1CE-CDB6-4FB5-B50F-74DC788D1CA6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D85250CD-EB06-43CD-8321-8B90D43DE286}" = lport=2869 | protocol=6 | dir=in | app=system | "{E0D8434D-3208-4C27-9BBE-98FD01F4EF36}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E32ABCBE-A08D-40BB-B580-0B9745B6100A}" = rport=139 | protocol=6 | dir=out | app=system | "{EDB48F74-6812-45BB-8E10-852CD80552B0}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1842CA3E-3672-4455-8BFE-666738DC6E26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{1B11CA4E-BC6A-4A6D-B46B-EA97DADEF471}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{35638AF3-B0E8-4EAA-A3B3-DBBC2BCCB8C7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{4DFC5816-D80C-4FF6-8C2D-EDE89300EEAA}" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | "{58C2A6F4-3D33-4C1A-9A96-63274282C199}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5BE501A1-6D86-44D5-BF9A-FCE0C3922EF5}" = dir=in | app=c:\users\asus\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{5BE72660-77AA-4D5F-A6BB-E754FE0E4891}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6F8A8B6D-FD04-42F4-9E60-709A83A298A9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{70992C07-972B-45C2-9BCB-A4FAC257B0B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{79AB7383-2D74-4F96-AE82-79C237BA1767}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7AA89D1E-3D44-443D-BDC8-73D815F1F86A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7B189952-B74F-42E6-9038-DAD3D3659A9D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7C59776E-821B-45FA-8360-18C4823B1B87}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{876DC828-0E3A-4579-B146-C7CC37879667}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8EF5741C-E0D6-43E5-AC4D-3E2CE2E82933}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{92C1E7BE-9A05-481D-8508-730B2922A60C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A633EFCC-9A48-4A51-8880-89B5F4976AA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A9531CE9-58C8-43A8-86B2-5EA54E5A7346}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{AD4910B4-DFE1-41F9-B440-F8437734B11B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{B65C1DDE-B7EE-4450-A20C-757AB65954A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D456EE7C-796E-48B6-A2D7-B5DCB354DBB1}" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | "{D9D8185F-DFFD-4E7B-8A02-19BFCAE9CCE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA642985-753A-4668-A5B1-F7686714576A}" = dir=in | app=c:\users\asus\appdata\local\microsoft\skydrive\skydrive.exe | "{DDDC0477-6971-4DB6-A572-A12E4E7F18B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F25EC7D9-4414-4931-8148-D0EFE8D42BA0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FEF7B4D0-D5C4-462E-8D43-30AAAB76AC03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{12610375-DB0F-4993-953B-EFE48056E677}C:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe | "TCP Query User{2495FDA3-0838-4748-823E-812EA8216D4F}C:\users\asus\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\asus\desktop\call of duty 2\cod2mp_s.exe | "TCP Query User{92F33D40-EFC2-4ED3-B2C4-4B9CEF78738A}C:\program files\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 2\cod2mp_s.exe | "TCP Query User{BD5A7FA5-169E-4E7B-913B-7E97D03F0F27}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | "TCP Query User{D8CF244B-0B35-4A03-8635-046E8BA450C8}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{FB7DBC55-A5DA-4038-BC21-DB40EC5D1B70}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | "UDP Query User{00FEA2B9-6965-422E-A981-7F29C323EF35}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{31E0E54B-9C95-438D-8ACF-8A31951DB00E}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | "UDP Query User{511AA34B-5B2B-4F88-8231-815EBB502B35}C:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe | "UDP Query User{60C29423-E194-498C-8EBD-9A0BBE340904}C:\program files\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 2\cod2mp_s.exe | "UDP Query User{9B27133F-B490-4176-9051-E261E15CE19D}C:\users\asus\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\asus\desktop\call of duty 2\cod2mp_s.exe | "UDP Query User{EE829D6E-F938-442E-A8C6-5760EED8A570}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "AVG" = AVG 2013 "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000AD938-EEBB-46F5-BD33-23CB34A57C54}" = Movie Maker "{01ABAEC3-8F96-4D00-9672-E49AAFDC0685}" = Windows Live Writer Resources "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common "{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail "{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common "{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials "{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker "{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия) "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger "{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{43CCAC37-4E31-495F-9077-471E4E92DCEA}" = Windows Live Messenger "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack "{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{5006FD66-7E9B-4F92-BD36-275AD7712348}" = معرض الصور "{525E7EA7-481F-499D-A7F7-4682AC46A454}" = Movie Maker "{5681FEA2-1CF8-461E-B611-55D2C50FC4EF}" = بريد Windows Live "{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live "{608FB285-F572-48DE-AE44-28ABFF3F6BF9}" = Internet Turbo "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker "{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{69FCA957-224F-4623-8BE0-6295CFB2C3E4}" = Windows Live Mail "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0 "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources "{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger "{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail "{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials "{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials "{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources "{A132CE8A-79EA-4BB5-9A24-4348B4DDD48A}" = Photo Common "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker "{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών "{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker "{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials "{B27EDD14-869E-4A44-905A-5DE652F7278F}" = Windows Live Messenger "{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger "{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger "{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3 "{C4E8BC59-BD60-4B73-999B-758890DF4E62}" = Windows Live Writer Resources "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C8BBA220-8549-462A-B411-1AF44DE098B5}" = Photo Common "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack "{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources "{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E37CD6E8-BC51-4D48-9840-803EC3B418D3}" = גלריית התמונות "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E513E8F5-24BC-4F37-B3CA-D41E84960E99}" = Internet Turbo "{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail "{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack "{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集 "{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common "{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources "{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery "{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "ASUS_Screensaver" = ASUS_Screensaver "ESET Online Scanner" = ESET Online Scanner v3 "FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar "Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "WinLiveSuite" = Windows Live Essentials "XSManager" = XSManager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{b793dc48-4dad-42f1-9be3-8774faa2ec35}" = Internet Turbo Engine "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.03.2013 10:02:55 | Computer Name = ***-PC | Source = Iminent | ID = 0 Description = Error - 28.03.2013 06:36:02 | Computer Name = ***-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 29.03.2013 11:07:29 | Computer Name = ***-PC | Source = Google Update | ID = 20 Description = Error - 29.03.2013 14:26:44 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8554 Startzeit: 01ce2caae9377dfa Endzeit: 0 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 29.03.2013 15:02:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 30.03.2013 08:19:13 | Computer Name = ***-PC | Source = Iminent | ID = 0 Description = Error - 30.03.2013 08:27:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: umbrella.exe, Version: 3.4.5.2, Zeitstempel: 0x51025680 Name des fehlerhaften Moduls: umbrella.exe, Version: 3.4.5.2, Zeitstempel: 0x51025680 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006884b ID des fehlerhaften Prozesses: 0x89c Startzeit der fehlerhaften Anwendung: 0x01ce2d408465fe49 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe Berichtskennung: 3bf9140b-9935-11e2-83b1-5404a63c0fef Error - 30.03.2013 08:27:55 | Computer Name = ***-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Die Anwendung oder der Dienst "SProtection" konnte nicht neu gestartet werden. Error - 30.03.2013 08:33:44 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm WEB.DE_MailCheck_Broker.exe, Version 2.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ee0 Startzeit: 01ce2d42aab1ebd5 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe Berichts-ID: 074efb14-9936-11e2-b24b-5404a63c0fef Error - 30.03.2013 08:40:48 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Error - 31.03.2013 13:58:09 | Computer Name = ***-PC | Source = ESENT | ID = 215 Description = WinMail (3804) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error encountered while reading event logs. < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2013 15:55:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 49,66% Memory free 7,81 Gb Paging File | 5,46 Gb Available in Paging File | 69,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,30 Gb Total Space | 22,64 Gb Free Space | 12,15% Space Free | Partition Type: NTFS Drive D: | 254,46 Gb Total Space | 59,44 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Computer Name: LAURA-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05AF5A13-822F-4782-9C4F-C2D4ACC2515D}" = lport=139 | protocol=6 | dir=in | app=system | "{39F71C17-FCFA-4DD1-B724-40244DD4C7BC}" = rport=137 | protocol=17 | dir=out | app=system | "{3CE4069B-2A44-4176-AD99-FB71F45219CC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4A4E9E47-A115-449A-A78C-F2196A97A92E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4BCD9A7B-2D1D-40B0-82C9-76CC96E0ABF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{6CDE0C70-7B58-4EC2-8204-78019CB45F90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{71D57DED-0077-4C69-BED3-76EF9F28CB02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8202EBC9-DB42-4A95-9BB7-920A1C6C0867}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{85016A81-69BB-4C2F-9DC3-03EED5C76C34}" = rport=445 | protocol=6 | dir=out | app=system | "{8573FC85-F023-441B-8AD2-3BE1C4E601C5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{89D14652-A970-49AB-B7EB-585D58DA275D}" = lport=445 | protocol=6 | dir=in | app=system | "{A22FF55A-A024-4C2E-B863-2E8CAC4D5688}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{AE240883-5432-4AA5-BF00-056728F929A0}" = rport=2869 | protocol=6 | dir=out | app=system | "{B053BB45-F167-450F-8432-0E3B0E4239DE}" = rport=138 | protocol=17 | dir=out | app=system | "{B87F5C40-7ECF-4B0A-88A6-A1AC09AB7C50}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BFC6774F-48E9-4F7D-94EF-4097C649DBB8}" = lport=138 | protocol=17 | dir=in | app=system | "{D549A624-6355-40D9-B957-A02DFA4A40FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D69DD1CE-CDB6-4FB5-B50F-74DC788D1CA6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D85250CD-EB06-43CD-8321-8B90D43DE286}" = lport=2869 | protocol=6 | dir=in | app=system | "{E0D8434D-3208-4C27-9BBE-98FD01F4EF36}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E32ABCBE-A08D-40BB-B580-0B9745B6100A}" = rport=139 | protocol=6 | dir=out | app=system | "{EDB48F74-6812-45BB-8E10-852CD80552B0}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1842CA3E-3672-4455-8BFE-666738DC6E26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{1B11CA4E-BC6A-4A6D-B46B-EA97DADEF471}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{35638AF3-B0E8-4EAA-A3B3-DBBC2BCCB8C7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{4DFC5816-D80C-4FF6-8C2D-EDE89300EEAA}" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | "{58C2A6F4-3D33-4C1A-9A96-63274282C199}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5BE501A1-6D86-44D5-BF9A-FCE0C3922EF5}" = dir=in | app=c:\users\asus\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{5BE72660-77AA-4D5F-A6BB-E754FE0E4891}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6F8A8B6D-FD04-42F4-9E60-709A83A298A9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{70992C07-972B-45C2-9BCB-A4FAC257B0B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{79AB7383-2D74-4F96-AE82-79C237BA1767}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7AA89D1E-3D44-443D-BDC8-73D815F1F86A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7B189952-B74F-42E6-9038-DAD3D3659A9D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7C59776E-821B-45FA-8360-18C4823B1B87}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{876DC828-0E3A-4579-B146-C7CC37879667}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8EF5741C-E0D6-43E5-AC4D-3E2CE2E82933}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{92C1E7BE-9A05-481D-8508-730B2922A60C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A633EFCC-9A48-4A51-8880-89B5F4976AA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A9531CE9-58C8-43A8-86B2-5EA54E5A7346}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{AD4910B4-DFE1-41F9-B440-F8437734B11B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{B65C1DDE-B7EE-4450-A20C-757AB65954A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D456EE7C-796E-48B6-A2D7-B5DCB354DBB1}" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | "{D9D8185F-DFFD-4E7B-8A02-19BFCAE9CCE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA642985-753A-4668-A5B1-F7686714576A}" = dir=in | app=c:\users\asus\appdata\local\microsoft\skydrive\skydrive.exe | "{DDDC0477-6971-4DB6-A572-A12E4E7F18B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F25EC7D9-4414-4931-8148-D0EFE8D42BA0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FEF7B4D0-D5C4-462E-8D43-30AAAB76AC03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{12610375-DB0F-4993-953B-EFE48056E677}C:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe | "TCP Query User{2495FDA3-0838-4748-823E-812EA8216D4F}C:\users\asus\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\asus\desktop\call of duty 2\cod2mp_s.exe | "TCP Query User{92F33D40-EFC2-4ED3-B2C4-4B9CEF78738A}C:\program files\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 2\cod2mp_s.exe | "TCP Query User{BD5A7FA5-169E-4E7B-913B-7E97D03F0F27}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | "TCP Query User{D8CF244B-0B35-4A03-8635-046E8BA450C8}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{FB7DBC55-A5DA-4038-BC21-DB40EC5D1B70}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | "UDP Query User{00FEA2B9-6965-422E-A981-7F29C323EF35}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{31E0E54B-9C95-438D-8ACF-8A31951DB00E}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | "UDP Query User{511AA34B-5B2B-4F88-8231-815EBB502B35}C:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\local\temp\showmypc\smpc3152\smpcph.exe | "UDP Query User{60C29423-E194-498C-8EBD-9A0BBE340904}C:\program files\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 2\cod2mp_s.exe | "UDP Query User{9B27133F-B490-4176-9051-E261E15CE19D}C:\users\asus\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\asus\desktop\call of duty 2\cod2mp_s.exe | "UDP Query User{EE829D6E-F938-442E-A8C6-5760EED8A570}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "AVG" = AVG 2013 "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000AD938-EEBB-46F5-BD33-23CB34A57C54}" = Movie Maker "{01ABAEC3-8F96-4D00-9672-E49AAFDC0685}" = Windows Live Writer Resources "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common "{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail "{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common "{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials "{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker "{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия) "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger "{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{43CCAC37-4E31-495F-9077-471E4E92DCEA}" = Windows Live Messenger "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack "{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{5006FD66-7E9B-4F92-BD36-275AD7712348}" = معرض الصور "{525E7EA7-481F-499D-A7F7-4682AC46A454}" = Movie Maker "{5681FEA2-1CF8-461E-B611-55D2C50FC4EF}" = بريد Windows Live "{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live "{608FB285-F572-48DE-AE44-28ABFF3F6BF9}" = Internet Turbo "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker "{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{69FCA957-224F-4623-8BE0-6295CFB2C3E4}" = Windows Live Mail "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0 "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources "{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger "{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail "{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials "{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials "{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources "{A132CE8A-79EA-4BB5-9A24-4348B4DDD48A}" = Photo Common "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker "{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών "{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker "{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials "{B27EDD14-869E-4A44-905A-5DE652F7278F}" = Windows Live Messenger "{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger "{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger "{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3 "{C4E8BC59-BD60-4B73-999B-758890DF4E62}" = Windows Live Writer Resources "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C8BBA220-8549-462A-B411-1AF44DE098B5}" = Photo Common "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack "{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources "{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E37CD6E8-BC51-4D48-9840-803EC3B418D3}" = גלריית התמונות "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E513E8F5-24BC-4F37-B3CA-D41E84960E99}" = Internet Turbo "{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail "{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack "{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集 "{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common "{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources "{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery "{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "ASUS_Screensaver" = ASUS_Screensaver "ESET Online Scanner" = ESET Online Scanner v3 "FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar "Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "WinLiveSuite" = Windows Live Essentials "XSManager" = XSManager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3021723594-1300924059-129605095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{b793dc48-4dad-42f1-9be3-8774faa2ec35}" = Internet Turbo Engine "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.03.2013 10:02:55 | Computer Name = ***-PC | Source = Iminent | ID = 0 Description = Error - 28.03.2013 06:36:02 | Computer Name = ***-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 29.03.2013 11:07:29 | Computer Name = ***-PC | Source = Google Update | ID = 20 Description = Error - 29.03.2013 14:26:44 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8554 Startzeit: 01ce2caae9377dfa Endzeit: 0 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 29.03.2013 15:02:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 30.03.2013 08:19:13 | Computer Name = ***-PC | Source = Iminent | ID = 0 Description = Error - 30.03.2013 08:27:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: umbrella.exe, Version: 3.4.5.2, Zeitstempel: 0x51025680 Name des fehlerhaften Moduls: umbrella.exe, Version: 3.4.5.2, Zeitstempel: 0x51025680 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006884b ID des fehlerhaften Prozesses: 0x89c Startzeit der fehlerhaften Anwendung: 0x01ce2d408465fe49 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe Berichtskennung: 3bf9140b-9935-11e2-83b1-5404a63c0fef Error - 30.03.2013 08:27:55 | Computer Name = ***-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Die Anwendung oder der Dienst "SProtection" konnte nicht neu gestartet werden. Error - 30.03.2013 08:33:44 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm WEB.DE_MailCheck_Broker.exe, Version 2.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ee0 Startzeit: 01ce2d42aab1ebd5 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe Berichts-ID: 074efb14-9936-11e2-b24b-5404a63c0fef Error - 30.03.2013 08:40:48 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Error - 31.03.2013 13:58:09 | Computer Name = ***-PC | Source = ESENT | ID = 215 Description = WinMail (3804) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error encountered while reading event logs. < End of report > |
29.04.2013, 15:18 | #4 |
/// TB-Ausbilder | "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet Servus, ok, gut gemacht. Fehlen nur noch die Logdateien von Microsoft Security Essentials, Defogger und GMER. |
29.04.2013, 15:46 | #5 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:13 on 29/04/2013 (ASUS) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Der Log von GMER ist irgendwie zu lang und ich soll den als Archiv anhängen. Wie mach ich das? Und woher bekomme ich die Logfiles von Microsoft Security Essentials? GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-29 16:31:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\ASUS\AppData\Local\Temp\ugloapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 6 bytes [68, A0, CF, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 6 bytes [68, 92, 18, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 6 bytes [68, D1, 18, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 6 bytes [68, F7, 17, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 6 bytes [68, 87, 17, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 6 bytes [68, 37, 18, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 6 bytes [68, D9, DC, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 6 bytes [68, 4F, 57, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 7F, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3952] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 7E, 02, C3] .text C:\Users\ASUS\AppData\Roaming\Yhhyax\afre.exe[3960] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 41, 00, C3] .text C:\Users\ASUS\AppData\Roaming\Yhhyax\afre.exe[3960] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 41, 00, C3] .text C:\Users\ASUS\AppData\Roaming\Yhhyax\afre.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Users\ASUS\AppData\Roaming\Yhhyax\afre.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 3B] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 3B] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 3B] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 3B] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 3B] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 3B] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 3B] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 3C] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 3B, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 3C, 00, C3] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.exe[4040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 50] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 51, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 50, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 51, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 51, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 51, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 50, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 50, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 50, 00, C3] .text C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1172] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 50, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, B7] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, B7] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, B7] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, B7] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, B7] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, B7] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, B7] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, B8] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, B7, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[928] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, B8, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 14] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 15, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 14, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 15, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 15, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 15, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 14, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 14, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 1A] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 1A] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 1A] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 1A] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 1A] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 1A] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 1A] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 1B] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4104] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 1B] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4124] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 1A] |
29.04.2013, 15:53 | #6 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 1A] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 1B] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 1A, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4136] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 1B, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 0D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 0D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 0D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 0D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 0D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 0D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 0D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 0E] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 0D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 0E, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4224] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 0E, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 1A] .text C:\Windows\starter4g.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 1A] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 1A] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 1A] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 1A] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 1A] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 1A] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 1B] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 1A, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 1B, 00, C3] .text C:\Windows\starter4g.exe[4324] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 1B, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 06] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 06] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 06] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 06] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 06] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 06] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 06] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 07] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 06, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 07, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4376] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 07, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 0A] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 0A] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 0A] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 0A] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 0A] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 0A] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 0A] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 0B, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 0B] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 0A, 00, C3] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Windows\AsScrPro.exe[4416] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 89] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 89] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 89] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 89] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 89] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 89] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 89] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 8A] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 89, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 8A, 00, C3] .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 8A, 00, C3] |
29.04.2013, 15:56 | #7 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet .text C:\Windows\AsScrPro.exe[4416] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 8A, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 6 bytes [68, A0, CF, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 6 bytes [68, 92, 18, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 6 bytes [68, D1, 18, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 6 bytes [68, F7, 17, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 6 bytes [68, 87, 17, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 6 bytes [68, 37, 18, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 6 bytes [68, D9, DC, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 6 bytes [68, 4F, 57, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, A1, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, A2, 02, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4548] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, A2, 02, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 5D] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 5D] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 5D] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 5D] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 5D] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 5D] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 5D] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 5E] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 5E, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 5D, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[5432] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 5D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 6 bytes [68, A0, CF, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes [68, BD, 57, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes [68, 03, 58, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 6 bytes [68, 92, 18, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 6 bytes [68, D1, 18, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 6 bytes [68, F7, 17, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 6 bytes [68, 87, 17, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075bf2da4 5 bytes JMP 0000000163569884 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 6 bytes [68, 37, 18, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075c0cbf3 5 bytes JMP 00000001636b590f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075c0cfca 3 bytes JMP 00000001634c15bb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 0000000075c0cfce 1 byte [ED] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 6 bytes [68, D9, DC, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes [68, 9C, DC, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075c2cb0c 5 bytes JMP 00000001636b58aa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075c2ce64 5 bytes JMP 00000001636b5974 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075c3fbd1 5 bytes JMP 00000001636b5831 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075c3fc9d 5 bytes JMP 00000001636b57b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c3fcd6 5 bytes JMP 00000001636b5754 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c3fcfa 5 bytes JMP 00000001636b56f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 6 bytes [68, 4F, 57, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075ad93fc 5 bytes JMP 00000001636b5b29 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, AF, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007505388e 5 bytes JMP 00000001636b59d9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000750f7922 5 bytes JMP 00000001636b5a81 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000755f2694 5 bytes JMP 00000001636b5d21 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, AE, 04, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[10932] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, AE, 04, C3] ? C:\Windows\system32\mssprxy.dll [10932] entry point in ".rdata" section 000000006fdf71e6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d1090c 4 bytes [68, A0, CF, 06] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d10911 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d225dd 6 bytes JMP 0000000163587b52 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d2c43a 6 bytes [68, CB, D0, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d324e0 6 bytes JMP 0000000163529345 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d54100 6 bytes [68, 49, 58, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d6aa9d 6 bytes [68, 8F, 58, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000754534d5 5 bytes JMP 0000000163527133 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075454574 6 bytes [68, 34, D3, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075457a10 6 bytes [68, F3, D2, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076f0c592 6 bytes [68, B1, D3, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA 0000000076f114b3 5 bytes JMP 000000016ae8bd70 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000076f114d6 5 bytes JMP 000000016ae8bdc0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076f42538 6 bytes [68, 9A, D3, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetDC 0000000075be72c4 4 bytes [68, 92, 18, 06] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075be72c9 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075be7446 6 bytes [68, 10, 19, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075be7809 6 bytes [68, A5, 5D, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075be78e2 6 bytes [68, 22, DE, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075be7bd3 6 bytes [68, 4A, DE, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075be8048 4 bytes [68, D1, 18, 06] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075be804d 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075be8a29 5 bytes JMP 000000016358ff57 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075be8a65 6 bytes [68, C1, 5A, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075beb17d 6 bytes [68, 5B, 5B, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075bed22e 5 bytes JMP 0000000163533173 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075bedb98 6 bytes [68, AD, 5B, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bf05ba 6 bytes [68, 72, DE, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075bf0d32 6 bytes [68, F3, 59, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075bf1218 6 bytes [68, 55, DC, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075bf1341 4 bytes [68, F7, 17, 06] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075bf1346 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075bf1361 4 bytes [68, 87, 17, 06] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075bf1366 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075bf291f 5 bytes JMP 000000016350dae3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075bf2a8d 6 bytes [68, 23, DC, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075bf2aac 6 bytes [68, 83, DD, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075bf2da4 5 bytes JMP 0000000163569884 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075bf3391 4 bytes [68, 37, 18, 06] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075bf3396 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075bf434b 6 bytes [68, 0E, 5B, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bf5f74 6 bytes [68, 9D, DE, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075bf6222 6 bytes [68, E3, 19, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bf6285 5 bytes JMP 0000000163587aef .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075bf7603 5 bytes JMP 0000000163561fe4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075bf792f 6 bytes [68, 3C, 5A, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075bf7fbb 6 bytes [68, 1E, 59, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075bf810c 6 bytes [68, AD, 59, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075bf85c1 6 bytes [68, D5, 58, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075bf86b4 6 bytes [68, 67, 59, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075bfb029 5 bytes JMP 00000001636b5cb1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075bfc63e 5 bytes JMP 00000001636b5ce9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075c050ed 5 bytes JMP 00000001636b63de .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075c05246 5 bytes JMP 00000001636b5c41 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075c0b99c 5 bytes JMP 00000001636b66b2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!TrackPopupMenu 0000000075c0c288 5 bytes JMP 000000010c5b4620 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!TrackPopupMenuEx 0000000075c0c2ac 5 bytes JMP 000000010c5b4750 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075c0c701 5 bytes JMP 00000001636b6406 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075c0cbf3 5 bytes JMP 00000001636b590f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075c0cfca 3 bytes JMP 00000001634c15bb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 0000000075c0cfce 1 byte [ED] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075c0d41f 6 bytes [68, 50, 19, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075c0eb96 5 bytes JMP 000000016350dc09 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075c0ed49 6 bytes [68, 33, DD, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075c0ed56 4 bytes [68, D9, DC, 06] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075c0ed5b 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075c0f52b 5 bytes JMP 00000001635aeb70 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!SendInput 0000000075c0ff4a 5 bytes JMP 00000001636b6c75 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075c110dc 5 bytes JMP 00000001636b5c79 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075c114b2 5 bytes JMP 00000001636b6ccd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075c29854 6 bytes [68, 9F, 57, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075c29cfd 6 bytes JMP 00000001636b6d4e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075c29f1d 6 bytes [68, 54, 5F, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075c2cb0c 5 bytes JMP 00000001636b58aa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075c2ce64 5 bytes JMP 00000001636b5974 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075c3fbd1 5 bytes JMP 00000001636b5831 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075c3fc9d 5 bytes JMP 00000001636b57b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c3fcd6 5 bytes JMP 00000001636b5754 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c3fcfa 5 bytes JMP 00000001636b56f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!MessageBoxA 0000000075c3fd1e 5 bytes JMP 000000016ae8c590 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!MessageBoxW 0000000075c3fd3f 5 bytes JMP 000000016ae8c5f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075c402bf 5 bytes JMP 00000001636b6c32 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075c487cb 4 bytes [68, 4F, 57, 07] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075c487d0 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076b76143 4 bytes JMP 00000001636b6110 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076bb9d0b 4 bytes JMP 000000016358b6d4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075a73e59 5 bytes JMP 00000001636b6208 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075a73eae 5 bytes JMP 00000001636b6286 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075a74731 5 bytes JMP 00000001636b617a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075a75dee 5 bytes JMP 00000001636b6226 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075ad93fc 5 bytes JMP 00000001636b5b29 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076cdb7c4 6 bytes [68, DC, 08, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076cdd29a 6 bytes [68, 7C, 0A, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000076cdea3a 6 bytes [68, 49, 09, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076ce22e4 6 bytes [68, 50, 0A, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076d05539 6 bytes [68, 1E, 06, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076d05dcb 6 bytes [68, DA, 05, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076d06109 6 bytes [68, 62, 06, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076d0b606 6 bytes [68, 77, 09, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076d1afe4 6 bytes [68, 0C, 07, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076d1b0b9 6 bytes [68, 46, 08, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076d35445 6 bytes [68, F6, 09, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076d35770 6 bytes [68, B7, 06, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076d7e7e5 6 bytes [68, A9, 07, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076d7e8b7 6 bytes [68, 91, 08, 07, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075b93918 6 bytes [68, 27, E3, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075b94296 6 bytes [68, 38, DF, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075b94406 6 bytes [68, 80, E3, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WS2_32.dll!send 0000000075b96f01 6 bytes [68, 5F, E3, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075ba7673 6 bytes [68, C8, DE, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000758d0ddc 6 bytes [68, 89, 7E, 06, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007505388e 5 bytes JMP 00000001636b59d9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000750f7922 5 bytes JMP 00000001636b5a81 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000755e33a3 5 bytes JMP 00000001636b5dc5 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000755f2694 5 bytes JMP 00000001636b5d21 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11556] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000755fe8ff 5 bytes JMP 00000001636b5e91 ---- Threads - GMER 2.1 ---- Thread [3328:2628] 0000000077d341f3 Thread [3328:4112] 0000000074e67832 Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5044:1456] 000007fef157472c Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5044:4352] 000007fef16b80ec Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5044:3260] 000007fef16b80ec ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) ---- EOF - GMER 2.1 ---- Tut mir Leid ich musste das in drei Teile aufteilen. Ich hoffe das ist ok so. Wie komme ich jetzt an die Logfiles von MSE? |
29.04.2013, 18:50 | #8 |
/// TB-Ausbilder | "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet Servus, versuchs mal hier: C:\ProgramData\Microsoft\Microsoft Antimalware\Support C:\ProgramData\Microsoft\Microsoft Security Essentials\Support |
29.04.2013, 22:19 | #9 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet === Verbose logging started: 22.04.2013 19:30:02 Build type: SHIP UNICODE 5.00.7601.00 Calling process: d:\5ad2265a2de683e8e22393\amd64\Setup.exe === MSI (c) (84:EC) [19:30:02:201]: Resetting cached policy values MSI (c) (84:EC) [19:30:02:201]: Machine policy value 'Debug' is 0 MSI (c) (84:EC) [19:30:02:201]: ******* RunEngine: ******* Product: d:\5ad2265a2de683e8e22393\amd64\epp.msi ******* Action: ******* CommandLine: ********** MSI (c) (84:EC) [19:30:02:201]: Client-side and UI is none or basic: Running entire install on the server. MSI (c) (84:EC) [19:30:05:212]: Failed to grab execution mutex. System error 258. MSI (c) (84:EC) [19:30:05:212]: Cloaking enabled. MSI (c) (84:EC) [19:30:05:212]: Attempting to enable all disabled privileges before calling Install on Server MSI (c) (84:EC) [19:30:05:212]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (c) (84:EC) [19:30:05:212]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (84:EC) [19:30:05:212]: MainEngineThread is returning 1618 === Verbose logging stopped: 22.04.2013 19:30:05 === === Verbose logging started: 22.04.2013 19:30:15 Build type: SHIP UNICODE 5.00.7601.00 Calling process: d:\5ad2265a2de683e8e22393\amd64\Setup.exe === MSI (c) (84:4C) [19:30:15:227]: Resetting cached policy values MSI (c) (84:4C) [19:30:15:227]: Machine policy value 'Debug' is 0 MSI (c) (84:4C) [19:30:15:227]: ******* RunEngine: ******* Product: d:\5ad2265a2de683e8e22393\amd64\epp.msi ******* Action: ******* CommandLine: ********** MSI (c) (84:4C) [19:30:15:227]: Client-side and UI is none or basic: Running entire install on the server. MSI (c) (84:4C) [19:30:18:238]: Failed to grab execution mutex. System error 258. MSI (c) (84:4C) [19:30:18:238]: Cloaking enabled. MSI (c) (84:4C) [19:30:18:238]: Attempting to enable all disabled privileges before calling Install on Server MSI (c) (84:4C) [19:30:18:238]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (c) (84:4C) [19:30:18:238]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (84:4C) [19:30:18:238]: MainEngineThread is returning 1618 === Verbose logging stopped: 22.04.2013 19:30:18 === MSI (s) (6C:54) [19:31:55:452]: User policy value 'DisableRollback' is 0 MSI (s) (6C:54) [19:31:55:452]: Machine policy value 'DisableRollback' is 0 MSI (s) (6C:54) [19:31:55:452]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (6C:54) [19:31:55:452]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (6C:54) [19:31:55:452]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (6C:54) [19:31:55:452]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (s) (6C:54) [19:31:55:452]: Restoring environment variables MSI (s) (6C:54) [19:31:55:452]: Destroying RemoteAPI object. MSI (s) (6C:F4) [19:31:55:452]: Custom Action Manager thread ending. === Verbose logging started: 22.04.2013 19:53:39 Build type: SHIP UNICODE 5.00.7601.00 Calling process: d:\e7c248284070f03bb2c8732485aefe93\amd64\Setup.exe === MSI (c) (64:00) [19:53:39:849]: Resetting cached policy values MSI (c) (64:00) [19:53:39:849]: Machine policy value 'Debug' is 0 MSI (c) (64:00) [19:53:39:849]: ******* RunEngine: ******* Product: d:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi ******* Action: ******* CommandLine: ********** MSI (c) (64:00) [19:53:39:849]: Client-side and UI is none or basic: Running entire install on the server. MSI (c) (64:00) [19:53:39:849]: Grabbed execution mutex. MSI (c) (64:00) [19:53:39:859]: Cloaking enabled. MSI (c) (64:00) [19:53:39:859]: Attempting to enable all disabled privileges before calling Install on Server MSI (c) (64:00) [19:53:39:859]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (08:A4) [19:53:39:859]: Running installation inside multi-package transaction d:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi MSI (s) (08:A4) [19:53:39:859]: Grabbed execution mutex. MSI (s) (08:FC) [19:53:39:859]: Resetting cached policy values MSI (s) (08:FC) [19:53:39:859]: Machine policy value 'Debug' is 0 MSI (s) (08:FC) [19:53:39:859]: ******* RunEngine: ******* Product: d:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi ******* Action: ******* CommandLine: ********** MSI (s) (08:FC) [19:53:39:859]: Machine policy value 'DisableUserInstalls' is 0 MSI (s) (08:FC) [19:53:39:879]: SRSetRestorePoint skipped for this transaction. MSI (s) (08:FC) [19:53:39:879]: File will have security applied from OpCode. MSI (s) (08:FC) [19:53:39:889]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'd:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi' against software restriction policy MSI (s) (08:FC) [19:53:39:889]: SOFTWARE RESTRICTION POLICY: d:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi has a digital signature MSI (s) (08:FC) [19:53:39:959]: SOFTWARE RESTRICTION POLICY: d:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi is permitted to run at the 'unrestricted' authorization level. MSI (s) (08:FC) [19:53:39:959]: End dialog not enabled MSI (s) (08:FC) [19:53:39:959]: Original package ==> d:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi MSI (s) (08:FC) [19:53:39:959]: Package we're running from ==> C:\Windows\Installer\809e05.msi MSI (s) (08:FC) [19:53:39:959]: APPCOMPAT: Compatibility mode property overrides found. MSI (s) (08:FC) [19:53:39:959]: APPCOMPAT: looking for appcompat database entry with ProductCode '{D954C6C2-544B-4091-A47F-11E77162883E}'. MSI (s) (08:FC) [19:53:39:959]: APPCOMPAT: no matching ProductCode found in database. MSI (s) (08:FC) [19:53:39:969]: MSCOREE not loaded loading copy from system32 MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'TransformsSecure' is 0 MSI (s) (08:FC) [19:53:39:969]: User policy value 'TransformsAtSource' is 0 MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'DisablePatch' is 0 MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'AllowLockdownPatch' is 0 MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'DisableLUAPatching' is 0 MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'DisableFlyWeightPatching' is 0 MSI (s) (08:FC) [19:53:39:969]: APPCOMPAT: looking for appcompat database entry with ProductCode '{D954C6C2-544B-4091-A47F-11E77162883E}'. MSI (s) (08:FC) [19:53:39:969]: APPCOMPAT: no matching ProductCode found in database. MSI (s) (08:FC) [19:53:39:969]: Transforms are not secure. MSI (s) (08:FC) [19:53:39:969]: Note: 1: 2205 2: 3: Control MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.2.223.1_epp_Install.log'. MSI (s) (08:FC) [19:53:39:969]: Command Line: AMPRODUCT=MORRO DEPLOYOEMFILES=1 INSTALLDIR=C:\Program Files\Microsoft Security Client INSTALLDIRWOW64=C:\Program Files (x86)\Microsoft Security Client INSTALLNIS=0 MARKET=de-de MSMPAPPDATAFOLDER=C:\ProgramData\Microsoft\Microsoft Antimalware OEMMODE=0 PRESERVEWSCREGISTRATION=1 PRODUCTICON=@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100 PRODUCTLOCALIZEDNAME=@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000 PRODUCT_SKU=MSEv2 REBOOT=ReallySuppress REMEDIATIONEXE=C:\Program Files\Microsoft Security Client\msseces.exe SIGNATURECATEGORYID=6b9e8b26-8f50-44b9-94c6-7846084383ec WATCHECKDLL=C:\Program Files\Microsoft Security Client\mssewat.dll CURRENTDIRECTORY=d:\e7c248284070f03bb2c8732485aefe93\amd64 CLIENTUILEVEL=3 MSICLIENTUSESEXTERNALUI=1 CLIENTPROCESSID=3172 MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{1E0A59F2-CF88-4EF2-A092-12DE0A8E6E5A}'. MSI (s) (08:FC) [19:53:39:969]: Product Code passed to Engine.Initialize: '' MSI (s) (08:FC) [19:53:39:969]: Product Code from property table before transforms: '{D954C6C2-544B-4091-A47F-11E77162883E}' MSI (s) (08:FC) [19:53:39:969]: Product Code from property table after transforms: '{D954C6C2-544B-4091-A47F-11E77162883E}' MSI (s) (08:FC) [19:53:39:969]: Product not registered: beginning first-time install MSI (s) (08:FC) [19:53:39:969]: Product {D954C6C2-544B-4091-A47F-11E77162883E} is not managed. MSI (s) (08:FC) [19:53:39:969]: MSI_LUA: Credential prompt not required, user is an admin MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'. MSI (s) (08:FC) [19:53:39:969]: Entering CMsiConfigurationManager::SetLastUsedSource. MSI (s) (08:FC) [19:53:39:969]: User policy value 'SearchOrder' is 'nmu' MSI (s) (08:FC) [19:53:39:969]: Adding new sources is allowed. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'. MSI (s) (08:FC) [19:53:39:969]: Package name extracted from package path: 'epp.msi' MSI (s) (08:FC) [19:53:39:969]: Package to be registered: 'epp.msi' MSI (s) (08:FC) [19:53:39:969]: Note: 1: 2262 2: AdminProperties 3: -2147287038 MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'DisableMsi' is 0 MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'AlwaysInstallElevated' is 0 MSI (s) (08:FC) [19:53:39:969]: User policy value 'AlwaysInstallElevated' is 0 MSI (s) (08:FC) [19:53:39:969]: Product installation will be elevated because user is admin and product is being installed per-machine. MSI (s) (08:FC) [19:53:39:969]: Running product '{D954C6C2-544B-4091-A47F-11E77162883E}' with elevated privileges: Product is assigned. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding AMPRODUCT property. Its value is 'MORRO'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding DEPLOYOEMFILES property. Its value is '1'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files\Microsoft Security Client'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding INSTALLDIRWOW64 property. Its value is 'C:\Program Files (x86)\Microsoft Security Client'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding INSTALLNIS property. Its value is '0'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Modifying MARKET property. Its current value is 'ALL'. Its new value: 'de-de'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding MSMPAPPDATAFOLDER property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding OEMMODE property. Its value is '0'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding PRESERVEWSCREGISTRATION property. Its value is '1'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding PRODUCTICON property. Its value is '@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding PRODUCTLOCALIZEDNAME property. Its value is '@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding PRODUCT_SKU property. Its value is 'MSEv2'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding REMEDIATIONEXE property. Its value is 'C:\Program Files\Microsoft Security Client\msseces.exe'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding SIGNATURECATEGORYID property. Its value is '6b9e8b26-8f50-44b9-94c6-7846084383ec'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding WATCHECKDLL property. Its value is 'C:\Program Files\Microsoft Security Client\mssewat.dll'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'd:\e7c248284070f03bb2c8732485aefe93\amd64'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding MSICLIENTUSESEXTERNALUI property. Its value is '1'. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '3172'. MSI (s) (08:FC) [19:53:39:969]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0 MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '5e21f73a8786eb4aa89d2c869d2319fa'. MSI (s) (08:FC) [19:53:39:969]: RESTART MANAGER: Session opened. MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'. MSI (s) (08:FC) [19:53:39:969]: TRANSFORMS property is now: MSI (s) (08:FC) [19:53:39:969]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'. MSI (s) (08:FC) [19:53:39:969]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming MSI (s) (08:FC) [19:53:39:969]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\Favorites MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Network Shortcuts MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\Documents MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Printer Shortcuts MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Recent MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\SendTo MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Templates MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\ProgramData MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Local MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\Pictures MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup MSI (s) (08:FC) [19:53:39:979]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\Users\ASUS\Desktop MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates MSI (s) (08:FC) [19:53:39:989]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts MSI (s) (08:FC) [19:53:39:989]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16 MSI (s) (08:FC) [19:53:39:999]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated. MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'. MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'. MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'ASUS'. MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\809e05.msi'. MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'd:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi'. MSI (s) (08:FC) [19:53:39:999]: Machine policy value 'MsiDisableEmbeddedUI' is 0 MSI (s) (08:FC) [19:53:39:999]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI MSI (s) (08:FC) [19:53:39:999]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic install MSI (s) (08:FC) [19:53:39:999]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (08:FC) [19:53:39:999]: Machine policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:39:999]: User policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'. MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding MsiUISourceResOnly property. Its value is '1'. === Logging started: 22.04.2013 19:53:39 === MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'. MSI (s) (08:FC) [19:53:39:999]: Doing action: INSTALL Action start 19:53:39: INSTALL. MSI (s) (08:FC) [19:53:39:999]: Running ExecuteSequence MSI (s) (08:FC) [19:53:39:999]: Doing action: FindRelatedProducts Action start 19:53:39: FindRelatedProducts. MSI (s) (08:FC) [19:53:39:999]: Skipping action: PreventDowngrading (condition is false) MSI (s) (08:FC) [19:53:39:999]: Doing action: AppSearch Action ended 19:53:39: FindRelatedProducts. Return value 1. Action start 19:53:39: AppSearch. MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding DRWATSON20PATH property. Its value is '**********'. MSI (s) (08:FC) [19:53:39:999]: PROPERTY CHANGE: Adding FLTMGRREGVALUE property. Its value is '#1'. MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client Test\Setup 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties 3: 2 MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:39:999]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:40:009]: PROPERTY CHANGE: Adding MSI_INSTALLED property. Its value is 'C:\Windows\system32\msi.dll'. MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB914811 3: 2 MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB914882 3: 2 MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\EarlyLaunch 3: 2 MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1322 2: MSI (s) (08:FC) [19:53:40:009]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Essentials 3: 2 MSI (s) (08:FC) [19:53:40:009]: Skipping action: ApplyRegistryRollbackOnUpgrade (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: CorrectMissingMarket (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: CorrectMissingSku (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: SetAMPRODUCT_FCSProperty (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: SetAMPRODUCT_MORROProperty (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: SetAMPRODUCT_JUPITERProperty (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: SetAMPRODUCT_SCEPProperty (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: SetAMPRODUCT_EPPProperty (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: SetProperty_CheckActiveThreatsAndRebootRequiredForCleaning (condition is false) MSI (s) (08:FC) [19:53:40:009]: Skipping action: CheckActiveThreatsAndRebootRequiredForCleaning (condition is false) MSI (s) (08:FC) [19:53:40:009]: Doing action: LaunchConditions Action ended 19:53:40: AppSearch. Return value 1. Action start 19:53:40: LaunchConditions. MSI (s) (08:FC) [19:53:40:009]: Doing action: ValidateProductID Action ended 19:53:40: LaunchConditions. Return value 1. Action start 19:53:40: ValidateProductID. MSI (s) (08:FC) [19:53:40:009]: Doing action: SetMpAppDataSubDir Action ended 19:53:40: ValidateProductID. Return value 1. MSI (s) (08:FC) [19:53:40:009]: PROPERTY CHANGE: Adding MpAppDataSubDir property. Its value is 'Microsoft\Microsoft Antimalware'. Action start 19:53:40: SetMpAppDataSubDir. MSI (s) (08:FC) [19:53:40:009]: Doing action: SetMpAppDataDir Action ended 19:53:40: SetMpAppDataSubDir. Return value 1. MSI (s) (08:B4) [19:53:40:019]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9E84.tmp, Entrypoint: SetMpAppDataDir MSI (s) (08:9C) [19:53:40:019]: Generating random cookie. MSI (s) (08:9C) [19:53:40:019]: Created Custom Action Server with PID 3480 (0xD98). MSI (s) (08:F4) [19:53:40:039]: Running as a service. MSI (s) (08:F4) [19:53:40:039]: Hello, I'm your 64bit Impersonated custom action server. Action start 19:53:40: SetMpAppDataDir. WIXFXCA: SetMpAppDataDir: INFO: begin. MSI (s) (08!B4) [19:53:40:049]: PROPERTY CHANGE: Modifying MSMPAPPDATAFOLDER property. Its current value is 'C:\ProgramData\Microsoft\Microsoft Antimalware'. Its new value: 'C:\ProgramData\Microsoft\Microsoft Antimalware\'. WIXFXCA: SetMpAppDataDir: INFO: MSMPAPPDATAFOLDER is: C:\ProgramData\Microsoft\Microsoft Antimalware\ WIXFXCA: SetMpAppDataDir: INFO: end. MSI (s) (08:FC) [19:53:40:049]: Doing action: FindExistingConfigRoot Action ended 19:53:40: SetMpAppDataDir. Return value 1. MSI (s) (08:6C) [19:53:40:049]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9EB4.tmp, Entrypoint: RegistryFindKey Action start 19:53:40: FindExistingConfigRoot. WIXFXCA: RegistryFindKey: ERROR: UtilGetMsiComponentPath failed, code 0x80070490 WIXFXCA: RegistryFindKey: ERROR: RegistryFindKey failed, code 0x80070490 MSI (s) (08:FC) [19:53:40:059]: Doing action: SetRegistrySaveKeyParams Action ended 19:53:40: FindExistingConfigRoot. Return value 1. MSI (s) (08:FC) [19:53:40:059]: PROPERTY CHANGE: Adding RegistrySaveKeyParams property. Its value is 'RegBackupKey;HKLM;;HKLM;SOFTWARE\Microsoft\Microsoft Antimalware'. Action start 19:53:40: SetRegistrySaveKeyParams. MSI (s) (08:FC) [19:53:40:059]: Doing action: SetWellKnownSids Action ended 19:53:40: SetRegistrySaveKeyParams. Return value 1. MSI (s) (08:44) [19:53:40:059]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9EB5.tmp, Entrypoint: SetWellKnownSids Action start 19:53:40: SetWellKnownSids. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinNullSid property. Its value is 'NULL SID'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinWorldSid property. Its value is 'Jeder'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinLocalSid property. Its value is 'LOKAL'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinCreatorOwnerSid property. Its value is 'ERSTELLER-BESITZER'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinCreatorGroupSid property. Its value is 'ERSTELLERGRUPPE'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinCreatorOwnerServerSid property. Its value is 'ERSTELLER-BESITZER-SERVER'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinCreatorGroupServerSid property. Its value is 'ERSTELLER-GRUPPEN-SERVER'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinNtAuthoritySid property. Its value is 'NT-Pseudodomäne'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinDialupSid property. Its value is 'DIALUP'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinNetworkSid property. Its value is 'NETZWERK'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinBatchSid property. Its value is 'BATCH'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinInteractiveSid property. Its value is 'INTERAKTIV'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinServiceSid property. Its value is 'DIENST'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinAnonymousSid property. Its value is 'ANONYMOUS-ANMELDUNG'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinProxySid property. Its value is 'PROXY'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinEnterpriseControllersSid property. Its value is 'DOMÄNENCONTROLLER DER ORGANISATION'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinSelfSid property. Its value is 'SELBST'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinAuthenticatedUserSid property. Its value is 'Authentifizierte Benutzer'. MSI (s) (08!30) [19:53:40:059]: PROPERTY CHANGE: Adding WinRestrictedCodeSid property. Its value is 'EINGESCHRÄNKTER ZUGRIFF'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinTerminalServerSid property. Its value is 'TERMINALSERVERBENUTZER'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinRemoteLogonIdSid property. Its value is 'INTERAKTIVE REMOTEANMELDUNG'. WIXFXCA: SetWellKnownSids: INFO: begin. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinLocalSystemSid property. Its value is 'SYSTEM'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinLocalServiceSid property. Its value is 'LOKALER DIENST'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinNetworkServiceSid property. Its value is 'NETZWERKDIENST'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinBuiltinDomainSid property. Its value is 'VORDEFINIERT'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinBuiltinAdministratorsSid property. Its value is 'Administratoren'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinBuiltinUsersSid property. Its value is 'Benutzer'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinBuiltinGuestsSid property. Its value is 'Gäste'. WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinLogonIdsSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinPowerUsersSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinAccountOperatorsSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinSystemOperatorsSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinPrintOperatorsSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinBackupOperatorsSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinReplicatorSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinPreWindows2000CompatibleAccessSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinRemoteDesktopUsersSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinNetworkConfigurationOperatorsSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountAdministratorSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountGuestSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountKrbtgtSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountDomainAdminsSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountDomainUsersSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountDomainGuestsSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountComputersSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountControllersSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountCertAdminsSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountSchemaAdminsSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountEnterpriseAdminsSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountPolicyAdminsSid) failed, hr = 0x80070057 MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinNTLMAuthenticationSid property. Its value is 'NTLM-Authentifizierung'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinDigestAuthenticationSid property. Its value is 'Digestauthentifizierung'. MSI (s) (08!30) [19:53:40:069]: PROPERTY CHANGE: Adding WinSChannelAuthenticationSid property. Its value is 'SChannel-Authentifizierung'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinThisOrganizationSid property. Its value is 'Diese Organisation'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinOtherOrganizationSid property. Its value is 'Andere Organisation'. WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountRasAndIasServersSid) failed, hr = 0x80070057 MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinBuiltinPerfMonitoringUsersSid property. Its value is 'Leistungsüberwachungsbenutzer'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinBuiltinPerfLoggingUsersSid property. Its value is 'Leistungsprotokollbenutzer'. WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinIncomingForestTrustBuildersSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinAuthorizationAccessSid) failed, hr = 0x80070534 MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinBuiltinDCOMUsersSid property. Its value is 'Distributed COM-Benutzer'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinBuiltinIUsersSid property. Its value is 'IIS_IUSRS'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinIUserSid property. Its value is 'IUSR'. WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinTerminalServerLicenseServersSid) failed, hr = 0x80070534 MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinUntrustedLabelSid property. Its value is 'Nicht vertrauenswürdige Verbindlichkeitsstufe'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinLowLabelSid property. Its value is 'Niedrige Verbindlichkeitsstufe'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinMediumLabelSid property. Its value is 'Mittlere Verbindlichkeitsstufe'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinHighLabelSid property. Its value is 'Hohe Verbindlichkeitsstufe'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinSystemLabelSid property. Its value is 'Systemverbindlichkeitsstufe'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinWriteRestrictedCodeSid property. Its value is 'SCHREIBEN EINGESCHRÄNKT'. MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinCreatorOwnerRightsSid property. Its value is 'EIGENTÜMERRECHTE'. WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinCryptoOperatorsSid) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinCacheablePrincipalsGroupSid) failed, hr = 0x80070057 MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinEnterpriseReadonlyControllersSid property. Its value is 'SCHREIBGESCHÜTZTE DOMÄNENCONTROLLER DER ORGANISATION BETA'. WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinNonCacheablePrincipalsGroupSid) failed, hr = 0x80070057 MSI (s) (08!30) [19:53:40:079]: PROPERTY CHANGE: Adding WinBuiltinEventLogReadersGroup property. Its value is 'Ereignisprotokollleser'. WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinAccountReadonlyControllersSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: CreateWellKnownSid(WinNewEnterpriseReadonlyControllersSid) failed, hr = 0x80070057 WIXFXCA: SetWellKnownSids: INFO: LookupAccountSidW(WinBuiltinCertSvcDComAccessGroup) failed, hr = 0x80070534 WIXFXCA: SetWellKnownSids: INFO: end. MSI (s) (08:FC) [19:53:40:079]: Doing action: SetARPInstallLocation Action ended 19:53:40: SetWellKnownSids. Return value 1. MSI (s) (08:FC) [19:53:40:079]: PROPERTY CHANGE: Adding ARPINSTALLLOCATION property. Its value is 'C:\Program Files\Microsoft Security Client'. Action start 19:53:40: SetARPInstallLocation. MSI (s) (08:FC) [19:53:40:079]: Doing action: CostInitialize Action ended 19:53:40: SetARPInstallLocation. Return value 1. MSI (s) (08:FC) [19:53:40:079]: Machine policy value 'MaxPatchCacheSize' is 10 MSI (s) (08:FC) [19:53:40:109]: Note: 1: 1336 2: 5 3: Q:\ MSI (s) (08:FC) [19:53:40:109]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'd:\'. MSI (s) (08:FC) [19:53:40:109]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'. MSI (s) (08:FC) [19:53:40:109]: Note: 1: 2205 2: 3: Patch MSI (s) (08:FC) [19:53:40:109]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (08:FC) [19:53:40:109]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (08:FC) [19:53:40:109]: Note: 1: 2205 2: 3: __MsiPatchFileList MSI (s) (08:FC) [19:53:40:109]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (08:FC) [19:53:40:109]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId` MSI (s) (08:FC) [19:53:40:109]: Note: 1: 2205 2: 3: Patch Action start 19:53:40: CostInitialize. MSI (s) (08:FC) [19:53:40:119]: Doing action: WixOP_FreshInstall_set Action ended 19:53:40: CostInitialize. Return value 1. MSI (s) (08:FC) [19:53:40:119]: PROPERTY CHANGE: Adding WixOP_FreshInstall property. Its value is 'Yes'. Action start 19:53:40: WixOP_FreshInstall_set. MSI (s) (08:FC) [19:53:40:119]: Skipping action: WixOP_Update_set (condition is false) MSI (s) (08:FC) [19:53:40:119]: Skipping action: WixOP_Remove_set (condition is false) MSI (s) (08:FC) [19:53:40:119]: Skipping action: WixOP_UpgradeInstall_set (condition is false) MSI (s) (08:FC) [19:53:40:119]: Skipping action: WixOP_UpgradeRemove_set (condition is false) MSI (s) (08:FC) [19:53:40:119]: Doing action: InstallOOBEComponentsPropertySet Action ended 19:53:40: WixOP_FreshInstall_set. Return value 1. MSI (s) (08:FC) [19:53:40:119]: PROPERTY CHANGE: Modifying InstallOOBEComponents property. Its current value is '0'. Its new value: '1'. Action start 19:53:40: InstallOOBEComponentsPropertySet. MSI (s) (08:FC) [19:53:40:119]: Skipping action: PreventDownlevelOEMInstall (condition is false) MSI (s) (08:FC) [19:53:40:119]: Doing action: CloseClient Action ended 19:53:40: InstallOOBEComponentsPropertySet. Return value 1. MSI (s) (08:08) [19:53:40:119]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9EF4.tmp, Entrypoint: CloseClientApp Action start 19:53:40: CloseClient. Custom Action Trace (CloseClientApp): Close client application - file path 'C:\Program Files\Microsoft Security Client\msseces.exe' Custom Action Trace (CloseProcess): Succeeded to close all processes MSI (s) (08:FC) [19:53:40:129]: Skipping action: CloseOOBEWizard (condition is false) MSI (s) (08:FC) [19:53:40:129]: Skipping action: OEMRegValuePropertySet (condition is false) MSI (s) (08:FC) [19:53:40:129]: Doing action: FileCost Action ended 19:53:40: CloseClient. Return value 1. MSI (s) (08:FC) [19:53:40:129]: Note: 1: 2205 2: 3: MsiAssembly MSI (s) (08:FC) [19:53:40:129]: Note: 1: 2205 2: 3: Class MSI (s) (08:FC) [19:53:40:129]: Note: 1: 2205 2: 3: Extension MSI (s) (08:FC) [19:53:40:129]: Note: 1: 2205 2: 3: TypeLib Action start 19:53:40: FileCost. MSI (s) (08:FC) [19:53:40:129]: Doing action: SetUserDefinedTargetFolder Action ended 19:53:40: FileCost. Return value 1. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\Program Files\Microsoft Security Client'. Action start 19:53:40: SetUserDefinedTargetFolder. MSI (s) (08:FC) [19:53:40:129]: Skipping action: SetWin8MetroUIShortcutDir (condition is false) MSI (s) (08:FC) [19:53:40:129]: Doing action: CostFinalize Action ended 19:53:40: SetUserDefinedTargetFolder. Return value 1. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'. MSI (s) (08:FC) [19:53:40:129]: Note: 1: 2205 2: 3: Patch MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Modifying TARGETDIR property. Its current value is 'C:\Program Files\Microsoft Security Client'. Its new value: 'C:\Program Files\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding USERPROFILE property. Its value is 'C:\Program Files\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding ALLUSERSPROFILE property. Its value is 'C:\Program Files\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding InfFolder property. Its value is 'C:\Windows\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding DriverFolder property. Its value is 'C:\Windows\system32\Drivers\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding System16Folder property. Its value is 'C:\Program Files\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding METROUISHORTCUTDIR property. Its value is 'C:\Program Files\Microsoft Security Client\Programs\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding HomeDir_Wow64 property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Modifying INSTALLDIRWOW64 property. Its current value is 'C:\Program Files (x86)\Microsoft Security Client'. Its new value: 'C:\Program Files (x86)\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_SR_LATN property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\SR-LATN-CS\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_ZH_TW property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\ZH-TW\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_ZH_CN property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\ZH-CN\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_VI_VN property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\VI-VN\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_UK_UA property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\UK-UA\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_TR_TR property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\TR-TR\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_TH_TH property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\TH-TH\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_SV_SE property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\SV-SE\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_SK_SK property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\SK-SK\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_RU_RU property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\RU-RU\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_RO_RO property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\RO-RO\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_PT_PT property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\PT-PT\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_PT_BR property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\PT-BR\'. MSI (s) (08:FC) [19:53:40:129]: PROPERTY CHANGE: Adding MuiLang_Wow64_PS_PS property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\qps-ploc\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_PS_MI property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\qps-plocm\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_PL_PL property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\PL-PL\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_NL_NL property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\NL-NL\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_NB_NO property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\NB-NO\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_LV_LV property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\LV-LV\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_KO_KR property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\KO-KR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_JA_JP property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\JA-JP\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_LT_LT property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\LT-LT\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_IT_IT property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\IT-IT\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_HU_HU property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\HU-HU\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_HR_HR property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\HR-HR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_FR_FR property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\FR-FR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_FI_FI property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\FI-FI\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_ET_EE property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\ET-EE\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_ES_ES property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\ES-ES\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_EL_GR property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\EL-GR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_DE_DE property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\DE-DE\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_DA_DK property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\DA-DK\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_CS_CZ property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\CS-CZ\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64_BG_BG property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\BG-BG\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_Wow64 property. Its value is 'C:\Program Files (x86)\Microsoft Security Client\en-US\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding HomeDir property. Its value is 'C:\Program Files\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding CleanStoreFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Clean Store\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding LocalCopyFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding TelemetryFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding SupportFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Support\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding ScanLocationFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding ScanHistoryFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding ScanResultsFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding ResultsSystemFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\System\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding ScanResourceFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding QuickResultsFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding ScanContextsFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Contexts\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding QuarantineLocationFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding SignatureRootFolder property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding Updates property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding Backup property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Modifying INSTALLDIR property. Its current value is 'C:\Program Files\Microsoft Security Client'. Its new value: 'C:\Program Files\Microsoft Security Client\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding Symbols property. Its value is 'C:\Program Files\Microsoft Security Client\Symbols\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding enus property. Its value is 'C:\Program Files\Microsoft Security Client\en-us\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_SR_LATN property. Its value is 'C:\Program Files\Microsoft Security Client\SR-LATN-CS\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_ZH_TW property. Its value is 'C:\Program Files\Microsoft Security Client\ZH-TW\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_ZH_CN property. Its value is 'C:\Program Files\Microsoft Security Client\ZH-CN\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_VI_VN property. Its value is 'C:\Program Files\Microsoft Security Client\VI-VN\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_UK_UA property. Its value is 'C:\Program Files\Microsoft Security Client\UK-UA\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_TR_TR property. Its value is 'C:\Program Files\Microsoft Security Client\TR-TR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_TH_TH property. Its value is 'C:\Program Files\Microsoft Security Client\TH-TH\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_SV_SE property. Its value is 'C:\Program Files\Microsoft Security Client\SV-SE\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_SK_SK property. Its value is 'C:\Program Files\Microsoft Security Client\SK-SK\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_RU_RU property. Its value is 'C:\Program Files\Microsoft Security Client\RU-RU\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_RO_RO property. Its value is 'C:\Program Files\Microsoft Security Client\RO-RO\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_PT_PT property. Its value is 'C:\Program Files\Microsoft Security Client\PT-PT\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_PT_BR property. Its value is 'C:\Program Files\Microsoft Security Client\PT-BR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_PS_PS property. Its value is 'C:\Program Files\Microsoft Security Client\qps-ploc\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_PS_MI property. Its value is 'C:\Program Files\Microsoft Security Client\qps-plocm\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_PL_PL property. Its value is 'C:\Program Files\Microsoft Security Client\PL-PL\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_NL_NL property. Its value is 'C:\Program Files\Microsoft Security Client\NL-NL\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_NB_NO property. Its value is 'C:\Program Files\Microsoft Security Client\NB-NO\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_LV_LV property. Its value is 'C:\Program Files\Microsoft Security Client\LV-LV\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_KO_KR property. Its value is 'C:\Program Files\Microsoft Security Client\KO-KR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_JA_JP property. Its value is 'C:\Program Files\Microsoft Security Client\JA-JP\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_LT_LT property. Its value is 'C:\Program Files\Microsoft Security Client\LT-LT\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_IT_IT property. Its value is 'C:\Program Files\Microsoft Security Client\IT-IT\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_HU_HU property. Its value is 'C:\Program Files\Microsoft Security Client\HU-HU\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_HR_HR property. Its value is 'C:\Program Files\Microsoft Security Client\HR-HR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_FR_FR property. Its value is 'C:\Program Files\Microsoft Security Client\FR-FR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_FI_FI property. Its value is 'C:\Program Files\Microsoft Security Client\FI-FI\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_ET_EE property. Its value is 'C:\Program Files\Microsoft Security Client\ET-EE\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_ES_ES property. Its value is 'C:\Program Files\Microsoft Security Client\ES-ES\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_EL_GR property. Its value is 'C:\Program Files\Microsoft Security Client\EL-GR\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_DE_DE property. Its value is 'C:\Program Files\Microsoft Security Client\DE-DE\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_DA_DK property. Its value is 'C:\Program Files\Microsoft Security Client\DA-DK\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_CS_CZ property. Its value is 'C:\Program Files\Microsoft Security Client\CS-CZ\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang_BG_BG property. Its value is 'C:\Program Files\Microsoft Security Client\BG-BG\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding DRIVERS property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding DRIVERBACKUP property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\Backup\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding NIS_DRIVER_Backup property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MPBOOT_Backup property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\Backup\MpBoot\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MPFILTER_Backup property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\Backup\mpfilter\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding NIS_DRIVER property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\NisDrv\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MPBOOT property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\MpBoot\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MPFILTER property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\mpfilter\'. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Adding MuiLang property. Its value is 'C:\Program Files\Microsoft Security Client\en-US\'. MSI (s) (08:FC) [19:53:40:139]: Target path resolution complete. Dumping Directory table... MSI (s) (08:FC) [19:53:40:139]: Note: target paths subject to change (via custom actions or browsing) MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: TARGETDIR , Object: C:\Program Files\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: NISDRIVERWFP_PREVIOUSVERSION , Object: NULL MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MPBOOT_PREVIOUSVERSION , Object: NULL MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MPFILTER_PREVIOUSVERSION , Object: NULL MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: DesktopFolder , Object: C:\Users\Public\Desktop\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ELAM_BACKUP_FOLDER , Object: NULL MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: USERPROFILE , Object: C:\Program Files\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ALLUSERSPROFILE , Object: C:\Program Files\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: WindowsFolder , Object: C:\Windows\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: InfFolder , Object: C:\Windows\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: TempFolder , Object: C:\Users\ASUS\AppData\Local\Temp\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: SystemFolder , Object: C:\Windows\SysWOW64\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: System64Folder , Object: C:\Windows\system32\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: DriverFolder , Object: C:\Windows\system32\Drivers\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: System16Folder , Object: C:\Program Files\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: StartMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: CommonFilesFolder , Object: C:\Program Files (x86)\Common Files\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: CommonFiles64Folder , Object: C:\Program Files\Common Files\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: METROUISHORTCUTDIR , Object: C:\Program Files\Microsoft Security Client\Programs\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ProgramMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ProgramFilesFolder , Object: C:\Program Files (x86)\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: HomeDir_Wow64 , Object: C:\Program Files (x86)\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: INSTALLDIRWOW64 , Object: C:\Program Files (x86)\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_SR_LATN , Object: C:\Program Files (x86)\Microsoft Security Client\SR-LATN-CS\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_ZH_TW , Object: C:\Program Files (x86)\Microsoft Security Client\ZH-TW\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_ZH_CN , Object: C:\Program Files (x86)\Microsoft Security Client\ZH-CN\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_VI_VN , Object: C:\Program Files (x86)\Microsoft Security Client\VI-VN\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_UK_UA , Object: C:\Program Files (x86)\Microsoft Security Client\UK-UA\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_TR_TR , Object: C:\Program Files (x86)\Microsoft Security Client\TR-TR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_TH_TH , Object: C:\Program Files (x86)\Microsoft Security Client\TH-TH\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_SV_SE , Object: C:\Program Files (x86)\Microsoft Security Client\SV-SE\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_SK_SK , Object: C:\Program Files (x86)\Microsoft Security Client\SK-SK\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_RU_RU , Object: C:\Program Files (x86)\Microsoft Security Client\RU-RU\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_RO_RO , Object: C:\Program Files (x86)\Microsoft Security Client\RO-RO\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_PT_PT , Object: C:\Program Files (x86)\Microsoft Security Client\PT-PT\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_PT_BR , Object: C:\Program Files (x86)\Microsoft Security Client\PT-BR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_PS_PS , Object: C:\Program Files (x86)\Microsoft Security Client\qps-ploc\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_PS_MI , Object: C:\Program Files (x86)\Microsoft Security Client\qps-plocm\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_PL_PL , Object: C:\Program Files (x86)\Microsoft Security Client\PL-PL\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_NL_NL , Object: C:\Program Files (x86)\Microsoft Security Client\NL-NL\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_NB_NO , Object: C:\Program Files (x86)\Microsoft Security Client\NB-NO\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_LV_LV , Object: C:\Program Files (x86)\Microsoft Security Client\LV-LV\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_KO_KR , Object: C:\Program Files (x86)\Microsoft Security Client\KO-KR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_JA_JP , Object: C:\Program Files (x86)\Microsoft Security Client\JA-JP\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_LT_LT , Object: C:\Program Files (x86)\Microsoft Security Client\LT-LT\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_IT_IT , Object: C:\Program Files (x86)\Microsoft Security Client\IT-IT\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_HU_HU , Object: C:\Program Files (x86)\Microsoft Security Client\HU-HU\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_HR_HR , Object: C:\Program Files (x86)\Microsoft Security Client\HR-HR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_FR_FR , Object: C:\Program Files (x86)\Microsoft Security Client\FR-FR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_FI_FI , Object: C:\Program Files (x86)\Microsoft Security Client\FI-FI\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_ET_EE , Object: C:\Program Files (x86)\Microsoft Security Client\ET-EE\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_ES_ES , Object: C:\Program Files (x86)\Microsoft Security Client\ES-ES\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_EL_GR , Object: C:\Program Files (x86)\Microsoft Security Client\EL-GR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_DE_DE , Object: C:\Program Files (x86)\Microsoft Security Client\DE-DE\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_DA_DK , Object: C:\Program Files (x86)\Microsoft Security Client\DA-DK\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_CS_CZ , Object: C:\Program Files (x86)\Microsoft Security Client\CS-CZ\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64_BG_BG , Object: C:\Program Files (x86)\Microsoft Security Client\BG-BG\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_Wow64 , Object: C:\Program Files (x86)\Microsoft Security Client\en-US\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ProgramFiles64Folder , Object: C:\Program Files\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: HomeDir , Object: C:\Program Files\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MSMPAPPDATAFOLDER , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: CleanStoreFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Clean Store\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: LocalCopyFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: TelemetryFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: SupportFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Support\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ScanLocationFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ScanHistoryFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ScanResultsFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ResultsSystemFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\System\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ScanResourceFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: QuickResultsFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: ScanContextsFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Contexts\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: QuarantineLocationFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: SignatureRootFolder , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: Updates , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: Backup , Object: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: INSTALLDIR , Object: C:\Program Files\Microsoft Security Client\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: Symbols , Object: C:\Program Files\Microsoft Security Client\Symbols\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: enus , Object: C:\Program Files\Microsoft Security Client\en-us\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_SR_LATN , Object: C:\Program Files\Microsoft Security Client\SR-LATN-CS\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_ZH_TW , Object: C:\Program Files\Microsoft Security Client\ZH-TW\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_ZH_CN , Object: C:\Program Files\Microsoft Security Client\ZH-CN\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_VI_VN , Object: C:\Program Files\Microsoft Security Client\VI-VN\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_UK_UA , Object: C:\Program Files\Microsoft Security Client\UK-UA\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_TR_TR , Object: C:\Program Files\Microsoft Security Client\TR-TR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_TH_TH , Object: C:\Program Files\Microsoft Security Client\TH-TH\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_SV_SE , Object: C:\Program Files\Microsoft Security Client\SV-SE\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_SK_SK , Object: C:\Program Files\Microsoft Security Client\SK-SK\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_RU_RU , Object: C:\Program Files\Microsoft Security Client\RU-RU\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_RO_RO , Object: C:\Program Files\Microsoft Security Client\RO-RO\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_PT_PT , Object: C:\Program Files\Microsoft Security Client\PT-PT\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_PT_BR , Object: C:\Program Files\Microsoft Security Client\PT-BR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_PS_PS , Object: C:\Program Files\Microsoft Security Client\qps-ploc\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_PS_MI , Object: C:\Program Files\Microsoft Security Client\qps-plocm\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_PL_PL , Object: C:\Program Files\Microsoft Security Client\PL-PL\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_NL_NL , Object: C:\Program Files\Microsoft Security Client\NL-NL\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_NB_NO , Object: C:\Program Files\Microsoft Security Client\NB-NO\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_LV_LV , Object: C:\Program Files\Microsoft Security Client\LV-LV\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_KO_KR , Object: C:\Program Files\Microsoft Security Client\KO-KR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_JA_JP , Object: C:\Program Files\Microsoft Security Client\JA-JP\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_LT_LT , Object: C:\Program Files\Microsoft Security Client\LT-LT\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_IT_IT , Object: C:\Program Files\Microsoft Security Client\IT-IT\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_HU_HU , Object: C:\Program Files\Microsoft Security Client\HU-HU\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_HR_HR , Object: C:\Program Files\Microsoft Security Client\HR-HR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_FR_FR , Object: C:\Program Files\Microsoft Security Client\FR-FR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_FI_FI , Object: C:\Program Files\Microsoft Security Client\FI-FI\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_ET_EE , Object: C:\Program Files\Microsoft Security Client\ET-EE\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_ES_ES , Object: C:\Program Files\Microsoft Security Client\ES-ES\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_EL_GR , Object: C:\Program Files\Microsoft Security Client\EL-GR\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_DE_DE , Object: C:\Program Files\Microsoft Security Client\DE-DE\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_DA_DK , Object: C:\Program Files\Microsoft Security Client\DA-DK\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_CS_CZ , Object: C:\Program Files\Microsoft Security Client\CS-CZ\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang_BG_BG , Object: C:\Program Files\Microsoft Security Client\BG-BG\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: DRIVERS , Object: C:\Program Files\Microsoft Security Client\Drivers\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: DRIVERBACKUP , Object: C:\Program Files\Microsoft Security Client\Drivers\Backup\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: NIS_DRIVER_Backup , Object: C:\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MPBOOT_Backup , Object: C:\Program Files\Microsoft Security Client\Drivers\Backup\MpBoot\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MPFILTER_Backup , Object: C:\Program Files\Microsoft Security Client\Drivers\Backup\mpfilter\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: NIS_DRIVER , Object: C:\Program Files\Microsoft Security Client\Drivers\NisDrv\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MPBOOT , Object: C:\Program Files\Microsoft Security Client\Drivers\MpBoot\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MPFILTER , Object: C:\Program Files\Microsoft Security Client\Drivers\mpfilter\ MSI (s) (08:FC) [19:53:40:139]: Dir (target): Key: MuiLang , Object: C:\Program Files\Microsoft Security Client\en-US\ MSI (s) (08:FC) [19:53:40:139]: Note: 1: 2205 2: 3: MsiAssembly MSI (s) (08:FC) [19:53:40:139]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ? Action start 19:53:40: CostFinalize. MSI (s) (08:FC) [19:53:40:139]: Skipping action: MigrateFeatureStates (condition is false) MSI (s) (08:FC) [19:53:40:139]: Doing action: InstallValidate Action ended 19:53:40: CostFinalize. Return value 1. MSI (s) (08:FC) [19:53:40:139]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is '5e21f73a8786eb4aa89d2c869d2319fa'. MSI (s) (08:FC) [19:53:40:139]: Note: 1: 2205 2: 3: Dialog MSI (s) (08:FC) [19:53:40:139]: Feature: NIS; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: EppOobe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: MpUxSrvOob; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:139]: Feature: UACSupport; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: MSMPService; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: LocFiles; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: NIS_FEATURE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: EppBody; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: EppLocFullBody; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Feature: BootStrapper; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpComDllPreVista; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpComDllVista; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpComAppIdRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpComDllWin7; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: INSTALLDIRLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MalwareProtectionKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: InstallLocationRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ProductAppDataPathRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: BetaPlatformRegistry; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: NotificationExeRegistry; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: ThrottlingIntervalRegistry; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: ServiceHardeningFlagsRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ProductIconRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ProductLocalizedNameRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: RemediationExeRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: WatCheckDllRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SignatureCategoryIdRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: RealTimeProtectionKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ScanKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: EnableTrustedImageRegistry; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: QuarantineKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ReportingKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SignatureUpdatesKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SpyNetKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SpyNetReportingLocationRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ThreatsKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ThreatIDDefaultActionKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ThreatSeverityDefaultActionKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ExclusionsKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ExclusionsExtensionsKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ExclusionsPathsKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ExclusionsTempPathsKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ExclusionsProcessesKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: UXConfigurationKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MiscellaneousConfigurationKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpEngineKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SavePRODUCTICON; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SavePRODUCTLOCALIZEDNAME; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SaveREMEDIATIONEXE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SaveSIGNATURECATEGORYID; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SavePRODUCT_SKU; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SaveINSTALLDIR; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SaveWATCHECKDLL; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SaveMARKET; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SaveNOTIFICATIONEXE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: SaveTHROTTLINGINTERVAL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: NisSkuDiffRegistryComponent; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpAppDataLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpSignatureLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpSignatureLocationBackup; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpSignatureLocationUpdates; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpQuarantineLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpScanLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpSupportLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpTelemetryLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpLocalCopyLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpCleanStoreLocation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MalwareProtectionKeyRegistry_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: InstallLocationRegistry_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: EventDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAVDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV1Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV2Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV3Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV4Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV5Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV6Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV7Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAvPolicyKeyRegistry_PreVista; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAvPolicyKeyRegistry_Vista; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAVDll_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV6_Wow64Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAV7_Wow64Registry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAvPolicyKeyWow64Registry_PreVista; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: OfficeAvPolicyKeyWow64Registry_Vista; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: DbgHelp.dll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SymSrv.dll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SymSrv.yes; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpRtMonDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SampleSubmissionEventKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SampleSubmissionEventMessageFileRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SampleSubmissionTypesSupportedRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: AntimalwareService; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpSvcDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpClientDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpCommuDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpCmdRunExe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MinimalSafeBootKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MinimalSafeBootEntryRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NetworkSafeBootKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NetworkSafeBootEntryRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: EventSourceKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ServiceEventMessageFileRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ServiceParameterMessageFileRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: EventTypeFlagRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ServiceKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ServiceSidTypeRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ServiceRequiredPrivilegesRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpClientDll_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpCommuDll_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MPFILTER; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: FLTRMGR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpBoot; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpTpmAttDll; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: FCS_MsMpLicsDll; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: FCS_MsMpLicsDll_Wow64; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MORRO_MsMpLicsDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: EdtRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MORRO_MsMpLicsDll_Wow64; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: JUPITER_MsMpLicsDll; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: JUPITER_MsMpLicsDll_Wow64; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: SCEP_MsMpLicsDll; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: SCEP_MsMpLicsDll_Wow64; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EPP_MsMpLicsDll; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EPP_MsMpLicsDll_Wow64; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_DE_DE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_DE_DE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDll_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: EventDllMui_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDllMui_Wow64_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_DE_DE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MpAsDescDll_Wow64_SR_LATN; Installed: Absent; Request: Local; Action: Null |
29.04.2013, 22:25 | #10 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet MSI (s) (08:FC) [19:53:40:139]: Component: NisSrv; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisSvcSID; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisIpsPlugin; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisWFP; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisLog; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisDriverWFP; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: mssecesExe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: shellext; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsseWat; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMui_ENUS; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_ENUS; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: StartupKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: RemoveEppRegKeyOnUninstall; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry1; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry2; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry3; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry4; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry5; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry6; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry7; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry8; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry9; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry10; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry11; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry12; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionCom; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionFilesAccosiation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionDirAccosiation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionDriveAccosiation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionApproved; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_MSE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_FEP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_SCEP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_INTUNE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_EPP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_MSEPrerelease; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: CleanUpMseV1Shortcuts; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: OOBEKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SysprepMSECleanup; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry1; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry2; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry3; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry4; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry5; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry6; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry7; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry8; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry9; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry10; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry11; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry12; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: msseoobeexe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: msseooberes; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MSESysprep; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: msseooberesMui_ENUS; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: Market; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_DE_DE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupRes.dll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: Setup.exe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: SqmApi.dll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForMse; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForFep; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForScep; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForIntune; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForEpp; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForMsePrerelease; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_EN_US; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MpUxSrvOobExe; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: mpuxhostproxyoob; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MpUxHostClsid; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MpUxHostAppId; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MPFILTER65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MPFILTER66; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot66; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot67; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NisDriverWFP65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __CleanUpMseV1Shortcuts65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __CleanUpMseV1Shortcuts66; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MPFILTER67; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot68; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NisDriverWFP66; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpComDllVista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpComAppIdRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MalwareProtectionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __InstallLocationRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ProductAppDataPathRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __BetaPlatformRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NotificationExeRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __ThrottlingIntervalRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceHardeningFlagsRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ProductIconRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ProductLocalizedNameRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __RemediationExeRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __WatCheckDllRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SignatureCategoryIdRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __RealTimeProtectionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ScanKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __EnableTrustedImageRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __QuarantineKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ReportingKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SignatureUpdatesKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SpyNetKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SpyNetReportingLocationRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ThreatsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ThreatIDDefaultActionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ThreatSeverityDefaultActionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsExtensionsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsPathsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsTempPathsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsProcessesKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __UXConfigurationKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MiscellaneousConfigurationKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpEngineKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SavePRODUCTICON65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SavePRODUCTLOCALIZEDNAME65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveREMEDIATIONEXE65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveSIGNATURECATEGORYID65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SavePRODUCT_SKU65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveINSTALLDIR65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveWATCHECKDLL65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveMARKET65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveNOTIFICATIONEXE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __SaveTHROTTLINGINTERVAL65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NisSkuDiffRegistryComponent65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MalwareProtectionKeyRegistry_Wow6465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __InstallLocationRegistry_Wow6465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV1Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV2Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV3Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV4Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV5Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV6Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV7Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyRegistry_PreVista65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyRegistry_Vista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyWow64Registry_PreVista65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyWow64Registry_Vista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SampleSubmissionEventKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SampleSubmissionEventMessageFileRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SampleSubmissionTypesSupportedRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MinimalSafeBootKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MinimalSafeBootEntryRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __NetworkSafeBootKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __NetworkSafeBootEntryRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __EventSourceKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceEventMessageFileRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceParameterMessageFileRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __EventTypeFlagRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceSidTypeRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceRequiredPrivilegesRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __FLTRMGR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __EdtRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __NisSvcSID65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __StartupKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry365; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry565; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry665; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry765; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry865; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry965; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry1065; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry1165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry1265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionCom65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionFilesAccosiation65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionDirAccosiation65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionDriveAccosiation65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionApproved65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_MSE65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_FEP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_SCEP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_INTUNE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_EPP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_MSEPrerelease65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SysprepMSECleanup65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry365; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry565; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry665; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry765; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry865; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry965; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry1065; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry1165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry1265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __Market65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpUxHostClsid65; Installed: Null; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MpUxHostAppId65; Installed: Null; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpComDllPreVista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAVDll65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAVDll_Wow6465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV6_Wow64Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV7_Wow64Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDll65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_BG_BG65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_CS_CZ65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_DA_DK65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_DE_DE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_EL_GR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ES_ES65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ET_EE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_FI_FI65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_FR_FR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_HR_HR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_HU_HU65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_IT_IT65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_LT_LT65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_JA_JP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_KO_KR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_LV_LV65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_NB_NO65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_NL_NL65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PL_PL65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PS_PS65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PS_MI65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PT_BR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PT_PT65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_RO_RO65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_RU_RU65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_SK_SK65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_SV_SE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_TH_TH65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_TR_TR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_UK_UA65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_VI_VN65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ZH_CN65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ZH_TW65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_SR_LATN65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __mpuxhostproxyoob65; Installed: Null; Request: Null; Action: Null Action start 19:53:40: InstallValidate. MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: BindImage MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: ProgId MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: SelfReg MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: Extension MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: Font MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: Class MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: TypeLib MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: _RemoveFilePath MSI (s) (08:FC) [19:53:40:189]: Note: 1: 2756 2: MPFILTER_PREVIOUSVERSION MSI (s) (08:FC) [19:53:40:189]: Note: 1: 2756 2: NISDRIVERWFP_PREVIOUSVERSION MSI (s) (08:FC) [19:53:40:199]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'. MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: BindImage MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: ProgId MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: SelfReg MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: Extension MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: Font MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: Class MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: TypeLib MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2727 2: MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: FilesInUse MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2727 2: MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceName Action ended 19:53:40: InstallValidate. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Adding NISService property. Its value is 'Network Inspection System'. Action start 19:53:40: NISServiceName. MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceDesc Action ended 19:53:40: NISServiceName. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Adding NISServiceDesc property. Its value is 'NIS helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols'. Action start 19:53:40: NISServiceDesc. MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceNameLoc Action ended 19:53:40: NISServiceDesc. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Modifying NISService property. Its current value is 'Network Inspection System'. Its new value: '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243'. Action start 19:53:40: NISServiceNameLoc. MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceDescLoc Action ended 19:53:40: NISServiceNameLoc. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Modifying NISServiceDesc property. Its current value is 'NIS helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols'. Its new value: '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-242'. Action start 19:53:40: NISServiceDescLoc. MSI (s) (08:FC) [19:53:40:209]: Doing action: SaveInstallLocation Action ended 19:53:40: NISServiceDescLoc. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Modifying ARPINSTALLLOCATION property. Its current value is 'C:\Program Files\Microsoft Security Client'. Its new value: 'C:\Program Files\Microsoft Security Client\'. Action start 19:53:40: SaveInstallLocation. MSI (s) (08:FC) [19:53:40:209]: Doing action: StopRunningProcessW Action ended 19:53:40: SaveInstallLocation. Return value 1. MSI (s) (08:F4) [19:53:40:219]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9F53.tmp, Entrypoint: StopRunningProcessW MSI (s) (08!30) [19:53:40:219]: PROPERTY CHANGE: Deleting StopProcessList property. Its current value is 'MSASCui.exe MpCmdRun.exe'. Action start 19:53:40: StopRunningProcessW. MSI (s) (08:FC) [19:53:40:219]: Skipping action: SaveRegKey (condition is false) MSI (s) (08:FC) [19:53:40:219]: Skipping action: SaveSignaturesProperty (condition is false) MSI (s) (08:FC) [19:53:40:219]: Skipping action: SaveSignatures (condition is false) MSI (s) (08:FC) [19:53:40:219]: Skipping action: ServiceDescriptionPreVistaProperty (condition is false) MSI (s) (08:FC) [19:53:40:219]: Doing action: ServiceDescriptionPostVistaProperty Action ended 19:53:40: StopRunningProcessW. Return value 1. MSI (s) (08:FC) [19:53:40:219]: PROPERTY CHANGE: Adding ServiceDescription property. Its value is '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-240'. Action start 19:53:40: ServiceDescriptionPostVistaProperty. MSI (s) (08:FC) [19:53:40:229]: Doing action: UpgradeParamsAction Action ended 19:53:40: ServiceDescriptionPostVistaProperty. Return value 1. MSI (s) (08:FC) [19:53:40:229]: PROPERTY CHANGE: Adding UpgradeParams property. Its value is 'MSIRESTARTMANAGERCONTROL=DisableShutdown'. Action start 19:53:40: UpgradeParamsAction. MSI (s) (08:FC) [19:53:40:229]: Doing action: RemoveExistingProducts Action ended 19:53:40: UpgradeParamsAction. Return value 1. Action start 19:53:40: RemoveExistingProducts. MSI (s) (08:FC) [19:53:40:229]: Doing action: InstallInitialize Action ended 19:53:40: RemoveExistingProducts. Return value 1. MSI (s) (08:FC) [19:53:40:229]: Machine policy value 'AlwaysInstallElevated' is 0 MSI (s) (08:FC) [19:53:40:229]: User policy value 'AlwaysInstallElevated' is 0 MSI (s) (08:FC) [19:53:40:229]: BeginTransaction: Locking Server MSI (s) (08:FC) [19:53:40:229]: SRSetRestorePoint skipped for this transaction. MSI (s) (08:FC) [19:53:40:229]: Server not locked: locking for product {D954C6C2-544B-4091-A47F-11E77162883E} Action start 19:53:40: InstallInitialize. MSI (s) (08:FC) [19:53:40:309]: Doing action: AllocateRegistrySpace Action ended 19:53:40: InstallInitialize. Return value 1. Action start 19:53:40: AllocateRegistrySpace. MSI (s) (08:FC) [19:53:40:309]: Doing action: ProcessComponents Action ended 19:53:40: AllocateRegistrySpace. Return value 1. MSI (s) (08:FC) [19:53:40:309]: Note: 1: 2205 2: 3: MsiPatchCertificate MSI (s) (08:FC) [19:53:40:309]: LUA patching is disabled: missing MsiPatchCertificate table MSI (s) (08:FC) [19:53:40:309]: Resolving source. MSI (s) (08:FC) [19:53:40:309]: Resolving source to launched-from source. MSI (s) (08:FC) [19:53:40:309]: Setting launched-from source as last-used. MSI (s) (08:FC) [19:53:40:319]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'd:\e7c248284070f03bb2c8732485aefe93\amd64\'. MSI (s) (08:FC) [19:53:40:319]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'd:\e7c248284070f03bb2c8732485aefe93\amd64\'. MSI (s) (08:FC) [19:53:40:319]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{D954C6C2-544B-4091-A47F-11E77162883E}'. MSI (s) (08:FC) [19:53:40:319]: SOURCEDIR ==> d:\e7c248284070f03bb2c8732485aefe93\amd64\ MSI (s) (08:FC) [19:53:40:319]: SOURCEDIR product ==> {D954C6C2-544B-4091-A47F-11E77162883E} MSI (s) (08:FC) [19:53:40:319]: Determining source type MSI (s) (08:FC) [19:53:40:319]: Source type from package 'epp.msi': 2 Action start 19:53:40: ProcessComponents. MSI (s) (08:FC) [19:53:40:319]: Source path resolution complete. Dumping Directory table... MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: TARGETDIR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: NISDRIVERWFP_PREVIOUSVERSION , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPBOOT_PREVIOUSVERSION , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPFILTER_PREVIOUSVERSION , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DesktopFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ELAM_BACKUP_FOLDER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: USERPROFILE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: UserProfile\ , ShortSubPath: qufaqbwx\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ALLUSERSPROFILE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: All Users\ , ShortSubPath: wmi4_ebl\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: WindowsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Windows\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: InfFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Windows\Inf\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: TempFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Temp\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: SystemFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System32\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: System64Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System64\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DriverFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System64\Drivers\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: System16Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: StartMenuFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Start Menu\ , ShortSubPath: fcntkxtr\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: CommonFilesFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Common Files\ , ShortSubPath: plrigd-r\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: CommonFiles64Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Common Files\ , ShortSubPath: plrigd-r\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: METROUISHORTCUTDIR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Programs\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ProgramMenuFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Programs\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ProgramFilesFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\ , ShortSubPath: xlqr-nev\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: HomeDir_Wow64 , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\m8czvycy\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: INSTALLDIRWOW64 , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\m8czvycy\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_SR_LATN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SR-LATN-CS\ , ShortSubPath: xlqr-nev\m8czvycy\h51lwlpd\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ZH_TW , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-TW\ , ShortSubPath: xlqr-nev\m8czvycy\ZH-TW\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ZH_CN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-CN\ , ShortSubPath: xlqr-nev\m8czvycy\ZH-CN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_VI_VN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\VI-VN\ , ShortSubPath: xlqr-nev\m8czvycy\VI-VN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_UK_UA , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\UK-UA\ , ShortSubPath: xlqr-nev\m8czvycy\UK-UA\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_TR_TR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TR-TR\ , ShortSubPath: xlqr-nev\m8czvycy\TR-TR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_TH_TH , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TH-TH\ , ShortSubPath: xlqr-nev\m8czvycy\TH-TH\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_SV_SE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SV-SE\ , ShortSubPath: xlqr-nev\m8czvycy\SV-SE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_SK_SK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SK-SK\ , ShortSubPath: xlqr-nev\m8czvycy\SK-SK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_RU_RU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RU-RU\ , ShortSubPath: xlqr-nev\m8czvycy\RU-RU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_RO_RO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RO-RO\ , ShortSubPath: xlqr-nev\m8czvycy\RO-RO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PT_PT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-PT\ , ShortSubPath: xlqr-nev\m8czvycy\PT-PT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PT_BR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-BR\ , ShortSubPath: xlqr-nev\m8czvycy\PT-BR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PS_PS , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-ploc\ , ShortSubPath: xlqr-nev\m8czvycy\qps-ploc\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PS_MI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-plocm\ , ShortSubPath: xlqr-nev\m8czvycy\a8w0bn4w\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PL_PL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PL-PL\ , ShortSubPath: xlqr-nev\m8czvycy\PL-PL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_NL_NL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NL-NL\ , ShortSubPath: xlqr-nev\m8czvycy\NL-NL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_NB_NO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NB-NO\ , ShortSubPath: xlqr-nev\m8czvycy\NB-NO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_LV_LV , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LV-LV\ , ShortSubPath: xlqr-nev\m8czvycy\LV-LV\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_KO_KR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\KO-KR\ , ShortSubPath: xlqr-nev\m8czvycy\KO-KR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_JA_JP , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\JA-JP\ , ShortSubPath: xlqr-nev\m8czvycy\JA-JP\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_LT_LT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LT-LT\ , ShortSubPath: xlqr-nev\m8czvycy\LT-LT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_IT_IT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\IT-IT\ , ShortSubPath: xlqr-nev\m8czvycy\IT-IT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_HU_HU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HU-HU\ , ShortSubPath: xlqr-nev\m8czvycy\HU-HU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_HR_HR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HR-HR\ , ShortSubPath: xlqr-nev\m8czvycy\HR-HR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_FR_FR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FR-FR\ , ShortSubPath: xlqr-nev\m8czvycy\FR-FR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_FI_FI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FI-FI\ , ShortSubPath: xlqr-nev\m8czvycy\FI-FI\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ET_EE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ET-EE\ , ShortSubPath: xlqr-nev\m8czvycy\ET-EE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ES_ES , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ES-ES\ , ShortSubPath: xlqr-nev\m8czvycy\ES-ES\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_EL_GR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\EL-GR\ , ShortSubPath: xlqr-nev\m8czvycy\EL-GR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_DE_DE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DE-DE\ , ShortSubPath: xlqr-nev\m8czvycy\DE-DE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_DA_DK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DA-DK\ , ShortSubPath: xlqr-nev\m8czvycy\DA-DK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_CS_CZ , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\CS-CZ\ , ShortSubPath: xlqr-nev\m8czvycy\CS-CZ\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_BG_BG , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\BG-BG\ , ShortSubPath: xlqr-nev\m8czvycy\BG-BG\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64 , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\en-US\ , ShortSubPath: xlqr-nev\m8czvycy\en-US\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ProgramFiles64Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\ , ShortSubPath: xlqr-nev\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: HomeDir , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\elklmiub\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MSMPAPPDATAFOLDER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: CleanStoreFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Clean Store\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\ukpdwarq\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: LocalCopyFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\LocalCopy\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\gtcuy76i\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: TelemetryFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Telemetry\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\sgdlxkhc\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: SupportFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Support\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Support\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanLocationFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanHistoryFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanResultsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ResultsSystemFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\System\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\System\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanResourceFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\Resource\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\Resource\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: QuickResultsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\Quick\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\Quick\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanContextsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Contexts\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Contexts\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: QuarantineLocationFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Quarantine\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\gjvl_czl\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: SignatureRootFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Definition Updates\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\8jo7mts4\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: Updates , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Definition Updates\Updates\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\8jo7mts4\Updates\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Definition Updates\Backup\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\8jo7mts4\Backup\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: INSTALLDIR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\elklmiub\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: Symbols , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Symbols\ , ShortSubPath: xlqr-nev\elklmiub\Symbols\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: enus , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\en-us\ , ShortSubPath: xlqr-nev\elklmiub\en-us\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_SR_LATN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SR-LATN-CS\ , ShortSubPath: xlqr-nev\elklmiub\wfev8rkh\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ZH_TW , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-TW\ , ShortSubPath: xlqr-nev\elklmiub\ZH-TW\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ZH_CN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-CN\ , ShortSubPath: xlqr-nev\elklmiub\ZH-CN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_VI_VN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\VI-VN\ , ShortSubPath: xlqr-nev\elklmiub\VI-VN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_UK_UA , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\UK-UA\ , ShortSubPath: xlqr-nev\elklmiub\UK-UA\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_TR_TR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TR-TR\ , ShortSubPath: xlqr-nev\elklmiub\TR-TR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_TH_TH , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TH-TH\ , ShortSubPath: xlqr-nev\elklmiub\TH-TH\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_SV_SE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SV-SE\ , ShortSubPath: xlqr-nev\elklmiub\SV-SE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_SK_SK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SK-SK\ , ShortSubPath: xlqr-nev\elklmiub\SK-SK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_RU_RU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RU-RU\ , ShortSubPath: xlqr-nev\elklmiub\RU-RU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_RO_RO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RO-RO\ , ShortSubPath: xlqr-nev\elklmiub\RO-RO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PT_PT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-PT\ , ShortSubPath: xlqr-nev\elklmiub\PT-PT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PT_BR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-BR\ , ShortSubPath: xlqr-nev\elklmiub\PT-BR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PS_PS , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-ploc\ , ShortSubPath: xlqr-nev\elklmiub\qps-ploc\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PS_MI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-plocm\ , ShortSubPath: xlqr-nev\elklmiub\o4uffi-h\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PL_PL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PL-PL\ , ShortSubPath: xlqr-nev\elklmiub\PL-PL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_NL_NL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NL-NL\ , ShortSubPath: xlqr-nev\elklmiub\NL-NL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_NB_NO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NB-NO\ , ShortSubPath: xlqr-nev\elklmiub\NB-NO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_LV_LV , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LV-LV\ , ShortSubPath: xlqr-nev\elklmiub\LV-LV\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_KO_KR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\KO-KR\ , ShortSubPath: xlqr-nev\elklmiub\KO-KR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_JA_JP , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\JA-JP\ , ShortSubPath: xlqr-nev\elklmiub\JA-JP\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_LT_LT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LT-LT\ , ShortSubPath: xlqr-nev\elklmiub\LT-LT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_IT_IT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\IT-IT\ , ShortSubPath: xlqr-nev\elklmiub\IT-IT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_HU_HU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HU-HU\ , ShortSubPath: xlqr-nev\elklmiub\HU-HU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_HR_HR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HR-HR\ , ShortSubPath: xlqr-nev\elklmiub\HR-HR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_FR_FR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FR-FR\ , ShortSubPath: xlqr-nev\elklmiub\FR-FR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_FI_FI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FI-FI\ , ShortSubPath: xlqr-nev\elklmiub\FI-FI\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ET_EE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ET-EE\ , ShortSubPath: xlqr-nev\elklmiub\ET-EE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ES_ES , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ES-ES\ , ShortSubPath: xlqr-nev\elklmiub\ES-ES\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_EL_GR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\EL-GR\ , ShortSubPath: xlqr-nev\elklmiub\EL-GR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_DE_DE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DE-DE\ , ShortSubPath: xlqr-nev\elklmiub\DE-DE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_DA_DK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DA-DK\ , ShortSubPath: xlqr-nev\elklmiub\DA-DK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_CS_CZ , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\CS-CZ\ , ShortSubPath: xlqr-nev\elklmiub\CS-CZ\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_BG_BG , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\BG-BG\ , ShortSubPath: xlqr-nev\elklmiub\BG-BG\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DRIVERS , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DRIVERBACKUP , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: NIS_DRIVER_Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\NisDrv\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPBOOT_Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\MpBoot\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\MpBoot\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPFILTER_Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\mpfilter\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\mpfilter\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: NIS_DRIVER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\NisDrv\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\NisDrv\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPBOOT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\MpBoot\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\MpBoot\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPFILTER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\mpfilter\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\mpfilter\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\en-US\ , ShortSubPath: xlqr-nev\elklmiub\en-US\ MSI (s) (08:FC) [19:53:40:379]: Doing action: UnpublishComponents Action ended 19:53:40: ProcessComponents. Return value 1. MSI (s) (08:FC) [19:53:40:379]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:379]: Note: 1: 2228 2: 3: PublishComponent 4: SELECT `PublishComponent`.`ComponentId`, `PublishComponent`.`Qualifier`, `PublishComponent`.`AppData`, `Feature`, `Component`.`ComponentId`, `Component`.`RuntimeFlags` FROM `PublishComponent`, `Component`, `Feature` WHERE `PublishComponent`.`Component_` = `Component`.`Component` AND `PublishComponent`.`Feature_` = `Feature`.`Feature` AND (`Feature`.`Action` = 0 OR ((`Feature`.`Action` = NULL OR `Feature`.`Action` = 3) AND `Component`.`Action` = 0 AND (`Feature`.`Installed` = 1 OR `Feature`.`Installed` = 2))) Action start 19:53:40: UnpublishComponents. MSI (s) (08:FC) [19:53:40:379]: Doing action: UnpublishFeatures Action ended 19:53:40: UnpublishComponents. Return value 0. Action start 19:53:40: UnpublishFeatures. MSI (s) (08:FC) [19:53:40:379]: Skipping action: RemoveServiceHardeningProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: RemoveServiceHardening (condition is false) MSI (s) (08:FC) [19:53:40:379]: Doing action: StopServices Action ended 19:53:40: UnpublishFeatures. Return value 1. Action start 19:53:40: StopServices. MSI (s) (08:FC) [19:53:40:379]: Skipping action: UnregisterWscProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UnregisterWsc (condition is false) MSI (s) (08:FC) [19:53:40:379]: Doing action: DeleteScheduledTasksProperty Action ended 19:53:40: StopServices. Return value 1. MSI (s) (08:FC) [19:53:40:379]: PROPERTY CHANGE: Adding DeleteScheduledTasks property. Its value is 'Microsoft\Microsoft Antimalware'. Action start 19:53:40: DeleteScheduledTasksProperty. MSI (s) (08:FC) [19:53:40:379]: Doing action: DeleteScheduledTasks Action ended 19:53:40: DeleteScheduledTasksProperty. Return value 1. Action start 19:53:40: DeleteScheduledTasks. MSI (s) (08:FC) [19:53:40:379]: Doing action: DeleteServices Action ended 19:53:40: DeleteScheduledTasks. Return value 1. Action start 19:53:40: DeleteServices. MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriverWFPRollback_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriverWFP_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriver (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriver (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: RemoveMpBootSigsFromElamHive (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriver (condition is false) MSI (s) (08:FC) [19:53:40:379]: Doing action: RemoveRegistryValues Action ended 19:53:40: DeleteServices. Return value 1. Action start 19:53:40: RemoveRegistryValues. MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveShortcuts Action ended 19:53:40: RemoveRegistryValues. Return value 1. Action start 19:53:40: RemoveShortcuts. MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveDuplicateFiles Action ended 19:53:40: RemoveShortcuts. Return value 1. Action start 19:53:40: RemoveDuplicateFiles. MSI (s) (08:FC) [19:53:40:389]: Skipping action: StopMpTracing (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveScanDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveScanDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSigDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSigDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveLocalCopyDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveLocalCopyDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSupportDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSupportDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveFiles Action ended 19:53:40: RemoveDuplicateFiles. Return value 1. Action start 19:53:40: RemoveFiles. MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveFolders Action ended 19:53:40: RemoveFiles. Return value 1. Action start 19:53:40: RemoveFolders. MSI (s) (08:FC) [19:53:40:389]: Doing action: CreateFolders Action ended 19:53:40: RemoveFolders. Return value 1. MSI (s) (08:FC) [19:53:40:389]: Using well known SID for System MSI (s) (08:FC) [19:53:40:389]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:389]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:389]: Finished allocating new user SID Action start 19:53:40: CreateFolders. MSI (s) (08:FC) [19:53:40:399]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:399]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:399]: Doing action: MoveFiles Action ended 19:53:40: CreateFolders. Return value 1. Action start 19:53:40: MoveFiles. MSI (s) (08:FC) [19:53:40:399]: Doing action: MarketValuePropertySet Action ended 19:53:40: MoveFiles. Return value 1. MSI (s) (08:FC) [19:53:40:399]: PROPERTY CHANGE: Modifying MarketValue property. Its current value is 'en-us'. Its new value: 'de-de'. Action start 19:53:40: MarketValuePropertySet. MSI (s) (08:FC) [19:53:40:399]: Skipping action: SetCustomActionData_CalculateLockedFileMoveProperties (condition is false) MSI (s) (08:FC) [19:53:40:399]: Skipping action: CalculateLockedFileMoveProperties (condition is false) MSI (s) (08:FC) [19:53:40:399]: Skipping action: RestoreMovedFiles (condition is false) MSI (s) (08:FC) [19:53:40:399]: Skipping action: MoveLockedFiles (condition is false) MSI (s) (08:FC) [19:53:40:399]: Doing action: InstallFiles Action ended 19:53:40: MarketValuePropertySet. Return value 1. Action start 19:53:40: InstallFiles. MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: Patch MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? AND `Patch`.`#_MsiActive`=? ORDER BY `Patch`.`Sequence` MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: MsiSFCBypass MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2228 2: 3: MsiSFCBypass 4: SELECT `File_` FROM `MsiSFCBypass` WHERE `File_` = ? MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ? MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriverWFPRollback_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriverWFP_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriverWFPRollback_SetProperty Action ended 19:53:40: InstallFiles. Return value 1. MSI (s) (08:FC) [19:53:40:419]: PROPERTY CHANGE: Adding InstallDriverRollback property. Its value is '0#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat#NisDrvWFP.cat'. Action start 19:53:40: InstallDriverWFPRollback_SetProperty. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriverRollback Action ended 19:53:40: InstallDriverWFPRollback_SetProperty. Return value 1. Action start 19:53:40: InstallDriverRollback. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriverWFP_SetProperty Action ended 19:53:40: InstallDriverRollback. Return value 1. MSI (s) (08:FC) [19:53:40:419]: PROPERTY CHANGE: Adding InstallDriver property. Its value is '1#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat#NisDrvWFP.cat'. Action start 19:53:40: InstallDriverWFP_SetProperty. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriver Action ended 19:53:40: InstallDriverWFP_SetProperty. Return value 1. Action start 19:53:40: InstallDriver. MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallMpFilterDriverRollbackProperty Action ended 19:53:40: InstallDriver. Return value 1. MSI (s) (08:FC) [19:53:40:419]: PROPERTY CHANGE: Adding InstallMpFilterDriverRollback property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\mpfilter\'. Action start 19:53:40: InstallMpFilterDriverRollbackProperty. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallMpFilterDriverRollback Action ended 19:53:40: InstallMpFilterDriverRollbackProperty. Return value 1. Action start 19:53:40: InstallMpFilterDriverRollback. MSI (s) (08:FC) [19:53:40:429]: Doing action: InstallMpFilterDriverProperty Action ended 19:53:40: InstallMpFilterDriverRollback. Return value 1. MSI (s) (08:FC) [19:53:40:429]: PROPERTY CHANGE: Adding InstallMpFilterDriver property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\mpfilter\'. Action start 19:53:40: InstallMpFilterDriverProperty. MSI (s) (08:FC) [19:53:40:429]: Doing action: InstallMpFilterDriver Action ended 19:53:40: InstallMpFilterDriverProperty. Return value 1. Action start 19:53:40: InstallMpFilterDriver. MSI (s) (08:FC) [19:53:40:429]: Doing action: DuplicateFiles Action ended 19:53:40: InstallMpFilterDriver. Return value 1. Action start 19:53:40: DuplicateFiles. MSI (s) (08:FC) [19:53:40:429]: Doing action: SetAPPDATALocation Action ended 19:53:40: DuplicateFiles. Return value 1. MSI (s) (08:FC) [19:53:40:429]: PROPERTY CHANGE: Adding MSMPAPPDATAFOLDERNOBS property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\'. Action start 19:53:40: SetAPPDATALocation. MSI (s) (08:FC) [19:53:40:429]: Doing action: CutTrailingBSFromAppDataDir Action ended 19:53:40: SetAPPDATALocation. Return value 1. MSI (s) (08:E0) [19:53:40:429]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA02F.tmp, Entrypoint: CutTrailingBSFromAppDataDir Action start 19:53:40: CutTrailingBSFromAppDataDir. MSI (s) (08!BC) [19:53:40:439]: PROPERTY CHANGE: Modifying MSMPAPPDATAFOLDERNOBS property. Its current value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\'. Its new value: 'C:\ProgramData\Microsoft\Microsoft Antimalware'. WIXFXCA: CutTrailingBSFromAppDataDir: INFO: begin. WIXFXCA: CutTrailingBSFromAppDataDir: INFO: end. MSI (s) (08:FC) [19:53:40:439]: Doing action: WriteRegistryValues Action ended 19:53:40: CutTrailingBSFromAppDataDir. Return value 1. Action start 19:53:40: WriteRegistryValues. MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreRegKeyProperty (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreRegKey (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreSignaturesProperty (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreSignatures (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: SetEDTValueProperty (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: SetEDTValue (condition is false) MSI (s) (08:FC) [19:53:40:459]: Doing action: Rollback_RefreshShellFTA Action ended 19:53:40: WriteRegistryValues. Return value 1. Action start 19:53:40: Rollback_RefreshShellFTA. MSI (s) (08:FC) [19:53:40:459]: Doing action: RefreshShellFTA Action ended 19:53:40: Rollback_RefreshShellFTA. Return value 1. Action start 19:53:40: RefreshShellFTA. MSI (s) (08:FC) [19:53:40:459]: Doing action: ModifyClientAppLogLocation Action ended 19:53:40: RefreshShellFTA. Return value 1. Action start 19:53:40: ModifyClientAppLogLocation. MSI (s) (08:FC) [19:53:40:469]: Doing action: RegisterClientAppTraceSession Action ended 19:53:40: ModifyClientAppLogLocation. Return value 1. Action start 19:53:40: RegisterClientAppTraceSession. MSI (s) (08:FC) [19:53:40:469]: Doing action: InstallServices Action ended 19:53:40: RegisterClientAppTraceSession. Return value 1. Action start 19:53:40: InstallServices. MSI (s) (08:FC) [19:53:40:469]: Doing action: SetMpSchedServiceConfig Action ended 19:53:40: InstallServices. Return value 1. MSI (s) (08:FC) [19:53:40:469]: PROPERTY CHANGE: Adding MpSchedServiceConfig property. Its value is 'AntimalwareService|MsMpSvc|1|NisSrv|NisSrv|0'. Action start 19:53:40: SetMpSchedServiceConfig. MSI (s) (08:FC) [19:53:40:469]: Doing action: MpSchedServiceConfig Action ended 19:53:40: SetMpSchedServiceConfig. Return value 1. MSI (s) (08:70) [19:53:40:469]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA05F.tmp, Entrypoint: MpSchedServiceConfig MSI (s) (08!30) [19:53:40:539]: PROPERTY CHANGE: Adding MpExecServiceConfig property. Its value is 'MsMpSvc€1€NisSrv€0'. Action start 19:53:40: MpSchedServiceConfig. MSI (s) (08!30) [19:53:40:539]: Doing action: MpExecServiceConfig Action start 19:53:40: MpExecServiceConfig. Action ended 19:53:40: MpExecServiceConfig. Return value 1. MSI (s) (08:FC) [19:53:40:549]: Doing action: CollectErrorLogFilesProperty Action ended 19:53:40: MpSchedServiceConfig. Return value 1. MSI (s) (08:FC) [19:53:40:549]: PROPERTY CHANGE: Adding CollectErrorLogFiles property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Support\'. Action start 19:53:40: CollectErrorLogFilesProperty. MSI (s) (08:FC) [19:53:40:549]: Doing action: CollectErrorLogFiles Action ended 19:53:40: CollectErrorLogFilesProperty. Return value 1. Action start 19:53:40: CollectErrorLogFiles. MSI (s) (08:FC) [19:53:40:549]: Doing action: ConfigServiceHardeningProperty Action ended 19:53:40: CollectErrorLogFiles. Return value 1. MSI (s) (08:FC) [19:53:40:549]: PROPERTY CHANGE: Adding ConfigServiceHardening property. Its value is 'MsMpSvc;C:\Program Files\Microsoft Security Client\MsMpEng.exe'. Action start 19:53:40: ConfigServiceHardeningProperty. MSI (s) (08:FC) [19:53:40:549]: Doing action: ConfigServiceHardening Action ended 19:53:40: ConfigServiceHardeningProperty. Return value 1. Action start 19:53:40: ConfigServiceHardening. MSI (s) (08:FC) [19:53:40:549]: Doing action: EnableWDRollbackProperty Action ended 19:53:40: ConfigServiceHardening. Return value 1. MSI (s) (08:FC) [19:53:40:559]: PROPERTY CHANGE: Adding EnableWDRollback property. Its value is 'Microsoft Antimalware'. Action start 19:53:40: EnableWDRollbackProperty. MSI (s) (08:FC) [19:53:40:559]: Skipping action: DisableWDRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:559]: Skipping action: EnableWDOnUninstallProperty (condition is false) MSI (s) (08:FC) [19:53:40:559]: Doing action: EnableWDRollback Action ended 19:53:40: EnableWDRollbackProperty. Return value 1. Action start 19:53:40: EnableWDRollback. MSI (s) (08:FC) [19:53:40:559]: Skipping action: DisableWDRollback (condition is false) MSI (s) (08:FC) [19:53:40:559]: Skipping action: EnableWDOnUninstall (condition is false) MSI (s) (08:FC) [19:53:40:559]: Doing action: FinalizeNisInstall_SetProperty Action ended 19:53:40: EnableWDRollback. Return value 1. MSI (s) (08:FC) [19:53:40:559]: PROPERTY CHANGE: Adding FinalizeNisInstall property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\'. Action start 19:53:40: FinalizeNisInstall_SetProperty. MSI (s) (08:FC) [19:53:40:559]: Doing action: FinalizeNisInstall Action ended 19:53:40: FinalizeNisInstall_SetProperty. Return value 1. Action start 19:53:40: FinalizeNisInstall. MSI (s) (08:FC) [19:53:40:559]: Doing action: StartServices Action ended 19:53:40: FinalizeNisInstall. Return value 1. Action start 19:53:40: StartServices. MSI (s) (08:FC) [19:53:40:559]: Doing action: ValidateServiceStartProperty Action ended 19:53:40: StartServices. Return value 1. MSI (s) (08:FC) [19:53:40:559]: PROPERTY CHANGE: Adding ValidateServiceStart property. Its value is 'C:\Program Files\Microsoft Security Client\'. Action start 19:53:40: ValidateServiceStartProperty. MSI (s) (08:FC) [19:53:40:559]: Doing action: ValidateServiceStart Action ended 19:53:40: ValidateServiceStartProperty. Return value 1. Action start 19:53:40: ValidateServiceStart. MSI (s) (08:FC) [19:53:40:569]: Doing action: RegisterUser Action ended 19:53:40: ValidateServiceStart. Return value 1. Action start 19:53:40: RegisterUser. MSI (s) (08:FC) [19:53:40:569]: Doing action: RegisterProduct Action ended 19:53:40: RegisterUser. Return value 1. Action start 19:53:40: RegisterProduct. MSI (s) (08:FC) [19:53:40:569]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'. MSI (s) (08:FC) [19:53:40:569]: Doing action: PublishComponents Action ended 19:53:40: RegisterProduct. Return value 1. MSI (s) (08:FC) [19:53:40:569]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:569]: Note: 1: 2228 2: 3: PublishComponent 4: SELECT `PublishComponent`.`ComponentId`, `PublishComponent`.`Qualifier`, `PublishComponent`.`AppData`, `Feature`, `Component`.`ComponentId`, `Component`.`RuntimeFlags` FROM `PublishComponent`, `Component`, `Feature` WHERE `PublishComponent`.`Component_` = `Component`.`Component` AND `PublishComponent`.`Feature_` = `Feature`.`Feature` AND ((`Feature`.`Action` = 1 OR `Feature`.`Action` = 2) OR (`Feature`.`Action` = 4 AND `Feature`.`Installed` = 0) OR (`Feature`.`Action` = 3 AND (`Feature`.`Installed` = 1 OR `Feature`.`Installed` = 2 OR `Feature`.`Installed` = 4))) Action start 19:53:40: PublishComponents. MSI (s) (08:FC) [19:53:40:569]: Doing action: PublishFeatures Action ended 19:53:40: PublishComponents. Return value 0. Action start 19:53:40: PublishFeatures. MSI (s) (08:FC) [19:53:40:579]: Doing action: PublishProduct Action ended 19:53:40: PublishFeatures. Return value 1. Action start 19:53:40: PublishProduct. MSI (s) (08:FC) [19:53:40:579]: Doing action: InstallExecute Action ended 19:53:40: PublishProduct. Return value 1. MSI (s) (08:FC) [19:53:40:579]: Running Script: C:\Windows\Installer\MSI9FC1.tmp MSI (s) (08:FC) [19:53:40:579]: PROPERTY CHANGE: Adding UpdateStarted property. Its value is '1'. MSI (s) (08:FC) [19:53:40:579]: Machine policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (08:FC) [19:53:40:589]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1117167285,LangId=1033,Platform=589824,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,Scrip tAttributes=1) Action start 19:53:40: InstallExecute. MSI (s) (08:FC) [19:53:40:589]: Executing op: ProductInfo(ProductKey={D954C6C2-544B-4091-A47F-11E77162883E},ProductName=Microsoft Security Client,PackageName=epp.msi,Language=1033,Version=67240159,Assignment=1,ObsoleteArg=0,,,PackageCode={1E0A59F2-CF88-4EF2-A092-12DE0A8E6E5A},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3) MSI (s) (08:FC) [19:53:40:589]: Executing op: DialogInfo(Type=0,Argument=1033) MSI (s) (08:FC) [19:53:40:589]: Executing op: DialogInfo(Type=1,Argument=Microsoft Security Client) MSI (s) (08:FC) [19:53:40:589]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1]) MSI (s) (08:FC) [19:53:40:589]: Executing op: SetBaseline(Baseline=0,) MSI (s) (08:FC) [19:53:40:589]: Executing op: SetBaseline(Baseline=1,) |
29.04.2013, 22:31 | #11 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet MSI (s) (08:FC) [19:53:40:139]: Component: NisSrv; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisSvcSID; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisIpsPlugin; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisWFP; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisLog; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: NisDriverWFP; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: mssecesExe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: shellext; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsseWat; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMui_ENUS; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_ENUS; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: StartupKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: RemoveEppRegKeyOnUninstall; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry1; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry2; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry3; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry4; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry5; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry6; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry7; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry8; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry9; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry10; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry11; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ApplicationAutoLoggerKeyRegistry12; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionCom; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionFilesAccosiation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionDirAccosiation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionDriveAccosiation; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: ShellExtensionApproved; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_MSE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_FEP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_SCEP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_INTUNE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_EPP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: StartMenuShortcut_MSEPrerelease; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: CleanUpMseV1Shortcuts; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: OOBEKeyRegistry; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: SysprepMSECleanup; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry1; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry2; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry3; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry4; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry5; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry6; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry7; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry8; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry9; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry10; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry11; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: OOBEAutoLoggerKeyRegistry12; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: msseoobeexe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: msseooberes; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MSESysprep; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: msseooberesMui_ENUS; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: MsMpResDllMuiVistaPlus_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:139]: Component: shellextDllMui_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiVistaPlus_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: shellextDllMui_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: Market; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_DE_DE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MsMpResDllMuiPreVista_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupRes.dll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: Setup.exe; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: SqmApi.dll; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForMse; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForFep; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForScep; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForIntune; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForEpp; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: EppManifestForMsePrerelease; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_EN_US; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_BG_BG; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_CS_CZ; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_DA_DK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_DE_DE; Installed: Absent; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_EL_GR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ES_ES; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ET_EE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_FI_FI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_FR_FR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_HR_HR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_HU_HU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_IT_IT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_LT_LT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_JA_JP; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_KO_KR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_LV_LV; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_NB_NO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_NL_NL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PL_PL; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PS_MI; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PS_PS; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PT_BR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_PT_PT; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_RO_RO; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_RU_RU; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_SK_SK; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_SV_SE; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_TH_TH; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_TR_TR; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_UK_UA; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_VI_VN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ZH_CN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_ZH_TW; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: SetupResDllMui_SR_LATN; Installed: Absent; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MpUxSrvOobExe; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: mpuxhostproxyoob; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MpUxHostClsid; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: MpUxHostAppId; Installed: Absent; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MPFILTER65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MPFILTER66; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot66; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot67; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NisDriverWFP65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __CleanUpMseV1Shortcuts65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __CleanUpMseV1Shortcuts66; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MPFILTER67; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpBoot68; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NisDriverWFP66; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpComDllVista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpComAppIdRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MalwareProtectionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __InstallLocationRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ProductAppDataPathRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __BetaPlatformRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NotificationExeRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __ThrottlingIntervalRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceHardeningFlagsRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ProductIconRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ProductLocalizedNameRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __RemediationExeRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __WatCheckDllRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SignatureCategoryIdRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __RealTimeProtectionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ScanKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __EnableTrustedImageRegistry65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __QuarantineKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ReportingKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SignatureUpdatesKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SpyNetKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SpyNetReportingLocationRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ThreatsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ThreatIDDefaultActionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ThreatSeverityDefaultActionKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsExtensionsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsPathsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsTempPathsKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ExclusionsProcessesKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __UXConfigurationKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MiscellaneousConfigurationKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpEngineKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SavePRODUCTICON65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SavePRODUCTLOCALIZEDNAME65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveREMEDIATIONEXE65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveSIGNATURECATEGORYID65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SavePRODUCT_SKU65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveINSTALLDIR65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveWATCHECKDLL65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveMARKET65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SaveNOTIFICATIONEXE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __SaveTHROTTLINGINTERVAL65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __NisSkuDiffRegistryComponent65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MalwareProtectionKeyRegistry_Wow6465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __InstallLocationRegistry_Wow6465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV1Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV2Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV3Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV4Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV5Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV6Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV7Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyRegistry_PreVista65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyRegistry_Vista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyWow64Registry_PreVista65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAvPolicyKeyWow64Registry_Vista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SampleSubmissionEventKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SampleSubmissionEventMessageFileRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SampleSubmissionTypesSupportedRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MinimalSafeBootKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MinimalSafeBootEntryRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __NetworkSafeBootKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __NetworkSafeBootEntryRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __EventSourceKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceEventMessageFileRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceParameterMessageFileRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __EventTypeFlagRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceSidTypeRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ServiceRequiredPrivilegesRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __FLTRMGR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __EdtRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __NisSvcSID65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __StartupKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry365; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry565; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry665; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry765; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry865; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry965; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry1065; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry1165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ApplicationAutoLoggerKeyRegistry1265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionCom65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionFilesAccosiation65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionDirAccosiation65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionDriveAccosiation65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __ShellExtensionApproved65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_MSE65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_FEP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_SCEP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_INTUNE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_EPP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __StartMenuShortcut_MSEPrerelease65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEKeyRegistry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __SysprepMSECleanup65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry365; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry565; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry665; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry765; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry865; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry965; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry1065; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry1165; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OOBEAutoLoggerKeyRegistry1265; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __Market65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MpUxHostClsid65; Installed: Null; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MpUxHostAppId65; Installed: Null; Request: Null; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpComDllPreVista65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAVDll65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAVDll_Wow6465; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV6_Wow64Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __OfficeAV7_Wow64Registry65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDll65; Installed: Null; Request: Local; Action: Local MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_BG_BG65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_CS_CZ65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_DA_DK65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_DE_DE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_EL_GR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ES_ES65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ET_EE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_FI_FI65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_FR_FR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_HR_HR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_HU_HU65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_IT_IT65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_LT_LT65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_JA_JP65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_KO_KR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_LV_LV65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_NB_NO65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_NL_NL65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PL_PL65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PS_PS65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PS_MI65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PT_BR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_PT_PT65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_RO_RO65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_RU_RU65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_SK_SK65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_SV_SE65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_TH_TH65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_TR_TR65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_UK_UA65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_VI_VN65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ZH_CN65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_ZH_TW65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __MsMpResDllMuiPreVista_SR_LATN65; Installed: Null; Request: Local; Action: Null MSI (s) (08:FC) [19:53:40:149]: Component: __mpuxhostproxyoob65; Installed: Null; Request: Null; Action: Null Action start 19:53:40: InstallValidate. MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: BindImage MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: ProgId MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: SelfReg MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: Extension MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: Font MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: Class MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: TypeLib MSI (s) (08:FC) [19:53:40:149]: Note: 1: 2205 2: 3: _RemoveFilePath MSI (s) (08:FC) [19:53:40:189]: Note: 1: 2756 2: MPFILTER_PREVIOUSVERSION MSI (s) (08:FC) [19:53:40:189]: Note: 1: 2756 2: NISDRIVERWFP_PREVIOUSVERSION MSI (s) (08:FC) [19:53:40:199]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'. MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: BindImage MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: ProgId MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: SelfReg MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: Extension MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: Font MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: Class MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: TypeLib MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2727 2: MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2205 2: 3: FilesInUse MSI (s) (08:FC) [19:53:40:209]: Note: 1: 2727 2: MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceName Action ended 19:53:40: InstallValidate. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Adding NISService property. Its value is 'Network Inspection System'. Action start 19:53:40: NISServiceName. MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceDesc Action ended 19:53:40: NISServiceName. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Adding NISServiceDesc property. Its value is 'NIS helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols'. Action start 19:53:40: NISServiceDesc. MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceNameLoc Action ended 19:53:40: NISServiceDesc. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Modifying NISService property. Its current value is 'Network Inspection System'. Its new value: '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243'. Action start 19:53:40: NISServiceNameLoc. MSI (s) (08:FC) [19:53:40:209]: Doing action: NISServiceDescLoc Action ended 19:53:40: NISServiceNameLoc. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Modifying NISServiceDesc property. Its current value is 'NIS helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols'. Its new value: '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-242'. Action start 19:53:40: NISServiceDescLoc. MSI (s) (08:FC) [19:53:40:209]: Doing action: SaveInstallLocation Action ended 19:53:40: NISServiceDescLoc. Return value 1. MSI (s) (08:FC) [19:53:40:209]: PROPERTY CHANGE: Modifying ARPINSTALLLOCATION property. Its current value is 'C:\Program Files\Microsoft Security Client'. Its new value: 'C:\Program Files\Microsoft Security Client\'. Action start 19:53:40: SaveInstallLocation. MSI (s) (08:FC) [19:53:40:209]: Doing action: StopRunningProcessW Action ended 19:53:40: SaveInstallLocation. Return value 1. MSI (s) (08:F4) [19:53:40:219]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9F53.tmp, Entrypoint: StopRunningProcessW MSI (s) (08!30) [19:53:40:219]: PROPERTY CHANGE: Deleting StopProcessList property. Its current value is 'MSASCui.exe MpCmdRun.exe'. Action start 19:53:40: StopRunningProcessW. MSI (s) (08:FC) [19:53:40:219]: Skipping action: SaveRegKey (condition is false) MSI (s) (08:FC) [19:53:40:219]: Skipping action: SaveSignaturesProperty (condition is false) MSI (s) (08:FC) [19:53:40:219]: Skipping action: SaveSignatures (condition is false) MSI (s) (08:FC) [19:53:40:219]: Skipping action: ServiceDescriptionPreVistaProperty (condition is false) MSI (s) (08:FC) [19:53:40:219]: Doing action: ServiceDescriptionPostVistaProperty Action ended 19:53:40: StopRunningProcessW. Return value 1. MSI (s) (08:FC) [19:53:40:219]: PROPERTY CHANGE: Adding ServiceDescription property. Its value is '@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-240'. Action start 19:53:40: ServiceDescriptionPostVistaProperty. MSI (s) (08:FC) [19:53:40:229]: Doing action: UpgradeParamsAction Action ended 19:53:40: ServiceDescriptionPostVistaProperty. Return value 1. MSI (s) (08:FC) [19:53:40:229]: PROPERTY CHANGE: Adding UpgradeParams property. Its value is 'MSIRESTARTMANAGERCONTROL=DisableShutdown'. Action start 19:53:40: UpgradeParamsAction. MSI (s) (08:FC) [19:53:40:229]: Doing action: RemoveExistingProducts Action ended 19:53:40: UpgradeParamsAction. Return value 1. Action start 19:53:40: RemoveExistingProducts. MSI (s) (08:FC) [19:53:40:229]: Doing action: InstallInitialize Action ended 19:53:40: RemoveExistingProducts. Return value 1. MSI (s) (08:FC) [19:53:40:229]: Machine policy value 'AlwaysInstallElevated' is 0 MSI (s) (08:FC) [19:53:40:229]: User policy value 'AlwaysInstallElevated' is 0 MSI (s) (08:FC) [19:53:40:229]: BeginTransaction: Locking Server MSI (s) (08:FC) [19:53:40:229]: SRSetRestorePoint skipped for this transaction. MSI (s) (08:FC) [19:53:40:229]: Server not locked: locking for product {D954C6C2-544B-4091-A47F-11E77162883E} Action start 19:53:40: InstallInitialize. MSI (s) (08:FC) [19:53:40:309]: Doing action: AllocateRegistrySpace Action ended 19:53:40: InstallInitialize. Return value 1. Action start 19:53:40: AllocateRegistrySpace. MSI (s) (08:FC) [19:53:40:309]: Doing action: ProcessComponents Action ended 19:53:40: AllocateRegistrySpace. Return value 1. MSI (s) (08:FC) [19:53:40:309]: Note: 1: 2205 2: 3: MsiPatchCertificate MSI (s) (08:FC) [19:53:40:309]: LUA patching is disabled: missing MsiPatchCertificate table MSI (s) (08:FC) [19:53:40:309]: Resolving source. MSI (s) (08:FC) [19:53:40:309]: Resolving source to launched-from source. MSI (s) (08:FC) [19:53:40:309]: Setting launched-from source as last-used. MSI (s) (08:FC) [19:53:40:319]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'd:\e7c248284070f03bb2c8732485aefe93\amd64\'. MSI (s) (08:FC) [19:53:40:319]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'd:\e7c248284070f03bb2c8732485aefe93\amd64\'. MSI (s) (08:FC) [19:53:40:319]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{D954C6C2-544B-4091-A47F-11E77162883E}'. MSI (s) (08:FC) [19:53:40:319]: SOURCEDIR ==> d:\e7c248284070f03bb2c8732485aefe93\amd64\ MSI (s) (08:FC) [19:53:40:319]: SOURCEDIR product ==> {D954C6C2-544B-4091-A47F-11E77162883E} MSI (s) (08:FC) [19:53:40:319]: Determining source type MSI (s) (08:FC) [19:53:40:319]: Source type from package 'epp.msi': 2 Action start 19:53:40: ProcessComponents. MSI (s) (08:FC) [19:53:40:319]: Source path resolution complete. Dumping Directory table... MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: TARGETDIR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: NISDRIVERWFP_PREVIOUSVERSION , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPBOOT_PREVIOUSVERSION , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPFILTER_PREVIOUSVERSION , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DesktopFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ELAM_BACKUP_FOLDER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: USERPROFILE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: UserProfile\ , ShortSubPath: qufaqbwx\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ALLUSERSPROFILE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: All Users\ , ShortSubPath: wmi4_ebl\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: WindowsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Windows\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: InfFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Windows\Inf\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: TempFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Temp\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: SystemFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System32\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: System64Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System64\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DriverFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System64\Drivers\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: System16Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: System\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: StartMenuFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Start Menu\ , ShortSubPath: fcntkxtr\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: CommonFilesFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Common Files\ , ShortSubPath: plrigd-r\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: CommonFiles64Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Common Files\ , ShortSubPath: plrigd-r\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: METROUISHORTCUTDIR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Programs\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ProgramMenuFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Programs\ , ShortSubPath: MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ProgramFilesFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\ , ShortSubPath: xlqr-nev\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: HomeDir_Wow64 , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\m8czvycy\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: INSTALLDIRWOW64 , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\m8czvycy\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_SR_LATN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SR-LATN-CS\ , ShortSubPath: xlqr-nev\m8czvycy\h51lwlpd\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ZH_TW , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-TW\ , ShortSubPath: xlqr-nev\m8czvycy\ZH-TW\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ZH_CN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-CN\ , ShortSubPath: xlqr-nev\m8czvycy\ZH-CN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_VI_VN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\VI-VN\ , ShortSubPath: xlqr-nev\m8czvycy\VI-VN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_UK_UA , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\UK-UA\ , ShortSubPath: xlqr-nev\m8czvycy\UK-UA\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_TR_TR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TR-TR\ , ShortSubPath: xlqr-nev\m8czvycy\TR-TR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_TH_TH , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TH-TH\ , ShortSubPath: xlqr-nev\m8czvycy\TH-TH\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_SV_SE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SV-SE\ , ShortSubPath: xlqr-nev\m8czvycy\SV-SE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_SK_SK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SK-SK\ , ShortSubPath: xlqr-nev\m8czvycy\SK-SK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_RU_RU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RU-RU\ , ShortSubPath: xlqr-nev\m8czvycy\RU-RU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_RO_RO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RO-RO\ , ShortSubPath: xlqr-nev\m8czvycy\RO-RO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PT_PT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-PT\ , ShortSubPath: xlqr-nev\m8czvycy\PT-PT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PT_BR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-BR\ , ShortSubPath: xlqr-nev\m8czvycy\PT-BR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PS_PS , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-ploc\ , ShortSubPath: xlqr-nev\m8czvycy\qps-ploc\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PS_MI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-plocm\ , ShortSubPath: xlqr-nev\m8czvycy\a8w0bn4w\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_PL_PL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PL-PL\ , ShortSubPath: xlqr-nev\m8czvycy\PL-PL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_NL_NL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NL-NL\ , ShortSubPath: xlqr-nev\m8czvycy\NL-NL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_NB_NO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NB-NO\ , ShortSubPath: xlqr-nev\m8czvycy\NB-NO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_LV_LV , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LV-LV\ , ShortSubPath: xlqr-nev\m8czvycy\LV-LV\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_KO_KR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\KO-KR\ , ShortSubPath: xlqr-nev\m8czvycy\KO-KR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_JA_JP , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\JA-JP\ , ShortSubPath: xlqr-nev\m8czvycy\JA-JP\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_LT_LT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LT-LT\ , ShortSubPath: xlqr-nev\m8czvycy\LT-LT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_IT_IT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\IT-IT\ , ShortSubPath: xlqr-nev\m8czvycy\IT-IT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_HU_HU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HU-HU\ , ShortSubPath: xlqr-nev\m8czvycy\HU-HU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_HR_HR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HR-HR\ , ShortSubPath: xlqr-nev\m8czvycy\HR-HR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_FR_FR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FR-FR\ , ShortSubPath: xlqr-nev\m8czvycy\FR-FR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_FI_FI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FI-FI\ , ShortSubPath: xlqr-nev\m8czvycy\FI-FI\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ET_EE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ET-EE\ , ShortSubPath: xlqr-nev\m8czvycy\ET-EE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_ES_ES , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ES-ES\ , ShortSubPath: xlqr-nev\m8czvycy\ES-ES\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_EL_GR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\EL-GR\ , ShortSubPath: xlqr-nev\m8czvycy\EL-GR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_DE_DE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DE-DE\ , ShortSubPath: xlqr-nev\m8czvycy\DE-DE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_DA_DK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DA-DK\ , ShortSubPath: xlqr-nev\m8czvycy\DA-DK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_CS_CZ , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\CS-CZ\ , ShortSubPath: xlqr-nev\m8czvycy\CS-CZ\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64_BG_BG , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\BG-BG\ , ShortSubPath: xlqr-nev\m8czvycy\BG-BG\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_Wow64 , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\en-US\ , ShortSubPath: xlqr-nev\m8czvycy\en-US\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ProgramFiles64Folder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\ , ShortSubPath: xlqr-nev\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: HomeDir , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\elklmiub\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MSMPAPPDATAFOLDER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: CleanStoreFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Clean Store\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\ukpdwarq\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: LocalCopyFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\LocalCopy\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\gtcuy76i\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: TelemetryFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Telemetry\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\sgdlxkhc\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: SupportFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Support\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Support\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanLocationFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanHistoryFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanResultsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ResultsSystemFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\System\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\System\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanResourceFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\Resource\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\Resource\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: QuickResultsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Results\Quick\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Results\Quick\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: ScanContextsFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Scans\History\Contexts\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\Scans\History\Contexts\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: QuarantineLocationFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Quarantine\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\gjvl_czl\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: SignatureRootFolder , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Definition Updates\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\8jo7mts4\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: Updates , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Definition Updates\Updates\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\8jo7mts4\Updates\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Microsoft Antimalware\Definition Updates\Backup\ , ShortSubPath: xlqr-nev\elklmiub\pjcqt7r-\8jo7mts4\Backup\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: INSTALLDIR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ , ShortSubPath: xlqr-nev\elklmiub\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: Symbols , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Symbols\ , ShortSubPath: xlqr-nev\elklmiub\Symbols\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: enus , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\en-us\ , ShortSubPath: xlqr-nev\elklmiub\en-us\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_SR_LATN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SR-LATN-CS\ , ShortSubPath: xlqr-nev\elklmiub\wfev8rkh\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ZH_TW , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-TW\ , ShortSubPath: xlqr-nev\elklmiub\ZH-TW\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ZH_CN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ZH-CN\ , ShortSubPath: xlqr-nev\elklmiub\ZH-CN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_VI_VN , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\VI-VN\ , ShortSubPath: xlqr-nev\elklmiub\VI-VN\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_UK_UA , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\UK-UA\ , ShortSubPath: xlqr-nev\elklmiub\UK-UA\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_TR_TR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TR-TR\ , ShortSubPath: xlqr-nev\elklmiub\TR-TR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_TH_TH , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\TH-TH\ , ShortSubPath: xlqr-nev\elklmiub\TH-TH\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_SV_SE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SV-SE\ , ShortSubPath: xlqr-nev\elklmiub\SV-SE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_SK_SK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\SK-SK\ , ShortSubPath: xlqr-nev\elklmiub\SK-SK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_RU_RU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RU-RU\ , ShortSubPath: xlqr-nev\elklmiub\RU-RU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_RO_RO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\RO-RO\ , ShortSubPath: xlqr-nev\elklmiub\RO-RO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PT_PT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-PT\ , ShortSubPath: xlqr-nev\elklmiub\PT-PT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PT_BR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PT-BR\ , ShortSubPath: xlqr-nev\elklmiub\PT-BR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PS_PS , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-ploc\ , ShortSubPath: xlqr-nev\elklmiub\qps-ploc\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PS_MI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\qps-plocm\ , ShortSubPath: xlqr-nev\elklmiub\o4uffi-h\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_PL_PL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\PL-PL\ , ShortSubPath: xlqr-nev\elklmiub\PL-PL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_NL_NL , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NL-NL\ , ShortSubPath: xlqr-nev\elklmiub\NL-NL\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_NB_NO , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\NB-NO\ , ShortSubPath: xlqr-nev\elklmiub\NB-NO\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_LV_LV , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LV-LV\ , ShortSubPath: xlqr-nev\elklmiub\LV-LV\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_KO_KR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\KO-KR\ , ShortSubPath: xlqr-nev\elklmiub\KO-KR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_JA_JP , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\JA-JP\ , ShortSubPath: xlqr-nev\elklmiub\JA-JP\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_LT_LT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\LT-LT\ , ShortSubPath: xlqr-nev\elklmiub\LT-LT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_IT_IT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\IT-IT\ , ShortSubPath: xlqr-nev\elklmiub\IT-IT\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_HU_HU , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HU-HU\ , ShortSubPath: xlqr-nev\elklmiub\HU-HU\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_HR_HR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\HR-HR\ , ShortSubPath: xlqr-nev\elklmiub\HR-HR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_FR_FR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FR-FR\ , ShortSubPath: xlqr-nev\elklmiub\FR-FR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_FI_FI , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\FI-FI\ , ShortSubPath: xlqr-nev\elklmiub\FI-FI\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ET_EE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ET-EE\ , ShortSubPath: xlqr-nev\elklmiub\ET-EE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_ES_ES , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\ES-ES\ , ShortSubPath: xlqr-nev\elklmiub\ES-ES\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_EL_GR , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\EL-GR\ , ShortSubPath: xlqr-nev\elklmiub\EL-GR\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_DE_DE , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DE-DE\ , ShortSubPath: xlqr-nev\elklmiub\DE-DE\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_DA_DK , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\DA-DK\ , ShortSubPath: xlqr-nev\elklmiub\DA-DK\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_CS_CZ , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\CS-CZ\ , ShortSubPath: xlqr-nev\elklmiub\CS-CZ\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang_BG_BG , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\BG-BG\ , ShortSubPath: xlqr-nev\elklmiub\BG-BG\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DRIVERS , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: DRIVERBACKUP , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: NIS_DRIVER_Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\NisDrv\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPBOOT_Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\MpBoot\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\MpBoot\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPFILTER_Backup , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\Backup\mpfilter\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\Backup\mpfilter\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: NIS_DRIVER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\NisDrv\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\NisDrv\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPBOOT , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\MpBoot\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\MpBoot\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MPFILTER , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\Drivers\mpfilter\ , ShortSubPath: xlqr-nev\elklmiub\Drivers\mpfilter\ MSI (s) (08:FC) [19:53:40:319]: Dir (source): Key: MuiLang , Object: d:\e7c248284070f03bb2c8732485aefe93\amd64\ , LongSubPath: Program Files\Microsoft Security Client\en-US\ , ShortSubPath: xlqr-nev\elklmiub\en-US\ MSI (s) (08:FC) [19:53:40:379]: Doing action: UnpublishComponents Action ended 19:53:40: ProcessComponents. Return value 1. MSI (s) (08:FC) [19:53:40:379]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:379]: Note: 1: 2228 2: 3: PublishComponent 4: SELECT `PublishComponent`.`ComponentId`, `PublishComponent`.`Qualifier`, `PublishComponent`.`AppData`, `Feature`, `Component`.`ComponentId`, `Component`.`RuntimeFlags` FROM `PublishComponent`, `Component`, `Feature` WHERE `PublishComponent`.`Component_` = `Component`.`Component` AND `PublishComponent`.`Feature_` = `Feature`.`Feature` AND (`Feature`.`Action` = 0 OR ((`Feature`.`Action` = NULL OR `Feature`.`Action` = 3) AND `Component`.`Action` = 0 AND (`Feature`.`Installed` = 1 OR `Feature`.`Installed` = 2))) Action start 19:53:40: UnpublishComponents. MSI (s) (08:FC) [19:53:40:379]: Doing action: UnpublishFeatures Action ended 19:53:40: UnpublishComponents. Return value 0. Action start 19:53:40: UnpublishFeatures. MSI (s) (08:FC) [19:53:40:379]: Skipping action: RemoveServiceHardeningProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: RemoveServiceHardening (condition is false) MSI (s) (08:FC) [19:53:40:379]: Doing action: StopServices Action ended 19:53:40: UnpublishFeatures. Return value 1. Action start 19:53:40: StopServices. MSI (s) (08:FC) [19:53:40:379]: Skipping action: UnregisterWscProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UnregisterWsc (condition is false) MSI (s) (08:FC) [19:53:40:379]: Doing action: DeleteScheduledTasksProperty Action ended 19:53:40: StopServices. Return value 1. MSI (s) (08:FC) [19:53:40:379]: PROPERTY CHANGE: Adding DeleteScheduledTasks property. Its value is 'Microsoft\Microsoft Antimalware'. Action start 19:53:40: DeleteScheduledTasksProperty. MSI (s) (08:FC) [19:53:40:379]: Doing action: DeleteScheduledTasks Action ended 19:53:40: DeleteScheduledTasksProperty. Return value 1. Action start 19:53:40: DeleteScheduledTasks. MSI (s) (08:FC) [19:53:40:379]: Doing action: DeleteServices Action ended 19:53:40: DeleteScheduledTasks. Return value 1. Action start 19:53:40: DeleteServices. MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriverWFPRollback_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriverWFP_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallDriver (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpBootDriver (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: RemoveMpBootSigsFromElamHive (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:379]: Skipping action: UninstallMpFilterDriver (condition is false) MSI (s) (08:FC) [19:53:40:379]: Doing action: RemoveRegistryValues Action ended 19:53:40: DeleteServices. Return value 1. Action start 19:53:40: RemoveRegistryValues. MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveShortcuts Action ended 19:53:40: RemoveRegistryValues. Return value 1. Action start 19:53:40: RemoveShortcuts. MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveDuplicateFiles Action ended 19:53:40: RemoveShortcuts. Return value 1. Action start 19:53:40: RemoveDuplicateFiles. MSI (s) (08:FC) [19:53:40:389]: Skipping action: StopMpTracing (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveScanDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveScanDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSigDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSigDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveLocalCopyDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveLocalCopyDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSupportDirProperty (condition is false) MSI (s) (08:FC) [19:53:40:389]: Skipping action: RemoveSupportDir (condition is false) MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveFiles Action ended 19:53:40: RemoveDuplicateFiles. Return value 1. Action start 19:53:40: RemoveFiles. MSI (s) (08:FC) [19:53:40:389]: Doing action: RemoveFolders Action ended 19:53:40: RemoveFiles. Return value 1. Action start 19:53:40: RemoveFolders. MSI (s) (08:FC) [19:53:40:389]: Doing action: CreateFolders Action ended 19:53:40: RemoveFolders. Return value 1. MSI (s) (08:FC) [19:53:40:389]: Using well known SID for System MSI (s) (08:FC) [19:53:40:389]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:389]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:389]: Finished allocating new user SID Action start 19:53:40: CreateFolders. MSI (s) (08:FC) [19:53:40:399]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:399]: Finished allocating new user SID MSI (s) (08:FC) [19:53:40:399]: Doing action: MoveFiles Action ended 19:53:40: CreateFolders. Return value 1. Action start 19:53:40: MoveFiles. MSI (s) (08:FC) [19:53:40:399]: Doing action: MarketValuePropertySet Action ended 19:53:40: MoveFiles. Return value 1. MSI (s) (08:FC) [19:53:40:399]: PROPERTY CHANGE: Modifying MarketValue property. Its current value is 'en-us'. Its new value: 'de-de'. Action start 19:53:40: MarketValuePropertySet. MSI (s) (08:FC) [19:53:40:399]: Skipping action: SetCustomActionData_CalculateLockedFileMoveProperties (condition is false) MSI (s) (08:FC) [19:53:40:399]: Skipping action: CalculateLockedFileMoveProperties (condition is false) MSI (s) (08:FC) [19:53:40:399]: Skipping action: RestoreMovedFiles (condition is false) MSI (s) (08:FC) [19:53:40:399]: Skipping action: MoveLockedFiles (condition is false) MSI (s) (08:FC) [19:53:40:399]: Doing action: InstallFiles Action ended 19:53:40: MarketValuePropertySet. Return value 1. Action start 19:53:40: InstallFiles. MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: Patch MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? AND `Patch`.`#_MsiActive`=? ORDER BY `Patch`.`Sequence` MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: MsiSFCBypass MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2228 2: 3: MsiSFCBypass 4: SELECT `File_` FROM `MsiSFCBypass` WHERE `File_` = ? MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ? MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: MsiPatchHeaders MSI (s) (08:FC) [19:53:40:409]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriverWFPRollback_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriverWFP_SetProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriverWFPRollback_SetProperty Action ended 19:53:40: InstallFiles. Return value 1. MSI (s) (08:FC) [19:53:40:419]: PROPERTY CHANGE: Adding InstallDriverRollback property. Its value is '0#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat#NisDrvWFP.cat'. Action start 19:53:40: InstallDriverWFPRollback_SetProperty. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriverRollback Action ended 19:53:40: InstallDriverWFPRollback_SetProperty. Return value 1. Action start 19:53:40: InstallDriverRollback. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriverWFP_SetProperty Action ended 19:53:40: InstallDriverRollback. Return value 1. MSI (s) (08:FC) [19:53:40:419]: PROPERTY CHANGE: Adding InstallDriver property. Its value is '1#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat#NisDrvWFP.cat'. Action start 19:53:40: InstallDriverWFP_SetProperty. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallDriver Action ended 19:53:40: InstallDriverWFP_SetProperty. Return value 1. Action start 19:53:40: InstallDriver. MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpBootDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: InstallMpBootDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriverRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriverRollback (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriverProperty (condition is false) MSI (s) (08:FC) [19:53:40:419]: Skipping action: UninstallOldMpFilterDriver (condition is false) MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallMpFilterDriverRollbackProperty Action ended 19:53:40: InstallDriver. Return value 1. MSI (s) (08:FC) [19:53:40:419]: PROPERTY CHANGE: Adding InstallMpFilterDriverRollback property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\mpfilter\'. Action start 19:53:40: InstallMpFilterDriverRollbackProperty. MSI (s) (08:FC) [19:53:40:419]: Doing action: InstallMpFilterDriverRollback Action ended 19:53:40: InstallMpFilterDriverRollbackProperty. Return value 1. Action start 19:53:40: InstallMpFilterDriverRollback. MSI (s) (08:FC) [19:53:40:429]: Doing action: InstallMpFilterDriverProperty Action ended 19:53:40: InstallMpFilterDriverRollback. Return value 1. MSI (s) (08:FC) [19:53:40:429]: PROPERTY CHANGE: Adding InstallMpFilterDriver property. Its value is 'C:\Program Files\Microsoft Security Client\Drivers\mpfilter\'. Action start 19:53:40: InstallMpFilterDriverProperty. MSI (s) (08:FC) [19:53:40:429]: Doing action: InstallMpFilterDriver Action ended 19:53:40: InstallMpFilterDriverProperty. Return value 1. Action start 19:53:40: InstallMpFilterDriver. MSI (s) (08:FC) [19:53:40:429]: Doing action: DuplicateFiles Action ended 19:53:40: InstallMpFilterDriver. Return value 1. Action start 19:53:40: DuplicateFiles. MSI (s) (08:FC) [19:53:40:429]: Doing action: SetAPPDATALocation Action ended 19:53:40: DuplicateFiles. Return value 1. MSI (s) (08:FC) [19:53:40:429]: PROPERTY CHANGE: Adding MSMPAPPDATAFOLDERNOBS property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\'. Action start 19:53:40: SetAPPDATALocation. MSI (s) (08:FC) [19:53:40:429]: Doing action: CutTrailingBSFromAppDataDir Action ended 19:53:40: SetAPPDATALocation. Return value 1. MSI (s) (08:E0) [19:53:40:429]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA02F.tmp, Entrypoint: CutTrailingBSFromAppDataDir Action start 19:53:40: CutTrailingBSFromAppDataDir. MSI (s) (08!BC) [19:53:40:439]: PROPERTY CHANGE: Modifying MSMPAPPDATAFOLDERNOBS property. Its current value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\'. Its new value: 'C:\ProgramData\Microsoft\Microsoft Antimalware'. WIXFXCA: CutTrailingBSFromAppDataDir: INFO: begin. WIXFXCA: CutTrailingBSFromAppDataDir: INFO: end. MSI (s) (08:FC) [19:53:40:439]: Doing action: WriteRegistryValues Action ended 19:53:40: CutTrailingBSFromAppDataDir. Return value 1. Action start 19:53:40: WriteRegistryValues. MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreRegKeyProperty (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreRegKey (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreSignaturesProperty (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: RestoreSignatures (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: SetEDTValueProperty (condition is false) MSI (s) (08:FC) [19:53:40:459]: Skipping action: SetEDTValue (condition is false) MSI (s) (08:FC) [19:53:40:459]: Doing action: Rollback_RefreshShellFTA Action ended 19:53:40: WriteRegistryValues. Return value 1. Action start 19:53:40: Rollback_RefreshShellFTA. MSI (s) (08:FC) [19:53:40:459]: Doing action: RefreshShellFTA Action ended 19:53:40: Rollback_RefreshShellFTA. Return value 1. Action start 19:53:40: RefreshShellFTA. MSI (s) (08:FC) [19:53:40:459]: Doing action: ModifyClientAppLogLocation Action ended 19:53:40: RefreshShellFTA. Return value 1. Action start 19:53:40: ModifyClientAppLogLocation. MSI (s) (08:FC) [19:53:40:469]: Doing action: RegisterClientAppTraceSession Action ended 19:53:40: ModifyClientAppLogLocation. Return value 1. Action start 19:53:40: RegisterClientAppTraceSession. MSI (s) (08:FC) [19:53:40:469]: Doing action: InstallServices Action ended 19:53:40: RegisterClientAppTraceSession. Return value 1. Action start 19:53:40: InstallServices. MSI (s) (08:FC) [19:53:40:469]: Doing action: SetMpSchedServiceConfig Action ended 19:53:40: InstallServices. Return value 1. MSI (s) (08:FC) [19:53:40:469]: PROPERTY CHANGE: Adding MpSchedServiceConfig property. Its value is 'AntimalwareService|MsMpSvc|1|NisSrv|NisSrv|0'. Action start 19:53:40: SetMpSchedServiceConfig. MSI (s) (08:FC) [19:53:40:469]: Doing action: MpSchedServiceConfig Action ended 19:53:40: SetMpSchedServiceConfig. Return value 1. MSI (s) (08:70) [19:53:40:469]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA05F.tmp, Entrypoint: MpSchedServiceConfig MSI (s) (08!30) [19:53:40:539]: PROPERTY CHANGE: Adding MpExecServiceConfig property. Its value is 'MsMpSvc€1€NisSrv€0'. Action start 19:53:40: MpSchedServiceConfig. MSI (s) (08!30) [19:53:40:539]: Doing action: MpExecServiceConfig Action start 19:53:40: MpExecServiceConfig. Action ended 19:53:40: MpExecServiceConfig. Return value 1. MSI (s) (08:FC) [19:53:40:549]: Doing action: CollectErrorLogFilesProperty Action ended 19:53:40: MpSchedServiceConfig. Return value 1. MSI (s) (08:FC) [19:53:40:549]: PROPERTY CHANGE: Adding CollectErrorLogFiles property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Support\'. Action start 19:53:40: CollectErrorLogFilesProperty. MSI (s) (08:FC) [19:53:40:549]: Doing action: CollectErrorLogFiles Action ended 19:53:40: CollectErrorLogFilesProperty. Return value 1. Action start 19:53:40: CollectErrorLogFiles. MSI (s) (08:FC) [19:53:40:549]: Doing action: ConfigServiceHardeningProperty Action ended 19:53:40: CollectErrorLogFiles. Return value 1. MSI (s) (08:FC) [19:53:40:549]: PROPERTY CHANGE: Adding ConfigServiceHardening property. Its value is 'MsMpSvc;C:\Program Files\Microsoft Security Client\MsMpEng.exe'. Action start 19:53:40: ConfigServiceHardeningProperty. MSI (s) (08:FC) [19:53:40:549]: Doing action: ConfigServiceHardening Action ended 19:53:40: ConfigServiceHardeningProperty. Return value 1. Action start 19:53:40: ConfigServiceHardening. MSI (s) (08:FC) [19:53:40:549]: Doing action: EnableWDRollbackProperty Action ended 19:53:40: ConfigServiceHardening. Return value 1. MSI (s) (08:FC) [19:53:40:559]: PROPERTY CHANGE: Adding EnableWDRollback property. Its value is 'Microsoft Antimalware'. Action start 19:53:40: EnableWDRollbackProperty. MSI (s) (08:FC) [19:53:40:559]: Skipping action: DisableWDRollbackProperty (condition is false) MSI (s) (08:FC) [19:53:40:559]: Skipping action: EnableWDOnUninstallProperty (condition is false) MSI (s) (08:FC) [19:53:40:559]: Doing action: EnableWDRollback Action ended 19:53:40: EnableWDRollbackProperty. Return value 1. Action start 19:53:40: EnableWDRollback. MSI (s) (08:FC) [19:53:40:559]: Skipping action: DisableWDRollback (condition is false) MSI (s) (08:FC) [19:53:40:559]: Skipping action: EnableWDOnUninstall (condition is false) MSI (s) (08:FC) [19:53:40:559]: Doing action: FinalizeNisInstall_SetProperty Action ended 19:53:40: EnableWDRollback. Return value 1. MSI (s) (08:FC) [19:53:40:559]: PROPERTY CHANGE: Adding FinalizeNisInstall property. Its value is 'C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\'. Action start 19:53:40: FinalizeNisInstall_SetProperty. MSI (s) (08:FC) [19:53:40:559]: Doing action: FinalizeNisInstall Action ended 19:53:40: FinalizeNisInstall_SetProperty. Return value 1. Action start 19:53:40: FinalizeNisInstall. MSI (s) (08:FC) [19:53:40:559]: Doing action: StartServices Action ended 19:53:40: FinalizeNisInstall. Return value 1. Action start 19:53:40: StartServices. MSI (s) (08:FC) [19:53:40:559]: Doing action: ValidateServiceStartProperty Action ended 19:53:40: StartServices. Return value 1. MSI (s) (08:FC) [19:53:40:559]: PROPERTY CHANGE: Adding ValidateServiceStart property. Its value is 'C:\Program Files\Microsoft Security Client\'. Action start 19:53:40: ValidateServiceStartProperty. MSI (s) (08:FC) [19:53:40:559]: Doing action: ValidateServiceStart Action ended 19:53:40: ValidateServiceStartProperty. Return value 1. Action start 19:53:40: ValidateServiceStart. MSI (s) (08:FC) [19:53:40:569]: Doing action: RegisterUser Action ended 19:53:40: ValidateServiceStart. Return value 1. Action start 19:53:40: RegisterUser. MSI (s) (08:FC) [19:53:40:569]: Doing action: RegisterProduct Action ended 19:53:40: RegisterUser. Return value 1. Action start 19:53:40: RegisterProduct. MSI (s) (08:FC) [19:53:40:569]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'. MSI (s) (08:FC) [19:53:40:569]: Doing action: PublishComponents Action ended 19:53:40: RegisterProduct. Return value 1. MSI (s) (08:FC) [19:53:40:569]: Note: 1: 2205 2: 3: PublishComponent MSI (s) (08:FC) [19:53:40:569]: Note: 1: 2228 2: 3: PublishComponent 4: SELECT `PublishComponent`.`ComponentId`, `PublishComponent`.`Qualifier`, `PublishComponent`.`AppData`, `Feature`, `Component`.`ComponentId`, `Component`.`RuntimeFlags` FROM `PublishComponent`, `Component`, `Feature` WHERE `PublishComponent`.`Component_` = `Component`.`Component` AND `PublishComponent`.`Feature_` = `Feature`.`Feature` AND ((`Feature`.`Action` = 1 OR `Feature`.`Action` = 2) OR (`Feature`.`Action` = 4 AND `Feature`.`Installed` = 0) OR (`Feature`.`Action` = 3 AND (`Feature`.`Installed` = 1 OR `Feature`.`Installed` = 2 OR `Feature`.`Installed` = 4))) Action start 19:53:40: PublishComponents. MSI (s) (08:FC) [19:53:40:569]: Doing action: PublishFeatures Action ended 19:53:40: PublishComponents. Return value 0. Action start 19:53:40: PublishFeatures. MSI (s) (08:FC) [19:53:40:579]: Doing action: PublishProduct Action ended 19:53:40: PublishFeatures. Return value 1. Action start 19:53:40: PublishProduct. MSI (s) (08:FC) [19:53:40:579]: Doing action: InstallExecute Action ended 19:53:40: PublishProduct. Return value 1. MSI (s) (08:FC) [19:53:40:579]: Running Script: C:\Windows\Installer\MSI9FC1.tmp MSI (s) (08:FC) [19:53:40:579]: PROPERTY CHANGE: Adding UpdateStarted property. Its value is '1'. MSI (s) (08:FC) [19:53:40:579]: Machine policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (08:FC) [19:53:40:589]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1117167285,LangId=1033,Platform=589824,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,Scrip tAttributes=1) Action start 19:53:40: InstallExecute. MSI (s) (08:FC) [19:53:40:589]: Executing op: ProductInfo(ProductKey={D954C6C2-544B-4091-A47F-11E77162883E},ProductName=Microsoft Security Client,PackageName=epp.msi,Language=1033,Version=67240159,Assignment=1,ObsoleteArg=0,,,PackageCode={1E0A59F2-CF88-4EF2-A092-12DE0A8E6E5A},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3) MSI (s) (08:FC) [19:53:40:589]: Executing op: DialogInfo(Type=0,Argument=1033) MSI (s) (08:FC) [19:53:40:589]: Executing op: DialogInfo(Type=1,Argument=Microsoft Security Client) MSI (s) (08:FC) [19:53:40:589]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1]) MSI (s) (08:FC) [19:53:40:589]: Executing op: SetBaseline(Baseline=0,) MSI (s) (08:FC) [19:53:40:589]: Executing op: SetBaseline(Baseline=1,) |
29.04.2013, 22:43 | #12 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet MSI (s) (08:FC) [19:53:40:589]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,) MSI (s) (08:FC) [19:53:40:589]: Executing op: ProgressTotal(Total=4,Type=1,ByteEquivalent=24000) MSI (s) (08:FC) [19:53:40:589]: Executing op: UnregisterSharedComponentProvider(Component={221765E8-3548-56B2-9853-2916F57D8D95},ProductCode={D954C6C2-544B-4091-A47F-11E77162883E}) MSI (s) (08:FC) [19:53:40:589]: Executing op: ComponentUnregister(ComponentId={221765E8-3548-56B2-9853-2916F57D8D95},,BinaryType=1,PreviouslyPinned=1) MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: UNKNOWN\Components\8E56712284532B65893592615FD7D859 3: 2 MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: UNKNOWN\Components\8E56712284532B65893592615FD7D859 3: 2 MSI (s) (08:FC) [19:53:40:589]: Executing op: UnregisterSharedComponentProvider(Component={DD94F108-1943-561B-8FA5-513DEDBCA131},ProductCode={D954C6C2-544B-4091-A47F-11E77162883E}) MSI (s) (08:FC) [19:53:40:589]: Executing op: ComponentUnregister(ComponentId={DD94F108-1943-561B-8FA5-513DEDBCA131},,BinaryType=1,PreviouslyPinned=1) MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: UNKNOWN\Components\801F49DD3491B165F85A15D3DECB1A13 3: 2 MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: UNKNOWN\Components\801F49DD3491B165F85A15D3DECB1A13 3: 2 MSI (s) (08:FC) [19:53:40:589]: Executing op: UnregisterSharedComponentProvider(Component={09216FD4-83B3-4432-8CFC-204E6277DC7A},ProductCode={D954C6C2-544B-4091-A47F-11E77162883E}) MSI (s) (08:FC) [19:53:40:589]: Executing op: ComponentUnregister(ComponentId={09216FD4-83B3-4432-8CFC-204E6277DC7A},,BinaryType=1,PreviouslyPinned=1) MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: UNKNOWN\Components\4DF612903B382344C8CF02E42677CDA7 3: 2 MSI (s) (08:FC) [19:53:40:589]: Note: 1: 1402 2: UNKNOWN\Components\4DF612903B382344C8CF02E42677CDA7 3: 2 MSI (s) (08:FC) [19:53:40:589]: Executing op: UnregisterSharedComponentProvider(Component={79FD924C-BDDD-4917-9B30-5F6C7FE5B268},ProductCode={D954C6C2-544B-4091-A47F-11E77162883E}) MSI (s) (08:FC) [19:53:40:599]: Executing op: ComponentUnregister(ComponentId={79FD924C-BDDD-4917-9B30-5F6C7FE5B268},,BinaryType=1,PreviouslyPinned=1) MSI (s) (08:FC) [19:53:40:599]: Note: 1: 1402 2: UNKNOWN\Components\C429DF97DDDB7194B903F5C6F75E2B86 3: 2 MSI (s) (08:FC) [19:53:40:599]: Note: 1: 1402 2: UNKNOWN\Components\C429DF97DDDB7194B903F5C6F75E2B86 3: 2 MSI (s) (08:FC) [19:53:40:599]: Executing op: ProgressTotal(Total=527,Type=1,ByteEquivalent=24000) MSI (s) (08:FC) [19:53:40:599]: Executing op: ComponentRegister(ComponentId={8D9BBE90-49D1-461B-B1AC-1574B77FE8A9},KeyPath=C:\Program Files\Microsoft Security Client\MsMpCom.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:599]: Executing op: ComponentRegister(ComponentId={0D96A595-6EE4-4F3A-AAA8-99AD8F05E811},KeyPath=20:\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\LocalizedString,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:599]: Executing op: ComponentRegister(ComponentId={483D2F70-5A88-4FB0-AB04-9D612BD75C0C},KeyPath=20:\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\AppId,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:599]: Executing op: ComponentRegister(ComponentId={F222C5EC-791F-43BD-BB20-F02B42AF639C},KeyPath=C:\Program Files (x86)\Microsoft Security Client\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:599]: Executing op: ComponentRegister(ComponentId={49C09F70-1A2F-464B-B2B4-203FD0972250},KeyPath=C:\Program Files\Microsoft Security Client\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:609]: Executing op: ComponentRegister(ComponentId={A0D32510-86DE-4CE9-9C48-DF1CA94C43F2},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:609]: Executing op: ComponentRegister(ComponentId={CB1D4670-426F-4D2D-96B9-03BA2C1471DC},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\InstallLocation,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:609]: Executing op: ComponentRegister(ComponentId={FAA3ACF2-A8AC-4DF4-9938-8CE096E9123C},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\ProductAppDataPath,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:609]: Executing op: ComponentRegister(ComponentId={5E7367FF-6A65-4B94-B143-C9476BAA377D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:609]: Executing op: ComponentRegister(ComponentId={0FAF7A21-9F7C-47DD-8112-C22D80F1EE93},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:619]: Executing op: ComponentRegister(ComponentId={5F2EB68D-7B1E-45C2-8B73-BD84DAEE6230},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:619]: Executing op: ComponentRegister(ComponentId={D2DBD7DF-CBA2-4834-8626-E12F3B605C65},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\ServiceHardeningFlags,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:619]: Executing op: ComponentRegister(ComponentId={B8FC2473-0D35-46F0-8E2E-09DA802AC31C},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\ProductIcon,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:619]: Executing op: ComponentRegister(ComponentId={D28A926F-C11D-480F-B8C6-4074C9F6F9CF},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\ProductLocalizedName,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:629]: Executing op: ComponentRegister(ComponentId={EDCFEC3D-D41F-4581-886F-1EB56B744805},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\RemediationExe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:629]: Executing op: ComponentRegister(ComponentId={9CC8E4EF-EB63-4610-AE2D-6B61B29B3028},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\WATPath,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:629]: Executing op: ComponentRegister(ComponentId={D5460EB5-7E6C-4E52-BA6C-3BD54DFD8CF5},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates\SignatureCategoryID,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:629]: Executing op: ComponentRegister(ComponentId={14631E4E-DE14-4BB6-B6B4-E79E52F82790},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:629]: Executing op: ComponentRegister(ComponentId={81572173-86BB-4D8D-92AB-2658B3CB721F},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:639]: Executing op: ComponentRegister(ComponentId={1C0C0F2E-8651-411F-A100-1C0ED2FF41FC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:639]: Executing op: ComponentRegister(ComponentId={EB50DE67-E2DC-48F1-A851-6439A894FD1C},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Quarantine\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:639]: Executing op: ComponentRegister(ComponentId={C38AE09C-78A2-4E55-9D86-988586A3AC25},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Reporting\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:639]: Executing op: ComponentRegister(ComponentId={939F83A0-0713-4609-9A17-995C3BD07ADB},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:639]: Executing op: ComponentRegister(ComponentId={30ABD66B-BFC5-4AB2-A0E2-CA8C3E81418B},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:649]: Executing op: ComponentRegister(ComponentId={CB2B8904-C856-451D-819E-CEEFDB3DE496},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\SpyNetReportingLocation,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:649]: Executing op: ComponentRegister(ComponentId={E23399B6-7433-40CB-86E3-20C6616765B0},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:649]: Executing op: ComponentRegister(ComponentId={F6B3C28B-10FE-49EE-B229-44281BC0DBE4},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:649]: Executing op: ComponentRegister(ComponentId={2D9A6ECA-99E2-4C7C-A402-6214FBEC8FC3},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:649]: Executing op: ComponentRegister(ComponentId={36844642-8228-4F9C-878B-0FDDC9E8CDF0},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:659]: Executing op: ComponentRegister(ComponentId={F51C4056-C2F8-4C71-94F8-7952193E4B4B},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:659]: Executing op: ComponentRegister(ComponentId={B1D2AE89-1931-43E9-AD96-B854C74A29AC},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:659]: Executing op: ComponentRegister(ComponentId={FEEDE6B3-513E-4614-ABA5-DA339EBA9D43},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\TemporaryPaths\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:659]: Executing op: ComponentRegister(ComponentId={8F19A3AB-F8BA-4A7C-891D-7F5FBF183997},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:669]: Executing op: ComponentRegister(ComponentId={2FB290FE-897B-41DD-9804-91823BD8442E},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\UX Configuration\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:669]: Executing op: ComponentRegister(ComponentId={80C8E102-067E-4D19-9AD6-00955989E028},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Miscellaneous Configuration\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:669]: Executing op: ComponentRegister(ComponentId={268EC4FA-01F2-454D-877F-3CADF64863A6},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\MpEngine\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:669]: Executing op: ComponentRegister(ComponentId={71FC8AA4-16AC-599C-96B4-7823BD392403},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\PRODUCTICON,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:669]: Executing op: ComponentRegister(ComponentId={F30EAACF-5183-56B8-BE19-FD81DBEFAB4B},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\PRODUCTLOCALIZEDNAME,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:679]: Executing op: ComponentRegister(ComponentId={371D5DC8-DAEE-5665-AAFF-7785DBDEF4E1},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\REMEDIATIONEXE,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:679]: Executing op: ComponentRegister(ComponentId={8D97F17A-7900-5882-9AB2-56D657673A18},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\SIGNATURECATEGORYID,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:679]: Executing op: ComponentRegister(ComponentId={FB382B3B-F7C5-5BA9-BA8E-69F01365B53F},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\PRODUCT_SKU,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:679]: Executing op: ComponentRegister(ComponentId={8F81F3F6-8268-579D-88F8-5E6A48F23C88},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\INSTALLDIR,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:689]: Executing op: ComponentRegister(ComponentId={7DFDC768-ACD6-5EDF-9D63-4504B1B4BE43},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\WATCHECKDLL,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:689]: Executing op: ComponentRegister(ComponentId={CB560000-C2EA-5B00-97B8-DD4C0CF66099},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties\MARKET,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:689]: Executing op: ComponentRegister(ComponentId={E71BE30D-B2F6-5167-9085-8C163D9BA627},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:689]: Executing op: ComponentRegister(ComponentId={4AECD57D-42FC-5ED2-81D8-1F4129238F13},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:689]: Executing op: ComponentRegister(ComponentId={6DD4D1A9-18B2-436D-AFB0-9D781A3CE004},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\SKU Differentiation\{7A692DFC-A587-4230-B53B-6B8E867B3212},State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:699]: Executing op: ComponentRegister(ComponentId={96982407-1D2E-438B-988B-0855860EE8AE},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:699]: Executing op: ComponentRegister(ComponentId={A3D154EB-DA2C-4247-B312-7DA59735A0FD},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:699]: Executing op: ComponentRegister(ComponentId={28BD5F31-A178-4193-AD34-84BB3F440C71},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:699]: Executing op: ComponentRegister(ComponentId={32407BF5-55AF-42D6-B1E8-434C42C3B5E8},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:709]: Executing op: ComponentRegister(ComponentId={06926483-4D17-441E-A3DE-E4FE14654E87},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:709]: Executing op: ComponentRegister(ComponentId={5F3F1131-9E40-4F0F-AB6C-F2E427735D88},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:709]: Executing op: ComponentRegister(ComponentId={E5D94C66-C25D-4A74-9CE4-763681AAC750},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Support\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:709]: Executing op: ComponentRegister(ComponentId={AA517464-A451-4D2D-BF5B-D7716522301E},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:709]: Executing op: ComponentRegister(ComponentId={F44155F2-E8FD-4FEB-9AC5-CCED427AD5A6},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:719]: Executing op: ComponentRegister(ComponentId={6B9FDF15-3F3C-458F-AC9A-C8465C5F3BEC},KeyPath=C:\ProgramData\Microsoft\Microsoft Antimalware\Clean Store\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:719]: Executing op: ComponentRegister(ComponentId={813BDE78-7308-4438-ABC8-A59DBC8816CB},KeyPath=02:\SOFTWARE\Microsoft\Microsoft Antimalware\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:719]: Executing op: ComponentRegister(ComponentId={4EE2CB9C-29E5-451C-9C4B-7BBD74E4657B},KeyPath=02:\SOFTWARE\Microsoft\Microsoft Antimalware\InstallLocation,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:719]: Executing op: ComponentRegister(ComponentId={47FE7C9E-9186-41BC-97F9-9534E85481F4},KeyPath=C:\Program Files\Microsoft Security Client\mpevmsg.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:729]: Executing op: ComponentRegister(ComponentId={FE82257D-13EF-4817-B6B2-B596B6E35D03},KeyPath=C:\Program Files\Microsoft Security Client\en-US\mpevmsg.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:729]: Executing op: ComponentRegister(ComponentId={83C520B6-ADE7-4879-86AE-34A84A7ED30E},KeyPath=C:\Program Files\Microsoft Security Client\MpOAv.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:729]: Executing op: ComponentRegister(ComponentId={D7EF9BD9-051F-455E-8A62-0A4282168321},KeyPath=20:\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:729]: Executing op: ComponentRegister(ComponentId={BE38C82B-3CDA-4D9A-942E-0D75F8693CE5},KeyPath=20:\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts\shdocvw\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:729]: Executing op: ComponentRegister(ComponentId={EF3C18C7-FEC6-45E1-9A65-139AAC659F25},KeyPath=20:\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts\shdocvw\Enable,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:739]: Executing op: ComponentRegister(ComponentId={BF765496-FE25-4DDB-B5C0-90CA0E114458},KeyPath=20:\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts\urlmon\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:739]: Executing op: ComponentRegister(ComponentId={8C8981EC-C24C-4A37-B95F-2F4E26E5F1EF},KeyPath=20:\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts\urlmon\Enable,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:739]: Executing op: ComponentRegister(ComponentId={72AC0870-1392-4088-9E77-C0205D6344AF},KeyPath=20:\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Implemented Categories\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:739]: Executing op: ComponentRegister(ComponentId={A79EB544-F6F6-4543-B1A0-0AF171D25EB6},KeyPath=20:\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:749]: Executing op: ComponentRegister(ComponentId={66A8F465-A40E-4B18-A27B-B8DB599C374B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:749]: Executing op: ComponentRegister(ComponentId={1859C64F-4350-43BD-94B1-3879BBC7AABE},KeyPath=22:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus,State=3,,Disk=1,SharedDllRefCount=0,BinaryT ype=1) MSI (s) (08:FC) [19:53:40:749]: Executing op: ComponentRegister(ComponentId={1859C64F-4350-43BD-94B1-3879BBC7AABE},KeyPath=22:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus,State=3,ProductKey={00000000-0000-0000-0000-000000000000},Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:749]: Executing op: ComponentRegister(ComponentId={46F423FE-571C-4AF6-9B76-911345CC1FFC},KeyPath=C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:749]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0). MSI (s) (08:FC) [19:53:40:749]: Executing op: ComponentRegister(ComponentId={F1CFFE8C-A09F-492D-A26B-AE91312197E8},KeyPath=C:\Program Files (x86)\Microsoft Security Client\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:759]: Executing op: ComponentRegister(ComponentId={7166EE48-F20C-42C3-9D2A-8A7529EBF110},KeyPath=C:\Program Files (x86)\Microsoft Security Client\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:759]: Executing op: ComponentRegister(ComponentId={D6BD302E-E114-4B6B-94AF-E38811FCF800},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:759]: Executing op: ComponentRegister(ComponentId={4E111B49-F3F2-453F-8C5B-23F2C5707977},KeyPath=02:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus,State=3,,Disk=1,SharedDllRefCount=0,BinaryT ype=0) MSI (s) (08:FC) [19:53:40:759]: Executing op: ComponentRegister(ComponentId={4E111B49-F3F2-453F-8C5B-23F2C5707977},KeyPath=02:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus,State=3,ProductKey={00000000-0000-0000-0000-000000000000},Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:769]: Executing op: ComponentRegister(ComponentId={359A7134-8D4C-482B-AD3A-FC0C0B801DC6},KeyPath=C:\Program Files\Microsoft Security Client\DbgHelp.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:769]: Executing op: ComponentRegister(ComponentId={2ACF41BD-67CC-48DD-AD4F-60538E0880C2},KeyPath=C:\Program Files\Microsoft Security Client\SymSrv.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:769]: Executing op: ComponentRegister(ComponentId={D8EAFEA7-291C-4A2E-9740-902E5D430B03},KeyPath=C:\Program Files\Microsoft Security Client\SymSrv.yes,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:769]: Executing op: ComponentRegister(ComponentId={EDE2E602-F039-4C52-B72A-54B6991F6DC4},KeyPath=C:\Program Files\Microsoft Security Client\MpRTP.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:769]: Executing op: ComponentRegister(ComponentId={66134CAF-2389-4A6E-B07A-0CB8E3C802A3},KeyPath=22:\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MPSampleSubmission\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:779]: Executing op: ComponentRegister(ComponentId={C36CE143-DC63-4B21-AF4D-7B00B83E8FC7},KeyPath=22:\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MPSampleSubmission\EventMessageFile,State=3,,Disk=1,SharedDllRefCount =0,BinaryType=1) MSI (s) (08:FC) [19:53:40:779]: Executing op: ComponentRegister(ComponentId={EFA04A02-033D-4807-9B5A-F425089999E4},KeyPath=22:\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MPSampleSubmission\TypesSupported,State=3,,Disk=1,SharedDllRefCount=0 ,BinaryType=1) MSI (s) (08:FC) [19:53:40:779]: Executing op: ComponentRegister(ComponentId={F3A473FE-F208-4168-ADA7-BE726811769E},KeyPath=C:\Program Files\Microsoft Security Client\MsMpEng.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:779]: Executing op: ComponentRegister(ComponentId={91742B55-3A5E-4EC5-BAD7-49C02C108C5D},KeyPath=C:\Program Files\Microsoft Security Client\MpSvc.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:779]: Executing op: ComponentRegister(ComponentId={6AB21232-AF4E-4A74-9561-E493EA1FFA91},KeyPath=C:\Program Files\Microsoft Security Client\MpClient.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:789]: Executing op: ComponentRegister(ComponentId={71053C43-DF13-4066-AFF3-EE4054D5805A},KeyPath=C:\Program Files\Microsoft Security Client\MpCommu.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:789]: Executing op: ComponentRegister(ComponentId={0559B3CC-7BA1-4099-B65F-F1BE604E71AC},KeyPath=C:\Program Files\Microsoft Security Client\MpCmdRun.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:789]: Executing op: ComponentRegister(ComponentId={04231064-7B69-4C74-948D-A23A4B753ED1},KeyPath=C:\Program Files\Microsoft Security Client\MpAsDesc.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:789]: Executing op: ComponentRegister(ComponentId={72BB7D46-3517-4C6F-8E7B-D7C2BCF41F73},KeyPath=22:\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:799]: Executing op: ComponentRegister(ComponentId={C629AAA8-8671-49EA-B5BB-AFEB0DE06F00},KeyPath=22:\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:799]: Executing op: ComponentRegister(ComponentId={911E477E-ABCA-47F0-ACEC-EFFFBF6B5DA3},KeyPath=22:\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:799]: Executing op: ComponentRegister(ComponentId={B5C43D45-04CC-4EE0-A69F-875821BC45A7},KeyPath=22:\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:799]: Executing op: ComponentRegister(ComponentId={C4FA6833-840E-4AAA-AD6B-5E87E8BD6357},KeyPath=22:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:809]: Executing op: ComponentRegister(ComponentId={2CC64C9B-C9BC-4674-990A-CD15081A706F},KeyPath=22:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\EventMessageFile,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:809]: Executing op: ComponentRegister(ComponentId={1A39FB42-F59A-46B6-A04A-B5A1C09F6B27},KeyPath=22:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\ParameterMessageFile,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:809]: Executing op: ComponentRegister(ComponentId={F0F8761A-23F9-4006-91D3-E9003E8FB045},KeyPath=22:\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware\TypesSupported,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:809]: Executing op: ComponentRegister(ComponentId={09505AE9-6ADE-44E7-A04E-E4D2C2E04061},KeyPath=22:\SYSTEM\CurrentControlSet\Services\MsMpSvc\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:809]: Executing op: ComponentRegister(ComponentId={45AB6D4C-59F6-4FAB-B5AE-DB0C858D39A7},KeyPath=22:\SYSTEM\CurrentControlSet\Services\MsMpSvc\ServiceSidType,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:819]: Executing op: ComponentRegister(ComponentId={850EBAC0-CB99-44D7-A026-F12C2EAF8DEE},KeyPath=22:\SYSTEM\CurrentControlSet\Services\MsMpSvc\RequiredPrivileges,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:819]: Executing op: ComponentRegister(ComponentId={5BFE8FB8-A6D2-45AC-9430-354A3E266E86},KeyPath=C:\Program Files\Microsoft Security Client\en-US\MpAsDesc.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:819]: Executing op: ComponentRegister(ComponentId={BE4D21AA-CA4B-4B8B-90BF-FF38AE41E613},KeyPath=C:\Program Files (x86)\Microsoft Security Client\MpClient.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:819]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Microsoft Security Client\MpClient.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0). MSI (s) (08:FC) [19:53:40:819]: Executing op: ComponentRegister(ComponentId={6D44DD1D-DECD-4A2C-AC81-ECD580AE5FDC},KeyPath=C:\Program Files (x86)\Microsoft Security Client\MpAsDesc.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:819]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Microsoft Security Client\MpAsDesc.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0). MSI (s) (08:FC) [19:53:40:819]: Executing op: ComponentRegister(ComponentId={A8680EC6-90FE-42D6-BB3B-5C6B4B7FB909},KeyPath=C:\Program Files (x86)\Microsoft Security Client\MpCommu.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:829]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Microsoft Security Client\MpCommu.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0). MSI (s) (08:FC) [19:53:40:829]: Executing op: ComponentRegister(ComponentId={2AEBDD39-066E-43A4-B54A-0776E29D6B1A},KeyPath=C:\Program Files (x86)\Microsoft Security Client\en-US\MpAsDesc.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:829]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Microsoft Security Client\en-US\MpAsDesc.dll.mui' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0). MSI (s) (08:FC) [19:53:40:829]: Executing op: ComponentRegister(ComponentId={153AA63E-3BFD-495C-A35F-85F66650141D},KeyPath=C:\Program Files\Microsoft Security Client\Drivers\mpfilter\mpfilter.sys,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:829]: Executing op: ComponentRegister(ComponentId={5EE9A4D9-4D7B-4A84-B117-65004601365A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:829]: Executing op: ComponentRegister(ComponentId={7818F43C-0308-4505-B4AB-1818F8127CC2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:839]: Executing op: ComponentRegister(ComponentId={82A2366C-A3B2-48A8-9055-D922FBC8D3A3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:839]: Executing op: ComponentRegister(ComponentId={3CD1405A-9351-467C-9913-9CBC76675BBD},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:839]: Executing op: ComponentRegister(ComponentId={5C7AEF4A-9C41-4AC2-87D3-EA361A536884},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:839]: Executing op: ComponentRegister(ComponentId={7CE2242C-2D02-4B75-A806-2E8B94BFDA0B},KeyPath=C:\Program Files\Microsoft Security Client\MsMpLics.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:839]: Executing op: ComponentRegister(ComponentId={9CC8E4EF-EB63-4610-AE2D-6B61B29B3029},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware\Edt,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:849]: Executing op: ComponentRegister(ComponentId={C1653160-F59C-4830-82D8-9F6B9732D230},KeyPath=C:\Program Files (x86)\Microsoft Security Client\MsMpLics.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:849]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Microsoft Security Client\MsMpLics.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0). MSI (s) (08:FC) [19:53:40:849]: Executing op: ComponentRegister(ComponentId={6A468A0E-130E-414C-A569-A25FB5AACFB5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:849]: Executing op: ComponentRegister(ComponentId={70308B01-F5DC-490A-9492-8EB7EAB751E2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:849]: Executing op: ComponentRegister(ComponentId={D58F3DC2-E143-4CE6-920A-0EEA848FC339},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:849]: Executing op: ComponentRegister(ComponentId={5230129D-3B9E-49B2-997E-D558B1F72B14},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:859]: Executing op: ComponentRegister(ComponentId={A479ED90-0B39-4FDD-BB1C-3060CD6C8107},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:859]: Executing op: ComponentRegister(ComponentId={98EDF722-44CD-4ACA-B6ED-02A860B06C4F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:40:859]: Executing op: ComponentRegister(ComponentId={897CF724-1173-48A9-B03E-072658E87C4B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:859]: Executing op: ComponentRegister(ComponentId={4063D680-4F92-4F3A-9DA9-E9A32AAFA589},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:869]: Executing op: ComponentRegister(ComponentId={B0522ED9-A644-4DC7-A64C-339D4A7E4803},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:869]: Executing op: ComponentRegister(ComponentId={8A98A888-A6A9-451A-9E1B-9E1BE899F60A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:869]: Executing op: ComponentRegister(ComponentId={F785C4FD-1B11-4F1E-8D83-ACCF6D9F19D9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:869]: Executing op: ComponentRegister(ComponentId={805F0B56-E67D-44F0-9A3C-D04349BEA181},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:869]: Executing op: ComponentRegister(ComponentId={617F2827-EB33-49F4-AD38-D7F71BA009F7},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:879]: Executing op: ComponentRegister(ComponentId={C661F5C3-F9F7-45B6-B321-35B16C01827D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:879]: Executing op: ComponentRegister(ComponentId={8334B3B5-E959-42D3-B91C-794CAE3C82A2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:879]: Executing op: ComponentRegister(ComponentId={15938DDF-A0D9-4C17-86E9-6BEC3AE95C4E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:879]: Executing op: ComponentRegister(ComponentId={A69A66EE-3010-4D6A-B382-B2EB762FBBBA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:889]: Executing op: ComponentRegister(ComponentId={438F2320-2625-4FB9-9419-2996F6D17E7F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:889]: Executing op: ComponentRegister(ComponentId={E4A6AC70-4B58-49E3-8EF2-224042316208},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:889]: Executing op: ComponentRegister(ComponentId={31773036-0DF0-4E9E-8794-739AF85848FF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:889]: Executing op: ComponentRegister(ComponentId={72600F36-C93B-4C85-890F-BF369BDB7F50},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:889]: Executing op: ComponentRegister(ComponentId={50554BEB-99C1-48A2-B9F2-6A1CFE112FD2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:899]: Executing op: ComponentRegister(ComponentId={FB666800-A8A6-4C63-9D8E-100B54D98F71},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:899]: Executing op: ComponentRegister(ComponentId={61970A00-D3A2-4C70-B71D-F4D3C276EB80},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:899]: Executing op: ComponentRegister(ComponentId={8A58D4B5-AEA6-4A0E-AC21-BEC856796CD0},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:899]: Executing op: ComponentRegister(ComponentId={BE84DF1E-767B-4C43-BEDF-A8EFBCFAB6BE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:909]: Executing op: ComponentRegister(ComponentId={64DB9E71-B137-43D4-A9B7-41F80C346473},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:909]: Executing op: ComponentRegister(ComponentId={48806EE0-2846-4A01-A9A8-6CE01B2F7CF1},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:909]: Executing op: ComponentRegister(ComponentId={22C87224-26E5-4745-840F-AFA1AA0B8388},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:909]: Executing op: ComponentRegister(ComponentId={C833F700-AF1A-413B-BBD2-44E3EA3C5807},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:909]: Executing op: ComponentRegister(ComponentId={E27FF510-9931-4B31-AAAB-709C9854A365},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:919]: Executing op: ComponentRegister(ComponentId={A5906C3F-7BC5-487B-84BE-0B3C9E5EB3C2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:919]: Executing op: ComponentRegister(ComponentId={9D220640-15C0-4AAF-82EF-123A777E6870},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:919]: Executing op: ComponentRegister(ComponentId={37F0D397-8338-4AB8-BAE5-6400C4EA1CB9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:919]: Executing op: ComponentRegister(ComponentId={45F1608D-0A25-48E7-89B2-B484167A43B6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:919]: Executing op: ComponentRegister(ComponentId={8787AEB8-DA17-4824-8F35-3D12C07A7DEE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:929]: Executing op: ComponentRegister(ComponentId={8FB83586-F138-44E7-8813-0D5C65C608B0},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:929]: Executing op: ComponentRegister(ComponentId={FB40FA17-0169-4821-BEA5-CCCC2A944C44},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:929]: Executing op: ComponentRegister(ComponentId={64CE1B42-E6CE-445D-A599-9081B0C2A2A9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:929]: Executing op: ComponentRegister(ComponentId={B5722313-81A5-448D-A9CA-D3B2502AE346},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:929]: Executing op: ComponentRegister(ComponentId={95DDC183-2613-462E-9EA1-7B72E3AE6A8E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:939]: Executing op: ComponentRegister(ComponentId={C835B9E8-8E42-4D26-B027-4D86AD8CAD5D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:939]: Executing op: ComponentRegister(ComponentId={F9026EB0-1EC8-463C-AF98-0FEA127FE753},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:939]: Executing op: ComponentRegister(ComponentId={72D16EEA-5C04-4E2C-87A1-07132820DFA8},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:939]: Executing op: ComponentRegister(ComponentId={D2A1CD70-E4A9-4C84-9807-CB22B30A5528},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:949]: Executing op: ComponentRegister(ComponentId={0A787EE4-CE0F-4E0E-A4A2-21D02521BA76},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:949]: Executing op: ComponentRegister(ComponentId={47058509-8FF3-4249-A45A-31D8F7D90CBC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:949]: Executing op: ComponentRegister(ComponentId={68A290C2-85ED-40D0-91FD-23383825F3C2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:949]: Executing op: ComponentRegister(ComponentId={B9F960E2-9232-424A-8D1C-72B1B0DDFB61},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:949]: Executing op: ComponentRegister(ComponentId={8555FB68-955F-4F42-97A6-2BC084141515},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:959]: Executing op: ComponentRegister(ComponentId={5B5BD97B-5443-4C3C-842B-BCAFB54847B2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:959]: Executing op: ComponentRegister(ComponentId={C4BA3E8D-8EBA-4494-93FA-F6D61CC81C20},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:959]: Executing op: ComponentRegister(ComponentId={63447806-B06D-4934-AD48-9A1C4154DD9C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:959]: Executing op: ComponentRegister(ComponentId={B01E602C-4608-4DF4-AA9C-BB0E6BF40B90},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:959]: Executing op: ComponentRegister(ComponentId={645F7CE1-B391-49FA-A6EF-CC415D1FE56F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:969]: Executing op: ComponentRegister(ComponentId={2711FB02-5D4C-4F53-8731-1273CEB53022},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:969]: Executing op: ComponentRegister(ComponentId={56ADB2C6-9DCD-46E3-BA1D-A8FFF2B8F9A5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:969]: Executing op: ComponentRegister(ComponentId={C3E21E95-BD72-42EA-B8BB-7293F9CCB2FF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:969]: Executing op: ComponentRegister(ComponentId={BB255C59-54E9-46EF-AFFE-AE6D125B6B42},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:979]: Executing op: ComponentRegister(ComponentId={D79025A9-DD75-4A4E-A150-649D71323E4A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:979]: Executing op: ComponentRegister(ComponentId={F2158609-9049-4F9C-B607-B55F088EAAA6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:979]: Executing op: ComponentRegister(ComponentId={39B1D8B9-8877-4F0A-8EF4-1B39B1B9BFA3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:979]: Executing op: ComponentRegister(ComponentId={1A7F43C5-1DFB-4B65-B62F-CC86393D3812},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:979]: Executing op: ComponentRegister(ComponentId={A3D61F51-D036-4B67-A513-BA902CC35D78},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:989]: Executing op: ComponentRegister(ComponentId={C8C9B1C9-3EC6-45A7-B185-28C4E5262636},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:989]: Executing op: ComponentRegister(ComponentId={9921A79D-077A-4992-88C2-614821EC1C8E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:989]: Executing op: ComponentRegister(ComponentId={D51D9CE3-A161-4B10-946F-840339C58F53},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:989]: Executing op: ComponentRegister(ComponentId={43E9292E-4968-426A-B834-DA5CF39E4A68},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:999]: Executing op: ComponentRegister(ComponentId={438CF612-F3D7-4509-B025-E12CB7DA4116},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:999]: Executing op: ComponentRegister(ComponentId={22A1CA4D-F5FE-45D9-BF86-41DBAE9D2711},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:999]: Executing op: ComponentRegister(ComponentId={00298AD4-8F04-4D89-B115-3C7567372112},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:999]: Executing op: ComponentRegister(ComponentId={2FA9F684-DA99-4964-89CD-DBC054EBA2B6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:40:999]: Executing op: ComponentRegister(ComponentId={7C32C33E-41E7-4867-949E-85C2B039E57C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:009]: Executing op: ComponentRegister(ComponentId={F3A88E33-2E08-4A4D-97A2-E6398204E0C9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:009]: Executing op: ComponentRegister(ComponentId={5976CEFE-D52E-5798-AE4D-2C50BEB5CE24},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:009]: Executing op: ComponentRegister(ComponentId={F9D61D90-B2FE-593D-B91A-A289F25F8780},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:009]: Executing op: ComponentRegister(ComponentId={03FBE17E-D1A7-574F-AB96-88EA19D64CBF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:009]: Executing op: ComponentRegister(ComponentId={405E36FE-9C18-5714-8EAC-BCBD238D1850},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:019]: Executing op: ComponentRegister(ComponentId={0704E65E-461B-503D-A9BB-361B8A813CFA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:019]: Executing op: ComponentRegister(ComponentId={803AE3D3-8352-5F78-A765-A7F642006E7A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:019]: Executing op: ComponentRegister(ComponentId={D40F3CA5-01BC-5EF2-9678-07C2BCCCCB66},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:019]: Executing op: ComponentRegister(ComponentId={C8D434B6-A326-5E84-BAEE-77CE480E08DA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:029]: Executing op: ComponentRegister(ComponentId={745F050C-9A61-55B4-91CB-6AC52B428271},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:029]: Executing op: ComponentRegister(ComponentId={4964F4F6-19AC-52B4-A3C0-9BCA26469636},KeyPath=C:\Program Files\Microsoft Security Client\DE-DE\MpEvMsg.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:029]: Executing op: ComponentRegister(ComponentId={DD76699D-3FA9-5854-A331-3B2F5ABD87B0},KeyPath=C:\Program Files\Microsoft Security Client\DE-DE\MpAsDesc.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:029]: Executing op: ComponentRegister(ComponentId={DC77DE2D-9A0A-5FA4-B219-954C376B0430},KeyPath=C:\Program Files (x86)\Microsoft Security Client\DE-DE\MpAsDesc.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:029]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Microsoft Security Client\DE-DE\MpAsDesc.dll.mui' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0). MSI (s) (08:FC) [19:53:41:029]: Executing op: ComponentRegister(ComponentId={BB51B60D-EF42-5D2D-81D8-B4F51230E493},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:039]: Executing op: ComponentRegister(ComponentId={3D6143C2-9299-5D3F-B86A-03ABCD3246E1},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:039]: Executing op: ComponentRegister(ComponentId={FD279F29-714F-59EA-A6E5-3D35B6F58340},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:039]: Executing op: ComponentRegister(ComponentId={2A07F580-24DD-58D8-9BB9-A1CE50D44C7D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:039]: Executing op: ComponentRegister(ComponentId={0F7A60EB-3C83-599A-939E-DE191FBE68E8},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:049]: Executing op: ComponentRegister(ComponentId={CE19D405-7985-5853-A41D-94290E186448},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:049]: Executing op: ComponentRegister(ComponentId={C0D1ED5F-622A-5669-9616-BE03C0A6C601},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:049]: Executing op: ComponentRegister(ComponentId={D583BE95-5656-5857-803C-7EB251ECBAF7},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:049]: Executing op: ComponentRegister(ComponentId={E9B22FEB-FEA1-5300-8C77-BE28573B24E5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:049]: Executing op: ComponentRegister(ComponentId={F0D51161-F672-5529-B806-22F1EED59D9E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:059]: Executing op: ComponentRegister(ComponentId={78E86265-A53A-5815-ACB1-B6775742029E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:059]: Executing op: ComponentRegister(ComponentId={1EB0F542-EBA5-5115-A010-4A23BAD74C70},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:059]: Executing op: ComponentRegister(ComponentId={B006E3A3-3D53-5524-B1BB-2FE0AC50835C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:059]: Executing op: ComponentRegister(ComponentId={75C0D585-49E4-5113-91A0-5370907E6DB2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:059]: Executing op: ComponentRegister(ComponentId={48502043-37F6-5A95-B418-3AC991F5C9F6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:069]: Executing op: ComponentRegister(ComponentId={78154213-9DAD-5041-BD2A-A2DB3A0B1314},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:069]: Executing op: ComponentRegister(ComponentId={196CBE95-E764-5DA9-8ABF-E21BA8395781},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:069]: Executing op: ComponentRegister(ComponentId={623285E5-20B9-55ED-BE1F-A3DA6B743974},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:069]: Executing op: ComponentRegister(ComponentId={62B763AC-1645-5C5B-B0BE-4F21367B25F7},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:069]: Executing op: ComponentRegister(ComponentId={02BBE8F7-7636-53C7-9C50-72E810890DB6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:079]: Executing op: ComponentRegister(ComponentId={E5494085-95B3-59B2-BEBA-592A7F491249},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:079]: Executing op: ComponentRegister(ComponentId={B04592F4-D014-50A2-8F7F-DD1450075934},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:079]: Executing op: ComponentRegister(ComponentId={975DD205-523F-5814-90BE-BB596699ABB1},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:079]: Executing op: ComponentRegister(ComponentId={3B796909-C64F-551C-B855-5D81CA6E94B6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:089]: Executing op: ComponentRegister(ComponentId={7D0F4AFA-4D23-5F94-8BBC-D288F56A3745},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:089]: Executing op: ComponentRegister(ComponentId={08F02D58-8392-54AB-8D48-DC17FCE58915},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:089]: Executing op: ComponentRegister(ComponentId={2459348B-DFBD-5226-AAA0-56F6E2912E97},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:089]: Executing op: ComponentRegister(ComponentId={159617B1-1C61-52E1-B6D3-22AC28624505},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:089]: Executing op: ComponentRegister(ComponentId={378A1C63-DC12-5457-B3FA-81697C5BF844},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:099]: Executing op: ComponentRegister(ComponentId={C5A6A94D-C4BE-5893-B8FD-5F0364B6BC26},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:099]: Executing op: ComponentRegister(ComponentId={CD4FF5CC-8173-5041-9042-7812C6168777},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:099]: Executing op: ComponentRegister(ComponentId={5FBD3511-6311-591F-853C-7FCAD5B5071D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:099]: Executing op: ComponentRegister(ComponentId={4C67FE4F-E729-5A33-BCED-51B92BAC3D80},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:099]: Executing op: ComponentRegister(ComponentId={AD300E0F-BB13-5BE6-95DF-256DC6947925},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:109]: Executing op: ComponentRegister(ComponentId={D7C1AAEF-82BD-5056-A532-42730C1FDE5F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:109]: Executing op: ComponentRegister(ComponentId={1DE2D1F9-9A24-55FF-8930-603940B54522},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:109]: Executing op: ComponentRegister(ComponentId={B0D95186-BF9C-5CB7-AF1D-F144BF7A9137},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:109]: Executing op: ComponentRegister(ComponentId={2DD28579-0EA9-5D10-8B66-67E2B7F9F568},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:109]: Executing op: ComponentRegister(ComponentId={2FF9DCFF-E4BA-55B3-8B53-5E2EFB6C6F3C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:119]: Executing op: ComponentRegister(ComponentId={DF4C68EC-51FC-5188-9805-F94B38DAEDC3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:119]: Executing op: ComponentRegister(ComponentId={6653051F-21C5-5B52-94CA-B084A4B8C8EF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:119]: Executing op: ComponentRegister(ComponentId={4EB3D113-B920-5AD6-AE90-75CE9F87D491},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:119]: Executing op: ComponentRegister(ComponentId={26851806-4555-5A90-BE7B-32F7F95149E2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:119]: Executing op: ComponentRegister(ComponentId={302465B8-2027-5EFF-B02A-2F50D09A9578},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:129]: Executing op: ComponentRegister(ComponentId={EB021D8E-F976-5075-8C54-765B2BFB00C7},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:129]: Executing op: ComponentRegister(ComponentId={53115AC0-2A08-5E3A-A802-8286C6038E46},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:129]: Executing op: ComponentRegister(ComponentId={01E195C9-8D84-55A9-92FB-21EE9B3CD303},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:129]: Executing op: ComponentRegister(ComponentId={9AA6BA31-8652-5E71-9AC7-EF4D05EFCF66},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:129]: Executing op: ComponentRegister(ComponentId={6CC9BFE3-E90D-5C6E-97EB-477C10AE2ED7},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:139]: Executing op: ComponentRegister(ComponentId={336B0A7D-387E-5B83-89DF-A1C0D570BE61},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:139]: Executing op: ComponentRegister(ComponentId={B8C13148-7B36-580A-A824-4F3DA1B54710},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:139]: Executing op: ComponentRegister(ComponentId={FCFFAE42-0526-59B4-8598-03E105EC10EB},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:139]: Executing op: ComponentRegister(ComponentId={508BCFD2-EA59-532E-84F3-F54E95DDBD69},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:139]: Executing op: ComponentRegister(ComponentId={969540CB-C222-5F18-9BC3-451294A037A1},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:149]: Executing op: ComponentRegister(ComponentId={A7B0D30E-ABE7-5F24-8A3B-E514FE2F3DC3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:149]: Executing op: ComponentRegister(ComponentId={215DAB6C-7A26-51CE-A03C-363346087878},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:149]: Executing op: ComponentRegister(ComponentId={25A4F854-5FD3-5F9B-B781-A8D62CF3C7C5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:149]: Executing op: ComponentRegister(ComponentId={CC5A377F-AD05-5305-A4D8-8EBD561AFCDC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:149]: Executing op: ComponentRegister(ComponentId={7C291601-23EB-561C-BDF2-BE0DE616D2B8},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:159]: Executing op: ComponentRegister(ComponentId={6B5B282C-FDCB-57E7-A399-E80F90BCDEF8},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:159]: Executing op: ComponentRegister(ComponentId={A75AD1FD-838A-56A9-ACC7-15F29381C11A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:159]: Executing op: ComponentRegister(ComponentId={FE1084A5-5050-56E6-AA9F-2011F9047F88},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:159]: Executing op: ComponentRegister(ComponentId={1B93207E-51F9-5B8C-838B-6333426C7E3D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:159]: Executing op: ComponentRegister(ComponentId={9135695A-B5AD-5BEE-8662-E901B0CE1FD1},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:169]: Executing op: ComponentRegister(ComponentId={782D18FD-B8B0-5BB2-80DE-69B6D2356B9D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:169]: Executing op: ComponentRegister(ComponentId={2EA60310-16F6-5924-8BF0-8ABD2B667462},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:169]: Executing op: ComponentRegister(ComponentId={56BBE3EA-91BC-5138-ACD4-C78588C30619},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:169]: Executing op: ComponentRegister(ComponentId={4A06AAEB-B585-5F3D-82BD-0B71FB0FCD34},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:179]: Executing op: ComponentRegister(ComponentId={B7E68431-A5F6-5745-BED4-358CE45CE3F2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:179]: Executing op: ComponentRegister(ComponentId={073E63B4-B29F-5188-9D42-078EE839A9F6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:179]: Executing op: ComponentRegister(ComponentId={BE08810D-C261-53A3-9667-C3CB0BFA0D73},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:179]: Executing op: ComponentRegister(ComponentId={81E9F7EE-9495-56D7-B101-399A1D78AC00},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:179]: Executing op: ComponentRegister(ComponentId={BAF5D941-BD22-5AFF-9179-A8832D336749},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:189]: Executing op: ComponentRegister(ComponentId={11E9DE6D-1EF3-5BBF-A561-7DDE25E12156},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:189]: Executing op: ComponentRegister(ComponentId={7520A149-620E-57D7-A14E-4D8D2020C61A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:189]: Executing op: ComponentRegister(ComponentId={E2F44D07-D2D8-523A-8358-5D3932B0D05F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:189]: Executing op: ComponentRegister(ComponentId={8E638959-38E7-5665-98D0-174AD05F25EC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:199]: Executing op: ComponentRegister(ComponentId={BF56CD10-722F-5D9D-826C-6846089D2190},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:199]: Executing op: ComponentRegister(ComponentId={0ADE6552-DA04-5E6F-9F9B-C24268276A25},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:199]: Executing op: ComponentRegister(ComponentId={39A308C3-1558-5E8E-BE32-0C04AA43C984},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:199]: Executing op: ComponentRegister(ComponentId={F6CBA4F0-3B5E-56B6-8A2D-C37031F31031},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:199]: Executing op: ComponentRegister(ComponentId={D123C719-89DF-566E-889D-C4222C1C397C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:209]: Executing op: ComponentRegister(ComponentId={191A247A-CDBF-59C9-9E50-A7B20A133CDA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:209]: Executing op: ComponentRegister(ComponentId={7C59CF99-620E-55B2-974D-561E7B4ACE1E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:209]: Executing op: ComponentRegister(ComponentId={43D43486-26A9-5771-8CA6-23D4D5EB761C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:209]: Executing op: ComponentRegister(ComponentId={10F823FA-3982-5524-BFE1-A3077443307D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:209]: Executing op: ComponentRegister(ComponentId={677342A5-D005-585C-BEDA-C273F7B39E6F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:219]: Executing op: ComponentRegister(ComponentId={A272A589-EEF3-57AE-8C66-B93C5B482407},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:219]: Executing op: ComponentRegister(ComponentId={DE54A363-DD85-520D-B2C1-6EE67C0FC096},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:219]: Executing op: ComponentRegister(ComponentId={44C4FB6C-7D20-5E99-A469-8F21851A15B4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:219]: Executing op: ComponentRegister(ComponentId={5C5D7D5D-1639-4FDB-B59E-BED2F3535193},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:219]: Executing op: ComponentRegister(ComponentId={435CBDD3-B3A8-4357-9FE5-A7D5336672B3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:229]: Executing op: ComponentRegister(ComponentId={7D7AF5AC-3739-4C88-9F08-38ECEE46325B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:229]: Executing op: ComponentRegister(ComponentId={566896EC-BB67-47E9-8A51-69BEAE24AF55},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:229]: Executing op: ComponentRegister(ComponentId={51B0677D-1256-4EF6-8410-B7EEFF986728},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:229]: Executing op: ComponentRegister(ComponentId={312C4EE1-BEAE-4498-AD54-43F9A91CC139},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:239]: Executing op: ComponentRegister(ComponentId={60766C26-7742-40A3-BA9D-CB1913A5A915},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:239]: Executing op: ComponentRegister(ComponentId={038DE9D7-AEDC-4F41-88B5-DD8DB2721D36},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:239]: Executing op: ComponentRegister(ComponentId={075A513A-F20A-487C-BA46-24C99D5B365F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:239]: Executing op: ComponentRegister(ComponentId={18ABE079-1FF3-4207-ABF7-11574B93F473},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:239]: Executing op: ComponentRegister(ComponentId={0706F879-3D60-4168-93C1-90289FAF5BEE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:239]: Executing op: ComponentRegister(ComponentId={310BE85C-675C-4C92-8926-6CB235090563},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:249]: Executing op: ComponentRegister(ComponentId={C7DCFF94-650F-4FC7-A72B-B8E9AEE569BE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:249]: Executing op: ComponentRegister(ComponentId={EA5D458B-D437-4156-9DBC-93B6E86C4181},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:249]: Executing op: ComponentRegister(ComponentId={CF937EA6-7102-474C-AE5D-D3EA7A39CC88},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:249]: Executing op: ComponentRegister(ComponentId={32B462B2-860E-406C-8149-A0330ED64108},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:259]: Executing op: ComponentRegister(ComponentId={B0623572-31D0-4E0F-A2E3-B214E9EF14B2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:259]: Executing op: ComponentRegister(ComponentId={9B63CF01-245C-4C04-AE26-73B3E6B985B4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:259]: Executing op: ComponentRegister(ComponentId={C540B690-D678-4FD6-AD32-1CA819B892BE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:259]: Executing op: ComponentRegister(ComponentId={F43647B0-2F50-4BC8-8150-4908F9944F3C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:259]: Executing op: ComponentRegister(ComponentId={9D9C0739-4BD8-4BBA-91CB-E3EF7C1D8F57},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:269]: Executing op: ComponentRegister(ComponentId={FC2B9AF5-0F6E-441B-A8E8-2A01B4097654},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:269]: Executing op: ComponentRegister(ComponentId={26D84B3E-CFF6-4A7D-8F82-4F991ACB6C0D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:269]: Executing op: ComponentRegister(ComponentId={285AE7B4-460B-49AA-82EA-F4746B7CAE69},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:269]: Executing op: ComponentRegister(ComponentId={9D32B933-21EF-460A-81C1-D71B33B168DE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:269]: Executing op: ComponentRegister(ComponentId={E2735E08-4997-462B-A077-85C15FB840C3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:279]: Executing op: ComponentRegister(ComponentId={7045EE71-A154-4E21-B1C0-4D3DAB3598EB},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:279]: Executing op: ComponentRegister(ComponentId={A3C7667A-EEA8-4BF4-B02A-6FCCC74B84F7},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:279]: Executing op: ComponentRegister(ComponentId={46F3D4C3-919D-4408-9E08-F181A458D262},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:279]: Executing op: ComponentRegister(ComponentId={C723403D-DF3F-4F80-A63C-3D6AF5DCA400},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:279]: Executing op: ComponentRegister(ComponentId={4F2DF681-2278-43F5-916E-C151B87E4D17},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:289]: Executing op: ComponentRegister(ComponentId={3B5E5CDB-5C55-4D18-BAED-4FCDDAAED210},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:289]: Executing op: ComponentRegister(ComponentId={CE251964-761E-405A-92DF-9E87B122DCD8},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:289]: Executing op: ComponentRegister(ComponentId={EDD89E4A-61A2-4375-98AD-2CD4549EBAD4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0) MSI (s) (08:FC) [19:53:41:289]: Executing op: ComponentRegister(ComponentId={D76DBE08-49F6-4B88-BC37-F8B0B86C8CB0},KeyPath=C:\Program Files\Microsoft Security Client\NisSrv.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:289]: Executing op: ComponentRegister(ComponentId={4827F5C7-1438-4349-8583-EFB5AF8D98CE},KeyPath=22:\SYSTEM\CurrentControlSet\Services\NisSrv\Parameters\ServiceID,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:299]: Executing op: ComponentRegister(ComponentId={CABA715A-85D1-4455-BED7-3DA6C68E9894},KeyPath=C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:299]: Executing op: ComponentRegister(ComponentId={42F97486-BEA7-4999-A861-F4309574888F},KeyPath=C:\Program Files\Microsoft Security Client\NisWFP.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:299]: Executing op: ComponentRegister(ComponentId={FE04FE21-BA8A-48AF-97E6-9164CE87B148},KeyPath=C:\Program Files\Microsoft Security Client\NisLog.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:299]: Executing op: ComponentRegister(ComponentId={CB6676EE-5286-4803-900F-8E0878CF6D27},KeyPath=C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:299]: Executing op: ComponentRegister(ComponentId={57F72154-059B-46BB-BE22-084ACD8E2BE6},KeyPath=C:\Program Files\Microsoft Security Client\msseces.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:309]: Executing op: ComponentRegister(ComponentId={8D515D2F-7204-4748-B2F3-10EAA80EC09D},KeyPath=C:\Program Files\Microsoft Security Client\shellext.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:309]: Executing op: ComponentRegister(ComponentId={83F0ABD9-5BB2-481B-BF4A-6601B4F41F80},KeyPath=C:\Program Files\Microsoft Security Client\MsMpRes.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:309]: Executing op: ComponentRegister(ComponentId={15C87C80-7A31-4577-8D30-E0BD37CEF171},KeyPath=C:\Program Files\Microsoft Security Client\MsseWat.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:309]: Executing op: ComponentRegister(ComponentId={E18F475A-8176-4ECE-8063-5DC4559786C0},KeyPath=C:\Program Files\Microsoft Security Client\en-us\MsMpRes.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:309]: Executing op: ComponentRegister(ComponentId={CBC44015-A6B1-41AF-8349-6977C9208250},KeyPath=C:\Program Files\Microsoft Security Client\en-us\shellext.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:319]: Executing op: ComponentRegister(ComponentId={2F38E7E5-44D4-4B54-A2D8-9B924EDB17A1},KeyPath=22:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSC,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:319]: Executing op: ComponentRegister(ComponentId={3486BD8B-999B-4EE8-A6FB-231B35CB15D7},KeyPath=C:\Program Files\Microsoft Security Client\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:319]: Executing op: ComponentRegister(ComponentId={4B326737-8A1C-4D08-9017-A504ADC5CFE4},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\ClockType,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:319]: Executing op: ComponentRegister(ComponentId={5247A613-E871-41B1-903E-B3893B49B234},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\FileName,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:329]: Executing op: ComponentRegister(ComponentId={07326A90-83B7-4E5F-A419-AA03F18271DD},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\FlushTimer,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:329]: Executing op: ComponentRegister(ComponentId={899F8E52-36D7-4EDD-84C8-7344471118C4},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\Guid,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:329]: Executing op: ComponentRegister(ComponentId={DA5037FD-544D-40D5-BD79-96F0AD8BD31F},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\LogFileMode,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:329]: Executing op: ComponentRegister(ComponentId={4F30A0E8-7F56-4066-9037-F5F439EE292F},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\MaxFileSize,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:329]: Executing op: ComponentRegister(ComponentId={5C6B898D-A955-49AE-9D68-8B61F20F4A05},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\Start,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:339]: Executing op: ComponentRegister(ComponentId={C7D6B148-E2C3-4BA7-B209-7A95C5EEA156},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\Status,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:339]: Executing op: ComponentRegister(ComponentId={2F7E02AC-B6EB-47A2-B177-E2703D56B6F9},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\{a1488156-5391-4f34-9214-105e4335f3a4}\Enabled,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:339]: Executing op: ComponentRegister(ComponentId={8BB9AD87-BAD3-4773-8856-32E9F0966C51},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\{a1488156-5391-4f34-9214-105e4335f3a4}\EnableFlags,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:339]: Executing op: ComponentRegister(ComponentId={0F352085-BF78-490D-B63B-73A9ABEFF48A},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\{a1488156-5391-4f34-9214-105e4335f3a4}\EnableLevel,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:339]: Executing op: ComponentRegister(ComponentId={48BA1937-1234-4D1F-94CD-8F321D0DBD7F},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\{a1488156-5391-4f34-9214-105e4335f3a4}\Status,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:349]: Executing op: ComponentRegister(ComponentId={3044A43C-26A2-4E4F-96E4-C177AB6734F8},KeyPath=20:\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:349]: Executing op: ComponentRegister(ComponentId={3D336FDF-65FC-4C80-B808-61B93357EE15},KeyPath=20:\*\shellex\ContextMenuHandlers\EPP\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:349]: Executing op: ComponentRegister(ComponentId={52487A48-169D-4DC3-AEDA-40C05007589D},KeyPath=20:\Directory\shellex\ContextMenuHandlers\EPP\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:349]: Executing op: ComponentRegister(ComponentId={5C69C568-3096-407E-A282-7224318086E6},KeyPath=20:\Drive\shellex\ContextMenuHandlers\EPP\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:359]: Executing op: ComponentRegister(ComponentId={C97EE61F-E1AF-49A4-826A-258A1D4C7309},KeyPath=22:\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09A47860-11B0-4DA5-AFA5-26D86198A780},State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:359]: Executing op: ComponentRegister(ComponentId={2DA283D4-3532-55F6-A01D-EEE6BD2FD79A},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Antimalware Setup\StartMenu\Microsoft Security Essentials,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:359]: Executing op: ComponentRegister(ComponentId={C6868523-A018-5A6E-85D7-3D2533D2566F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:359]: Executing op: ComponentRegister(ComponentId={738BDA94-2359-5DC2-848D-D42988055E53},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:359]: Executing op: ComponentRegister(ComponentId={6002CE87-85F6-5EDD-94D0-0232F881023C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:369]: Executing op: ComponentRegister(ComponentId={A36E93B6-4750-53D3-9C34-666D3B4C2F8D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:369]: Executing op: ComponentRegister(ComponentId={B8C5A3F6-9DEA-5F86-8823-024D6C4A53EB},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:369]: Executing op: ComponentRegister(ComponentId={2A6C8C14-1A18-4CB2-9382-4B011750E123},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:369]: Executing op: ComponentRegister(ComponentId={2C17B534-80F9-4288-B6B9-A50B7F88C026},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Security Client\OOBE,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:379]: Executing op: ComponentRegister(ComponentId={2D153B43-11B4-461F-AA43-832B2C8B8872},KeyPath=22:\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup\2D153B43-11B4-461F-AA43-832B2C8B8872,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:379]: Executing op: ComponentRegister(ComponentId={8B58C6CC-62DE-43AE-85F4-13B30DCCE07C},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\ClockType,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:379]: Executing op: ComponentRegister(ComponentId={71DEFC51-E551-4852-ACC5-3AC1B5FC6466},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\FileName,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:379]: Executing op: ComponentRegister(ComponentId={99C648DF-3BE7-4363-8C23-9A85E02727B4},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\FlushTimer,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:379]: Executing op: ComponentRegister(ComponentId={5BE6BC25-1EE5-4A7F-B276-56F3D1D7B3F2},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\Guid,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:389]: Executing op: ComponentRegister(ComponentId={5F84CB95-D3D1-44F4-861A-35A770F1318E},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\LogFileMode,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:389]: Executing op: ComponentRegister(ComponentId={4A9ACCB8-3AC9-44A6-BCFE-A9F84C0BA855},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\MaxFileSize,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:389]: Executing op: ComponentRegister(ComponentId={07ECFE76-3738-456B-A270-B6A682F70AFB},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\Start,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:389]: Executing op: ComponentRegister(ComponentId={01F227B0-5C3C-4CA2-9102-97E24BAB51E8},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\Status,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:389]: Executing op: ComponentRegister(ComponentId={0681EBD4-4F96-4D61-8F5B-EC910A04B829},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\{913EFF0B-2CC3-4c64-A840-B0D7A38E90E4}\Enabled,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:399]: Executing op: ComponentRegister(ComponentId={2EFC2550-5F92-4B42-B4FA-F50223D1B745},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\{913EFF0B-2CC3-4c64-A840-B0D7A38E90E4}\EnableFlags,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:399]: Executing op: ComponentRegister(ComponentId={9D04094B-ECC4-40CA-B6BC-F6158F5DBB3A},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\{913EFF0B-2CC3-4c64-A840-B0D7A38E90E4}\EnableLevel,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:399]: Executing op: ComponentRegister(ComponentId={9B2919A2-C2A3-4747-B199-053731E959EE},KeyPath=22:\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\{913EFF0B-2CC3-4c64-A840-B0D7A38E90E4}\Status,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:399]: Executing op: ComponentRegister(ComponentId={19496D0B-1E76-4013-B311-5F4207FCF8E8},KeyPath=C:\Program Files\Microsoft Security Client\msseoobe.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:409]: Executing op: ComponentRegister(ComponentId={D68FBAE2-A508-4B0B-BB9C-0E5D30ADC8E4},KeyPath=C:\Program Files\Microsoft Security Client\msseooberes.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:409]: Executing op: ComponentRegister(ComponentId={B9A06C30-A932-4A9B-ADD7-5927C7B2B5DE},KeyPath=C:\Program Files\Microsoft Security Client\MSESysprep.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:409]: Executing op: ComponentRegister(ComponentId={236F6CD2-00F6-465B-ACAD-AED25EFCD6D4},KeyPath=C:\Program Files\Microsoft Security Client\en-us\msseooberes.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:409]: Executing op: ComponentRegister(ComponentId={5C54AB6A-6EA9-564A-8FEB-DC18F7FC383A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:409]: Executing op: ComponentRegister(ComponentId={027914B6-4088-5DDB-A1DD-72BA7E263947},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:419]: Executing op: ComponentRegister(ComponentId={CAB043D8-D086-5D4C-9D3C-8F2A2736EDEA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:419]: Executing op: ComponentRegister(ComponentId={88179D32-C047-5035-A927-8AE1D4397434},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:419]: Executing op: ComponentRegister(ComponentId={53F767DA-E16D-5161-B998-2F4712E930E0},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:419]: Executing op: ComponentRegister(ComponentId={A5BBD3B7-37E0-5A39-9C18-3E1475C0A8C9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:429]: Executing op: ComponentRegister(ComponentId={01F6C751-E31D-59E6-A439-9354760B4D48},KeyPath=C:\Program Files\Microsoft Security Client\DE-DE\MsMpRes.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:429]: Executing op: ComponentRegister(ComponentId={88DD9EDC-0830-5B48-AB97-2FA5C5CE7342},KeyPath=C:\Program Files\Microsoft Security Client\DE-DE\shellext.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:429]: Executing op: ComponentRegister(ComponentId={FA7A4C8C-869A-55DC-8B7C-1D2BE20A87C3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:429]: Executing op: ComponentRegister(ComponentId={F4070326-6824-546F-9BF8-E79C03C605D7},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:429]: Executing op: ComponentRegister(ComponentId={52B6C554-F1A7-50D9-B086-87B8069CE706},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:439]: Executing op: ComponentRegister(ComponentId={58C1C641-1447-5ED5-902B-25C3DD1F2660},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:439]: Executing op: ComponentRegister(ComponentId={0C63F398-3A36-5F63-9894-D6048F57BB1B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:439]: Executing op: ComponentRegister(ComponentId={9EA07E96-AD73-5899-87E9-9E187352B9A5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:439]: Executing op: ComponentRegister(ComponentId={541A8175-AC83-5529-8AB2-712E97042A1C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:439]: Executing op: ComponentRegister(ComponentId={DB2165E2-AC27-5F31-A331-5237906E35B0},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:449]: Executing op: ComponentRegister(ComponentId={9FDADA6C-123E-50E7-B43A-FBCA9AC56B9F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:449]: Executing op: ComponentRegister(ComponentId={4E167992-1DC5-554A-8B6D-078017150521},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:449]: Executing op: ComponentRegister(ComponentId={EDC3EBD5-8A50-5EAC-9DC8-520F85612766},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:449]: Executing op: ComponentRegister(ComponentId={038B7121-A368-5B7B-AEE6-8BE97F665D95},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:459]: Executing op: ComponentRegister(ComponentId={19AD855F-B3F2-5616-9BEB-4D3B5DC6EF99},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:459]: Executing op: ComponentRegister(ComponentId={00D6E49E-DBDF-537E-B87E-90C389061C44},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:459]: Executing op: ComponentRegister(ComponentId={E39CE1D9-45AB-5B9A-B392-39FCD30D8D6C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:459]: Executing op: ComponentRegister(ComponentId={2803189D-A3F2-5DF7-9142-38BFDE2AC134},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:459]: Executing op: ComponentRegister(ComponentId={803BCEF5-340F-5662-AFE2-F9048BAF2ECE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:469]: Executing op: ComponentRegister(ComponentId={01E1A506-ED4C-58F6-8402-A47694A00D7E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:469]: Executing op: ComponentRegister(ComponentId={511B2FF9-07A9-580D-9A1B-B4F024AB3D66},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:469]: Executing op: ComponentRegister(ComponentId={0787D987-8AB5-58D2-AE79-33691C1952E5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:469]: Executing op: ComponentRegister(ComponentId={4A81B56E-8AE1-53A5-97D2-33CEC1FDE4F6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:479]: Executing op: ComponentRegister(ComponentId={62D8E02E-CCFD-508E-8013-535A6086E2B5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:479]: Executing op: ComponentRegister(ComponentId={0CE5B867-0153-5954-BF0A-C0DEB3F9A8C4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:479]: Executing op: ComponentRegister(ComponentId={1A3EC9F3-D1DF-5AA6-8363-8898F1F9FA55},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:479]: Executing op: ComponentRegister(ComponentId={7F9EC797-BD1C-5B80-9D07-85C905EAF824},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:479]: Executing op: ComponentRegister(ComponentId={CB5B577E-26FB-5F44-A99D-FF6A2651F9F3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:489]: Executing op: ComponentRegister(ComponentId={DB209EBE-636C-5F45-98EC-D25468ABF9F6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:489]: Executing op: ComponentRegister(ComponentId={37D5DA40-3C0D-58D4-B9A9-4A6BDFCBE72B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:489]: Executing op: ComponentRegister(ComponentId={09053075-093E-5DD2-822D-EF50C299C58A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:489]: Executing op: ComponentRegister(ComponentId={D844BA92-0F62-5990-9DAD-8E824A9566FA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:499]: Executing op: ComponentRegister(ComponentId={E90E5B1C-C8B1-5EB2-8617-DDB78779A848},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:499]: Executing op: ComponentRegister(ComponentId={78445C96-7B4A-556E-BC68-795B68147319},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:499]: Executing op: ComponentRegister(ComponentId={1A285BFD-C272-55C3-8141-06EE90E4E6CE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:499]: Executing op: ComponentRegister(ComponentId={CF6D2D53-0003-5D4B-ADD0-5FEBEA2A79B4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:499]: Executing op: ComponentRegister(ComponentId={9241EBE2-1641-5F1A-8E41-618E7452B270},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:509]: Executing op: ComponentRegister(ComponentId={6A61CE5A-4348-5A1F-85BB-1EE18C9E40F6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:509]: Executing op: ComponentRegister(ComponentId={BAD14CDA-C0E2-55D5-9410-7A9736CB55C5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:509]: Executing op: ComponentRegister(ComponentId={C524859A-C4C0-53DF-AB66-62AB006D907F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:509]: Executing op: ComponentRegister(ComponentId={5620F142-622D-5F73-AFE0-E20FF9C78005},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:509]: Executing op: ComponentRegister(ComponentId={7CFF45A3-0AFD-5DF0-847E-06B432EC1627},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:519]: Executing op: ComponentRegister(ComponentId={9EB78336-59AE-5D9E-AB3F-78F2EC1B5C3F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:519]: Executing op: ComponentRegister(ComponentId={48D1C773-E126-5CD5-B884-72F416BAD2AF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:519]: Executing op: ComponentRegister(ComponentId={F4C3E77A-3F7C-5424-AFE1-2BB1EF1B97C2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:519]: Executing op: ComponentRegister(ComponentId={9952332D-6FF0-5BF8-80DA-BDED2A9ABFA0},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:529]: Executing op: ComponentRegister(ComponentId={1AFF6C99-6344-5296-8E1E-BC276F71A324},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:529]: Executing op: ComponentRegister(ComponentId={7C5B92AF-620E-53C9-A410-6F38A4134BC6},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:529]: Executing op: ComponentRegister(ComponentId={A922729F-CC0F-5D5C-888A-7EFDA27E5BDA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:529]: Executing op: ComponentRegister(ComponentId={2356A41D-AC70-53C2-83A8-2384FA57F0F9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:529]: Executing op: ComponentRegister(ComponentId={2F67BEE9-3039-5D1A-B49F-68D7CF35CEF4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:539]: Executing op: ComponentRegister(ComponentId={888822DA-493B-514B-B48A-FB86E8643FFF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:539]: Executing op: ComponentRegister(ComponentId={DA0FB855-6C0D-554E-9ED4-550BF900F896},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:539]: Executing op: ComponentRegister(ComponentId={6B761158-9D00-5E4B-9620-20DA18605F57},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:539]: Executing op: ComponentRegister(ComponentId={8749E928-30CB-53FC-85E6-A22E670C3441},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:549]: Executing op: ComponentRegister(ComponentId={D72432F3-6749-5E28-8F17-FEDE70F9A98C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:549]: Executing op: ComponentRegister(ComponentId={3D2B055D-8500-59C9-8979-C3F39977DF94},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:549]: Executing op: ComponentRegister(ComponentId={0AFB9CF8-1220-55D3-88E4-3BC92C239E19},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:549]: Executing op: ComponentRegister(ComponentId={D768E605-3C32-5A26-9D20-7180A4AFE3DD},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:549]: Executing op: ComponentRegister(ComponentId={CA17E93E-A003-564C-B79C-2E1FC3CD575D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:559]: Executing op: ComponentRegister(ComponentId={B0F01D79-30DB-5FCC-84E8-64B542245C88},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:559]: Executing op: ComponentRegister(ComponentId={A7E12855-23F3-520F-B7CC-C07DC11FFB7E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:559]: Executing op: ComponentRegister(ComponentId={A8D1A57A-18CC-4D8C-BB9D-71B736023D38},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Security Client\Market,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:559]: Executing op: ComponentRegister(ComponentId={A8D1A57A-18CC-4D8C-BB9D-71B736023D38},KeyPath=22:\SOFTWARE\Microsoft\Microsoft Security Client\Market,State=3,ProductKey={00000000-0000-0000-0000-000000000000},Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:569]: Executing op: ComponentRegister(ComponentId={EEE619A3-3664-4C86-AD72-8A787E6F1A88},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:569]: Executing op: ComponentRegister(ComponentId={AA795EEA-AC2C-4C0A-A13F-BE9D24BE237A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:569]: Executing op: ComponentRegister(ComponentId={B547A46C-58A0-4590-9D9A-F32D85513986},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:569]: Executing op: ComponentRegister(ComponentId={63F969F8-4AF1-47C4-BB57-13B307D2D3AA},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:579]: Executing op: ComponentRegister(ComponentId={92EFE1DD-72AD-4BA2-83AE-476D975859AF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:579]: Executing op: ComponentRegister(ComponentId={D022BF88-B692-4B72-8A95-534908DB003D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:579]: Executing op: ComponentRegister(ComponentId={47D6A6EE-AB03-4435-A16A-B964E288D571},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:579]: Executing op: ComponentRegister(ComponentId={EE33985F-5B04-4943-8CD6-A60594CF3AFC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:579]: Executing op: ComponentRegister(ComponentId={9DBF25B2-5274-46A5-9498-340CCBD119DF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:590]: Executing op: ComponentRegister(ComponentId={0A1DEE5D-E6A3-40B8-AD5A-17DF0C6C044B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:592]: Executing op: ComponentRegister(ComponentId={1FA7B732-5C8B-4C69-B386-4DDE29FFD713},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:594]: Executing op: ComponentRegister(ComponentId={F60C8433-854B-4BDE-ABFA-0C68966BF331},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:596]: Executing op: ComponentRegister(ComponentId={2BFB17E3-FAAD-4FDB-865D-DFF7B145448F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:598]: Executing op: ComponentRegister(ComponentId={97867BCC-CFCB-4D44-BFC7-474C8F19B71E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:600]: Executing op: ComponentRegister(ComponentId={CA94B25F-8EB5-4323-B02C-5B56ADD0A46D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:602]: Executing op: ComponentRegister(ComponentId={EE6281F6-164F-482D-8B00-E3F760127A14},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:604]: Executing op: ComponentRegister(ComponentId={4822C605-CD8B-4708-9C56-2DC00C2401A1},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:606]: Executing op: ComponentRegister(ComponentId={5D779958-4D48-41E9-A9D1-F399092279D9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:608]: Executing op: ComponentRegister(ComponentId={47C3B67A-1174-4832-A8FC-63836C9BB712},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:611]: Executing op: ComponentRegister(ComponentId={41DE87EF-4681-424B-BA09-C9ED0ABE25E8},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:611]: Executing op: ComponentRegister(ComponentId={9DDAF74F-E68B-4043-9894-EA71D29A2F85},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:611]: Executing op: ComponentRegister(ComponentId={1C7EA5A8-66E5-48B1-A7DD-C1C6473B9E8E},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:611]: Executing op: ComponentRegister(ComponentId={B18AE006-8C6F-4FDE-9814-599E7B108525},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:611]: Executing op: ComponentRegister(ComponentId={74C0D87E-9FCA-4487-9F58-F4FAE283A357},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:621]: Executing op: ComponentRegister(ComponentId={CDB0A3F2-156B-4D49-B729-DC0AE707A04B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:621]: Executing op: ComponentRegister(ComponentId={40CA4938-B203-45C2-B462-46D42F217BBC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:621]: Executing op: ComponentRegister(ComponentId={D073CBD8-FE0F-4B4D-B0BE-B5DED27DE1F9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:621]: Executing op: ComponentRegister(ComponentId={B85B3CA6-AD96-4C99-A536-E4BD09A8DAD2},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:621]: Executing op: ComponentRegister(ComponentId={F57C6FB6-0A79-4491-A3EA-DEA862848C99},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:631]: Executing op: ComponentRegister(ComponentId={315B6A17-CDE8-4FDA-A3C5-83836DCBA1DB},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:631]: Executing op: ComponentRegister(ComponentId={78D5D17D-FD1B-477B-B744-2762281E9A89},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:631]: Executing op: ComponentRegister(ComponentId={6BD211AD-E952-40FD-AC87-09E42C752F8A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:631]: Executing op: ComponentRegister(ComponentId={C548CBCC-E7C6-4DAA-A071-1CEC19D5C5FE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:631]: Executing op: ComponentRegister(ComponentId={808DC4D6-AE4B-40FB-B3BC-227733AF8272},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:641]: Executing op: ComponentRegister(ComponentId={FC6E65A3-899A-51DE-9EF8-C355104BC3B0},KeyPath=C:\Program Files\Microsoft Security Client\SetupRes.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:641]: Executing op: ComponentRegister(ComponentId={BDF221A6-CE73-56ED-991C-AF87CD474695},KeyPath=C:\Program Files\Microsoft Security Client\Setup.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:641]: Executing op: ComponentRegister(ComponentId={095895D0-5043-44F9-AA1F-274B56D218FD},KeyPath=C:\Program Files\Microsoft Security Client\SqmApi.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:641]: Executing op: ComponentRegister(ComponentId={DF9B55F5-0F1C-4981-88A7-6DE4EF837278},KeyPath=C:\Program Files\Microsoft Security Client\EppManifest.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:641]: Executing op: ComponentRegister(ComponentId={BA633D28-434B-4FCA-81FA-C65862097F3A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:651]: Executing op: ComponentRegister(ComponentId={008E1753-0DD8-4019-8B1F-931FC211FA55},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:651]: Executing op: ComponentRegister(ComponentId={D42B77B1-C7BB-40B2-89D2-64F13F3DEAB9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:651]: Executing op: ComponentRegister(ComponentId={B5161754-EB66-4CED-94A2-F38AA6D40647},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:651]: Executing op: ComponentRegister(ComponentId={54FFFA6E-20A3-4F95-8F68-255F294D0DF3},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:651]: Executing op: ComponentRegister(ComponentId={7CE85700-95B2-5FFE-8D91-CE42BDE5A02D},KeyPath=C:\Program Files\Microsoft Security Client\en-US\setupres.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:661]: Executing op: ComponentRegister(ComponentId={E794F8C8-0620-571E-8A55-70D411D32FF8},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:661]: Executing op: ComponentRegister(ComponentId={62479518-16DB-5B42-909F-0396EDAB8875},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:661]: Executing op: ComponentRegister(ComponentId={B4C55455-B6DA-577E-85F9-84808096B73D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:661]: Executing op: ComponentRegister(ComponentId={90F90023-D115-5276-9387-E6CEEFEF7BE2},KeyPath=C:\Program Files\Microsoft Security Client\DE-DE\setupres.dll.mui,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:661]: Executing op: ComponentRegister(ComponentId={4B5007FB-AC16-539D-8A79-1098EA2E7AAD},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:671]: Executing op: ComponentRegister(ComponentId={ACEC471C-FBCD-56BB-9243-EE15F93ECD5D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:671]: Executing op: ComponentRegister(ComponentId={1BA3FD71-A122-5046-A10E-17C18F45DF5B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:671]: Executing op: ComponentRegister(ComponentId={0145D169-CC74-5250-9829-86EADAD7C450},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:671]: Executing op: ComponentRegister(ComponentId={89D4AA72-505F-5DFE-A1AF-E492DB8A4745},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:671]: Executing op: ComponentRegister(ComponentId={9F333D09-70E3-53F2-81FA-677B99328E94},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:681]: Executing op: ComponentRegister(ComponentId={E38953AD-EAE5-56C0-8936-FBC3E6DAB7F4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:681]: Executing op: ComponentRegister(ComponentId={B2524A83-4C3F-5A18-B05E-FD85A5597605},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:681]: Executing op: ComponentRegister(ComponentId={8B8FB356-AEFB-5ED6-B541-826D3939FF22},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:681]: Executing op: ComponentRegister(ComponentId={475BBAF9-7C7B-5460-A801-BCA8E401208B},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:691]: Executing op: ComponentRegister(ComponentId={B26D8D65-3AC2-506B-BF71-F1D27A27ACA5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:691]: Executing op: ComponentRegister(ComponentId={2087C284-CDBA-5B4E-8D4F-9BFAA64703FE},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:691]: Executing op: ComponentRegister(ComponentId={44EA0CD0-ACD0-5CB3-95A4-A42EA18BE095},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:691]: Executing op: ComponentRegister(ComponentId={574658A7-F81C-5C4C-B063-F51D785712C0},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:701]: Executing op: ComponentRegister(ComponentId={340FCFB0-7FF7-5F45-A3E8-5050ADA1B4FC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:701]: Executing op: ComponentRegister(ComponentId={F8A32057-1431-549A-AF6F-95195FC18E6C},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:701]: Executing op: ComponentRegister(ComponentId={160A1832-6C5A-571B-96C5-F9B399C4618F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:701]: Executing op: ComponentRegister(ComponentId={1DE1C40E-694D-594B-9129-799FA81DA79D},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:701]: Executing op: ComponentRegister(ComponentId={C96030CC-9D51-5E3B-8F3D-258F72F0A42A},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:711]: Executing op: ComponentRegister(ComponentId={42A32991-A1E9-51F6-A8B7-491BABDA13FC},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:711]: Executing op: ComponentRegister(ComponentId={FE206CBB-E996-5F78-8630-B4576B659B50},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:711]: Executing op: ComponentRegister(ComponentId={4222EB6C-5E5A-52E2-AE29-83A2DB9B89FF},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:711]: Executing op: ComponentRegister(ComponentId={453CB959-E669-5B30-9B5C-E7579C0272E9},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:711]: Executing op: ComponentRegister(ComponentId={A533110B-DD83-58B3-AB18-BB7A0C8F3A36},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:721]: Executing op: ComponentRegister(ComponentId={73BB9498-6240-5F07-A7B6-65B90A3F3A33},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:721]: Executing op: ComponentRegister(ComponentId={0D0C8B2F-AAF4-524C-8105-EBBF59C95D02},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:721]: Executing op: ComponentRegister(ComponentId={3ED9C888-0898-59BC-9E65-41B3349B9257},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:731]: Executing op: ComponentRegister(ComponentId={9B7B76EB-0383-5F2B-9DD3-477F08F2CC9F},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:731]: Executing op: ComponentRegister(ComponentId={72DA775E-B04B-51F8-981D-85C00B7783D4},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:731]: Executing op: ComponentRegister(ComponentId={4F4B4D63-FC0B-5447-9E16-36939632F1C5},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=1) MSI (s) (08:FC) [19:53:41:731]: Executing op: ActionStart(Name=StopServices,Description=Stopping services,Template=Service: [1]) MSI (s) (08:FC) [19:53:41:731]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000) MSI (s) (08:FC) [19:53:41:731]: Executing op: ServiceControl(,Name=MsMpSvc,Action=2,,) MSI (s) (08:FC) [19:53:41:731]: Executing op: ActionStart(Name=DeleteScheduledTasks,,) MSI (s) (08:FC) [19:53:41:731]: Executing op: CustomActionSchedule(Action=DeleteScheduledTasks,ActionType=3137,Source=BinaryData,Target=DeleteTasks,CustomActionData=Microsoft\Microsoft Antimalware) MSI (s) (08:40) [19:53:41:731]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA541.tmp, Entrypoint: DeleteTasks MSI (s) (08:9C) [19:53:41:731]: Generating random cookie. MSI (s) (08:9C) [19:53:41:741]: Created Custom Action Server with PID 2064 (0x810). MSI (s) (08:F4) [19:53:41:761]: Running as a service. MSI (s) (08:F4) [19:53:41:761]: Hello, I'm your 64bit Elevated custom action server. MSI (s) (08:FC) [19:53:41:951]: Executing op: ActionStart(Name=RemoveRegistryValues,Description=Removing system registry values,Template=Key: [1], Name: [2]) MSI (s) (08:FC) [19:53:42:271]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200) MSI (s) (08:FC) [19:53:42:271]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46},,BinaryType=0,,) MSI (s) (08:FC) [19:53:42:271]: Executing op: RegRemoveKey() MSI (s) (08:FC) [19:53:42:271]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE32\Software\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46} 3: 2 MSI (s) (08:FC) [19:53:42:271]: Executing op: ActionStart(Name=CreateFolders,Description=Creating folders,Template=Folder: [1]) MSI (s) (08:FC) [19:53:42:271]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:281]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:281]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:281]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:281]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:291]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:291]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:291]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:291]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:291]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:301]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:301]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:301]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:301]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:311]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:321]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:331]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files (x86)\Microsoft Security Client\,Foreign=0,,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files (x86)\Microsoft Security Client\,Foreign=0,,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files (x86)\Microsoft Security Client\,Foreign=0,,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files (x86)\Microsoft Security Client\,Foreign=0,,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files (x86)\Microsoft Security Client\,Foreign=0,,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\Program Files (x86)\Microsoft Security Client\,Foreign=0,,) MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\,Foreign=0,SecurityDescriptor=BinaryData,) |
29.04.2013, 22:47 | #13 |
| "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet MSI (s) (08:FC) [19:53:42:451]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:451]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:451]: Executing op: FileCopy(SourceName=MpAsDesc.dll,SourceCabKey=MpAsDesc.dll,DestName=MpAsDesc.dll,Attributes=512,FileSize=150608,PerTick=65536,,VerifyMedia=1,,,,,Check CRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:451]: File: C:\Program Files\Microsoft Security Client\MpAsDesc.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:451]: Source for file 'MpAsDesc.dll' is compressed MSI (s) (08:FC) [19:53:42:451]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:451]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\en-US\|Program Files\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:451]: Executing op: FileCopy(SourceName=50fmqvm4.mui|MpAsDesc.dll.mui,SourceCabKey=MpAsDesc.dll.mui,DestName=MpAsDesc.dll.mui,Attributes=512,FileSize=47696,PerTick=65536, ,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:451]: File: C:\Program Files\Microsoft Security Client\en-US\MpAsDesc.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:451]: Source for file 'MpAsDesc.dll.mui' is compressed MSI (s) (08:FC) [19:53:42:451]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:451]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\DE-DE\|Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:451]: Executing op: FileCopy(SourceName=okzrvoyi.mui|MpAsDesc.dll.mui,SourceCabKey=MpAsDesc.dll.mui_DE_DE,DestName=MpAsDesc.dll.mui,Attributes=512,FileSize=57400,PerTick= 65536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1031,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:461]: File: C:\Program Files\Microsoft Security Client\DE-DE\MpAsDesc.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:461]: Source for file 'MpAsDesc.dll.mui_DE_DE' is compressed MSI (s) (08:FC) [19:53:42:461]: Executing op: SetTargetFolder(Folder=C:\Program Files (x86)\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:461]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\m8czvycy\en-US\|Program Files\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:461]: Executing op: FileCopy(SourceName=pvrb_llt.mui|MpAsDesc.dll.mui,SourceCabKey=MpAsDesc.dll.mui_Wow64,DestName=MpAsDesc.dll.mui,Attributes=512,FileSize=47696,PerTick= 65536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:461]: File: C:\Program Files (x86)\Microsoft Security Client\en-US\MpAsDesc.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:461]: Source for file 'MpAsDesc.dll.mui_Wow64' is compressed MSI (s) (08:FC) [19:53:42:471]: Executing op: SetTargetFolder(Folder=C:\Program Files (x86)\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:471]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\m8czvycy\DE-DE\|Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:471]: Executing op: FileCopy(SourceName=vk9hkxay.mui|MpAsDesc.dll.mui,SourceCabKey=MpAsDesc.dll.mui_Wow64_DE_DE,DestName=MpAsDesc.dll.mui,Attributes=512,FileSize=57400,Pe rTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1031,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:471]: File: C:\Program Files (x86)\Microsoft Security Client\DE-DE\MpAsDesc.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:471]: Source for file 'MpAsDesc.dll.mui_Wow64_DE_DE' is compressed MSI (s) (08:FC) [19:53:42:481]: Executing op: SetTargetFolder(Folder=C:\Program Files (x86)\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:481]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\m8czvycy\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:481]: Executing op: FileCopy(SourceName=MpAsDesc.dll,SourceCabKey=MpAsDesc.Dll_Wow64,DestName=MpAsDesc.dll,Attributes=512,FileSize=150608,PerTick=65536,,VerifyMedia=1,,,, ,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:481]: File: C:\Program Files (x86)\Microsoft Security Client\MpAsDesc.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:481]: Source for file 'MpAsDesc.Dll_Wow64' is compressed MSI (s) (08:FC) [19:53:42:511]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:511]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:511]: Executing op: FileCopy(SourceName=MpClient.dll,SourceCabKey=MpClient.dll,DestName=MpClient.dll,Attributes=512,FileSize=873448,PerTick=65536,,VerifyMedia=1,,,,,Check CRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:521]: File: C:\Program Files\Microsoft Security Client\MpClient.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:521]: Source for file 'MpClient.dll' is compressed MSI (s) (08:FC) [19:53:42:561]: Executing op: SetTargetFolder(Folder=C:\Program Files (x86)\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:561]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\m8czvycy\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:561]: Executing op: FileCopy(SourceName=MpClient.dll,SourceCabKey=MpClient.dll_Wow64,DestName=MpClient.dll,Attributes=512,FileSize=646120,PerTick=65536,,VerifyMedia=1,,,, ,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:561]: File: C:\Program Files (x86)\Microsoft Security Client\MpClient.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:561]: Source for file 'MpClient.dll_Wow64' is compressed MSI (s) (08:FC) [19:53:42:571]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:571]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:571]: Executing op: FileCopy(SourceName=MpCmdRun.exe,SourceCabKey=MpCmdRun.exe,DestName=MpCmdRun.exe,Attributes=512,FileSize=343056,PerTick=65536,,VerifyMedia=1,,,,,Check CRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:571]: File: C:\Program Files\Microsoft Security Client\MpCmdRun.exe; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:571]: Source for file 'MpCmdRun.exe' is compressed MSI (s) (08:FC) [19:53:42:571]: Executing op: FileCopy(SourceName=MpCommu.dll,SourceCabKey=MpCommu.dll,DestName=MpCommu.dll,Attributes=512,FileSize=334312,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC =0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:571]: File: C:\Program Files\Microsoft Security Client\MpCommu.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:571]: Source for file 'MpCommu.dll' is compressed MSI (s) (08:FC) [19:53:42:581]: Executing op: SetTargetFolder(Folder=C:\Program Files (x86)\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:581]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\m8czvycy\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:581]: Executing op: FileCopy(SourceName=MpCommu.dll,SourceCabKey=MpCommu.dll_Wow64,DestName=MpCommu.dll,Attributes=512,FileSize=259024,PerTick=65536,,VerifyMedia=1,,,,,Ch eckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:581]: File: C:\Program Files (x86)\Microsoft Security Client\MpCommu.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:581]: Source for file 'MpCommu.dll_Wow64' is compressed MSI (s) (08:FC) [19:53:42:581]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:581]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:581]: Executing op: FileCopy(SourceName=mpevmsg.dll,SourceCabKey=mpevmsg.dll,DestName=mpevmsg.dll,Attributes=512,FileSize=37944,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC= 0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:581]: File: C:\Program Files\Microsoft Security Client\mpevmsg.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:581]: Source for file 'mpevmsg.dll' is compressed MSI (s) (08:FC) [19:53:42:591]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:591]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\en-US\|Program Files\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:591]: Executing op: FileCopy(SourceName=d4iilf9o.mui|mpevmsg.dll.mui,SourceCabKey=mpevmsg.dll.mui,DestName=mpevmsg.dll.mui,Attributes=512,FileSize=37944,PerTick=65536,,Ve rifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:591]: File: C:\Program Files\Microsoft Security Client\en-US\mpevmsg.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:591]: Source for file 'mpevmsg.dll.mui' is compressed MSI (s) (08:FC) [19:53:42:591]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:591]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\DE-DE\|Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:591]: Executing op: FileCopy(SourceName=g5n5guqk.mui|MpEvMsg.dll.mui,SourceCabKey=MpEvMsg.dll.mui_DE_DE,DestName=MpEvMsg.dll.mui,Attributes=512,FileSize=40528,PerTick=655 36,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1031,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:591]: File: C:\Program Files\Microsoft Security Client\DE-DE\MpEvMsg.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:591]: Source for file 'MpEvMsg.dll.mui_DE_DE' is compressed MSI (s) (08:FC) [19:53:42:591]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\Drivers\mpfilter\) MSI (s) (08:FC) [19:53:42:591]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\Drivers\mpfilter\|Program Files\Microsoft Security Client\Drivers\mpfilter\) MSI (s) (08:FC) [19:53:42:591]: Executing op: FileCopy(SourceName=mpfilter.cat,SourceCabKey=mpfilter.cat,DestName=mpfilter.cat,Attributes=512,FileSize=7715,PerTick=65536,,VerifyMedia=1,,,,,CheckCR C=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1290541277,HashPart2=-1195292378,HashPart3=-971584605,HashPart4=-384731361,,) MSI (s) (08:FC) [19:53:42:591]: File: C:\Program Files\Microsoft Security Client\Drivers\mpfilter\mpfilter.cat; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:591]: Source for file 'mpfilter.cat' is compressed MSI (s) (08:FC) [19:53:42:611]: Executing op: FileCopy(SourceName=mpfilter.inf,SourceCabKey=mpfilter.inf,DestName=mpfilter.inf,Attributes=512,FileSize=3137,PerTick=65536,,VerifyMedia=1,,,,,CheckCR C=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1481397698,HashPart2=1330798981,HashPart3=-1543581289,HashPart4=-1032829926,,) MSI (s) (08:FC) [19:53:42:611]: File: C:\Program Files\Microsoft Security Client\Drivers\mpfilter\mpfilter.inf; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:611]: Source for file 'mpfilter.inf' is compressed MSI (s) (08:FC) [19:53:42:611]: Executing op: FileCopy(SourceName=mpfilter.sys,SourceCabKey=mpfilter.sys,DestName=mpfilter.sys,Attributes=512,FileSize=230320,PerTick=65536,,VerifyMedia=1,,,,,Check CRC=0,Version=4.2.206.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:611]: File: C:\Program Files\Microsoft Security Client\Drivers\mpfilter\mpfilter.sys; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:611]: Source for file 'mpfilter.sys' is compressed MSI (s) (08:FC) [19:53:42:611]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:611]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:611]: Executing op: FileCopy(SourceName=MpOAv.dll,SourceCabKey=MpOAv.dll,DestName=MpOAv.dll,Attributes=512,FileSize=75240,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Vers ion=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:611]: File: C:\Program Files\Microsoft Security Client\MpOAv.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:611]: Source for file 'MpOAv.dll' is compressed MSI (s) (08:FC) [19:53:42:621]: Executing op: SetTargetFolder(Folder=C:\Program Files (x86)\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:621]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\m8czvycy\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:621]: Executing op: FileCopy(SourceName=MpOAv.dll,SourceCabKey=MpOAv.dll_Wow64,DestName=MpOAv.dll,Attributes=512,FileSize=78824,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC= 0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:621]: File: C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:621]: Source for file 'MpOAv.dll_Wow64' is compressed MSI (s) (08:FC) [19:53:42:621]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:621]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:621]: Executing op: FileCopy(SourceName=MpRTP.dll,SourceCabKey=MpRTP.dll,DestName=MpRTP.dll,Attributes=512,FileSize=493032,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Ver sion=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:621]: File: C:\Program Files\Microsoft Security Client\MpRTP.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:621]: Source for file 'MpRTP.dll' is compressed MSI (s) (08:FC) [19:53:42:631]: Executing op: FileCopy(SourceName=MpSvc.dll,SourceCabKey=MpSvc.dll,DestName=MpSvc.dll,Attributes=512,FileSize=1555920,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Ve rsion=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:631]: File: C:\Program Files\Microsoft Security Client\MpSvc.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:631]: Source for file 'MpSvc.dll' is compressed MSI (s) (08:FC) [19:53:42:651]: Executing op: FileCopy(SourceName=sysprep.dll|MSESysprep.dll,SourceCabKey=MSESysprep.dll,DestName=MSESysprep.dll,Attributes=512,FileSize=66000,PerTick=65536,,Verify Media=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:651]: File: C:\Program Files\Microsoft Security Client\MSESysprep.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:651]: Source for file 'MSESysprep.dll' is compressed MSI (s) (08:FC) [19:53:42:651]: Executing op: FileCopy(SourceName=MsMpCom.dll,SourceCabKey=MsMpCom.dllPreVista,DestName=MsMpCom.dll,Attributes=512,FileSize=93672,PerTick=65536,,VerifyMedia=1,,,,,C heckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:651]: File: C:\Program Files\Microsoft Security Client\MsMpCom.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:651]: Source for file 'MsMpCom.dllPreVista' is compressed MSI (s) (08:FC) [19:53:42:651]: Executing op: FileCopy(SourceName=MsMpRes.dll,SourceCabKey=MsMpRes.dll,DestName=MsMpRes.dll,Attributes=512,FileSize=438840,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC =0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:651]: File: C:\Program Files\Microsoft Security Client\MsMpRes.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:651]: Source for file 'MsMpRes.dll' is compressed MSI (s) (08:FC) [19:53:42:661]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\en-us\) MSI (s) (08:FC) [19:53:42:661]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\en-us\|Program Files\Microsoft Security Client\en-us\) MSI (s) (08:FC) [19:53:42:661]: Executing op: FileCopy(SourceName=MsMpRes.mui|MsMpRes.dll.mui,SourceCabKey=MsMpRes.dll.mui_ENUS,DestName=MsMpRes.dll.mui,Attributes=512,FileSize=93752,PerTick=65536 ,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:661]: File: C:\Program Files\Microsoft Security Client\en-us\MsMpRes.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:661]: Source for file 'MsMpRes.dll.mui_ENUS' is compressed MSI (s) (08:FC) [19:53:42:671]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:671]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\DE-DE\|Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:671]: Executing op: FileCopy(SourceName=MsMpRes.mui|MsMpRes.dll.mui,SourceCabKey=MsMpRes_DE_DE.dll.mui,DestName=MsMpRes.dll.mui,Attributes=512,FileSize=109112,PerTick=655 36,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1031,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:671]: File: C:\Program Files\Microsoft Security Client\DE-DE\MsMpRes.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:671]: Source for file 'MsMpRes_DE_DE.dll.mui' is compressed MSI (s) (08:FC) [19:53:42:701]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:701]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:701]: Executing op: FileCopy(SourceName=msseces.exe,SourceCabKey=msseces.exe,DestName=msseces.exe,Attributes=512,FileSize=1281512,PerTick=65536,,VerifyMedia=1,,,,,CheckCR C=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:701]: File: C:\Program Files\Microsoft Security Client\msseces.exe; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:701]: Source for file 'msseces.exe' is compressed MSI (s) (08:FC) [19:53:42:741]: Executing op: FileCopy(SourceName=oobe.exe|msseoobe.exe,SourceCabKey=msseoobe.exe,DestName=msseoobe.exe,Attributes=512,FileSize=603600,PerTick=65536,,VerifyMedia=1, ,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:741]: File: C:\Program Files\Microsoft Security Client\msseoobe.exe; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:741]: Source for file 'msseoobe.exe' is compressed MSI (s) (08:FC) [19:53:42:741]: Executing op: FileCopy(SourceName=ooberes.dll|msseooberes.dll,SourceCabKey=msseooberes.dll,DestName=msseooberes.dll,Attributes=512,FileSize=8760,PerTick=65536,,Veri fyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:741]: File: C:\Program Files\Microsoft Security Client\msseooberes.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:741]: Source for file 'msseooberes.dll' is compressed MSI (s) (08:FC) [19:53:42:751]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\en-us\) MSI (s) (08:FC) [19:53:42:751]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\en-us\|Program Files\Microsoft Security Client\en-us\) MSI (s) (08:FC) [19:53:42:751]: Executing op: FileCopy(SourceName=ooberes.mui|msseooberes.dll.mui,SourceCabKey=msseooberes.dll.mui_ENUS,DestName=msseooberes.dll.mui,Attributes=512,FileSize=16464,P erTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:751]: File: C:\Program Files\Microsoft Security Client\en-us\msseooberes.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:751]: Source for file 'msseooberes.dll.mui_ENUS' is compressed MSI (s) (08:FC) [19:53:42:751]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:751]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:751]: Executing op: FileCopy(SourceName=MsseWat.dll,SourceCabKey=MsseWat.dll,DestName=MsseWat.dll,Attributes=512,FileSize=87528,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC= 0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:751]: File: C:\Program Files\Microsoft Security Client\MsseWat.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:751]: Source for file 'MsseWat.dll' is compressed MSI (s) (08:FC) [19:53:42:751]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\Drivers\NisDrv\) MSI (s) (08:FC) [19:53:42:751]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\Drivers\NisDrv\|Program Files\Microsoft Security Client\Drivers\NisDrv\) MSI (s) (08:FC) [19:53:42:751]: Executing op: FileCopy(SourceName=9luvflik.cat|NisDrvWFP.cat,SourceCabKey=NisDrvWFP.cat,DestName=NisDrvWFP.cat,Attributes=512,FileSize=7627,PerTick=65536,,VerifyMed ia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1995395465,HashPart2=-1417764213,HashPart3=430549268,HashPart4=882191694,,) MSI (s) (08:FC) [19:53:42:751]: File: C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:751]: Source for file 'NisDrvWFP.cat' is compressed MSI (s) (08:FC) [19:53:42:751]: Executing op: FileCopy(SourceName=tnub74sj.inf|NisDrvWFP.inf,SourceCabKey=NisDrvWFP.inf,DestName=NisDrvWFP.inf,Attributes=512,FileSize=2997,PerTick=65536,,VerifyMed ia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-2147243345,HashPart2=-138182042,HashPart3=-2091125285,HashPart4=565501366,,) MSI (s) (08:FC) [19:53:42:751]: File: C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:751]: Source for file 'NisDrvWFP.inf' is compressed MSI (s) (08:FC) [19:53:42:751]: Executing op: FileCopy(SourceName=vvb3icpw.man|NisDrvWFP.man,SourceCabKey=NisDrvWFP.man,DestName=NisDrvWFP.man,Attributes=512,FileSize=14762,PerTick=65536,,VerifyMe dia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=2079231916,HashPart2=1804879556,HashPart3=-356815399,HashPart4=-1423734096,,) MSI (s) (08:FC) [19:53:42:751]: File: C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.man; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:751]: Source for file 'NisDrvWFP.man' is compressed MSI (s) (08:FC) [19:53:42:761]: Executing op: FileCopy(SourceName=o5durkmj.sys|NisDrvWFP.sys,SourceCabKey=NisDrvWFP.sys,DestName=NisDrvWFP.sys,Attributes=512,FileSize=130008,PerTick=65536,,VerifyM edia=1,,,,,CheckCRC=0,Version=4.2.206.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:761]: File: C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:761]: Source for file 'NisDrvWFP.sys' is compressed MSI (s) (08:FC) [19:53:42:791]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:791]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:791]: Executing op: FileCopy(SourceName=0nmrfrtl.dll|NisIpsPlugin.dll,SourceCabKey=NisIpsPlugin.dll,DestName=NisIpsPlugin.dll,Attributes=512,FileSize=125392,PerTick=65536 ,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:791]: File: C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:791]: Source for file 'NisIpsPlugin.dll' is compressed MSI (s) (08:FC) [19:53:42:791]: Executing op: FileCopy(SourceName=NisLog.dll,SourceCabKey=NisLog.dll,DestName=NisLog.dll,Attributes=512,FileSize=58344,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,V ersion=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:791]: File: C:\Program Files\Microsoft Security Client\NisLog.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:791]: Source for file 'NisLog.dll' is compressed MSI (s) (08:FC) [19:53:42:791]: Executing op: FileCopy(SourceName=NisSrv.exe,SourceCabKey=NisSrv.exe,DestName=NisSrv.exe,Attributes=512,FileSize=379360,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0, Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:791]: File: C:\Program Files\Microsoft Security Client\NisSrv.exe; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:791]: Source for file 'NisSrv.exe' is compressed MSI (s) (08:FC) [19:53:42:801]: Executing op: FileCopy(SourceName=NisWFP.dll,SourceCabKey=NisWFP.dll,DestName=NisWFP.dll,Attributes=512,FileSize=72656,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,V ersion=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:801]: File: C:\Program Files\Microsoft Security Client\NisWFP.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:801]: Source for file 'NisWFP.dll' is compressed MSI (s) (08:FC) [19:53:42:801]: Executing op: FileCopy(SourceName=Setup.exe,SourceCabKey=Setup.exe,DestName=Setup.exe,Attributes=512,FileSize=1094152,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Ve rsion=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:801]: File: C:\Program Files\Microsoft Security Client\Setup.exe; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:801]: Source for file 'Setup.exe' is compressed MSI (s) (08:FC) [19:53:42:821]: Executing op: FileCopy(SourceName=SetupRes.dll,SourceCabKey=SetupRes.dll,DestName=SetupRes.dll,Attributes=512,FileSize=8760,PerTick=65536,,VerifyMedia=1,,,,,CheckCR C=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:821]: File: C:\Program Files\Microsoft Security Client\SetupRes.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:821]: Source for file 'SetupRes.dll' is compressed MSI (s) (08:FC) [19:53:42:821]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:821]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\DE-DE\|Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:821]: Executing op: FileCopy(SourceName=4njyby5h.mui|setupres.dll.mui,SourceCabKey=SetupResDllMui_DE_DE,DestName=setupres.dll.mui,Attributes=512,FileSize=50768,PerTick=65 536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1031,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:821]: File: C:\Program Files\Microsoft Security Client\DE-DE\setupres.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:821]: Source for file 'SetupResDllMui_DE_DE' is compressed MSI (s) (08:FC) [19:53:42:821]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:821]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\en-US\|Program Files\Microsoft Security Client\en-US\) MSI (s) (08:FC) [19:53:42:821]: Executing op: FileCopy(SourceName=upno4bpa.mui|setupres.dll.mui,SourceCabKey=SetupResDllMui_EN_US,DestName=setupres.dll.mui,Attributes=512,FileSize=43064,PerTick=65 536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:821]: File: C:\Program Files\Microsoft Security Client\en-US\setupres.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:821]: Source for file 'SetupResDllMui_EN_US' is compressed MSI (s) (08:FC) [19:53:42:821]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:821]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:821]: Executing op: FileCopy(SourceName=shellext.dll,SourceCabKey=shellext.dll,DestName=shellext.dll,Attributes=512,FileSize=344144,PerTick=65536,,VerifyMedia=1,,,,,Check CRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:821]: File: C:\Program Files\Microsoft Security Client\shellext.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:821]: Source for file 'shellext.dll' is compressed MSI (s) (08:FC) [19:53:42:841]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\en-us\) MSI (s) (08:FC) [19:53:42:841]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\en-us\|Program Files\Microsoft Security Client\en-us\) MSI (s) (08:FC) [19:53:42:841]: Executing op: FileCopy(SourceName=shellext.mui|shellext.dll.mui,SourceCabKey=shellext.dll.mui_ENUS,DestName=shellext.dll.mui,Attributes=512,FileSize=9272,PerTick=65 536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:841]: File: C:\Program Files\Microsoft Security Client\en-us\shellext.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:841]: Source for file 'shellext.dll.mui_ENUS' is compressed MSI (s) (08:FC) [19:53:42:841]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:841]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\DE-DE\|Program Files\Microsoft Security Client\DE-DE\) MSI (s) (08:FC) [19:53:42:841]: Executing op: FileCopy(SourceName=shellext.mui|shellext.dll.mui,SourceCabKey=shellext_DE_DE.dll.mui,DestName=shellext.dll.mui,Attributes=512,FileSize=9272,PerTick=6 5536,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1031,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:841]: File: C:\Program Files\Microsoft Security Client\DE-DE\shellext.dll.mui; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:841]: Source for file 'shellext_DE_DE.dll.mui' is compressed MSI (s) (08:FC) [19:53:42:841]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:841]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:841]: Executing op: FileCopy(SourceName=SqmApi.dll,SourceCabKey=SqmApi.dll,DestName=SqmApi.dll,Attributes=512,FileSize=241984,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0, Version=6.1.7600.16385,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:841]: File: C:\Program Files\Microsoft Security Client\SqmApi.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:841]: Source for file 'SqmApi.dll' is compressed MSI (s) (08:FC) [19:53:42:851]: Executing op: FileCopy(SourceName=SymSrv.dll,SourceCabKey=SymSrv.dll,DestName=SymSrv.dll,Attributes=512,FileSize=149264,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0, Version=6.12.2.633,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:851]: File: C:\Program Files\Microsoft Security Client\SymSrv.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:851]: Source for file 'SymSrv.dll' is compressed MSI (s) (08:FC) [19:53:42:851]: Executing op: FileCopy(SourceName=SymSrv.yes,SourceCabKey=SymSrv.yes,DestName=SymSrv.yes,Attributes=512,FileSize=1,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,Ins tallMode=58982400,HashOptions=0,HashPart1=-1662118542,HashPart2=700620157,HashPart3=1075483346,HashPart4=1609341416,,) MSI (s) (08:FC) [19:53:42:851]: File: C:\Program Files\Microsoft Security Client\SymSrv.yes; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:851]: Source for file 'SymSrv.yes' is compressed MSI (s) (08:FC) [19:53:42:851]: Executing op: CacheSizeFlush(,) MSI (s) (08:FC) [19:53:42:851]: Executing op: ActionStart(Name=InstallDriverRollback,,) MSI (s) (08:FC) [19:53:42:851]: Executing op: CustomActionSchedule(Action=InstallDriverRollback,ActionType=11585,Source=BinaryData,Target=**********,CustomActionData=**********) MSI (s) (08:FC) [19:53:42:851]: Executing op: ActionStart(Name=InstallDriver,,) MSI (s) (08:FC) [19:53:42:851]: Executing op: CustomActionSchedule(Action=InstallDriver,ActionType=11265,Source=BinaryData,Target=**********,CustomActionData=**********) MSI (s) (08:34) [19:53:42:861]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIA9A5.tmp, Entrypoint: InstallNisDriver 19:53:42 NIS setup CA INFO : InstallNisDriver started MSI (s) (08:FC) [19:53:43:051]: Executing op: ActionStart(Name=InstallMpFilterDriverRollback,,) 19:53:43 NIS setup CA INFO : InstallNisDriver completed with error result 0 MSI (s) (08:FC) [19:53:43:051]: Executing op: CustomActionSchedule(Action=InstallMpFilterDriverRollback,ActionType=3393,Source=BinaryData,Target=MpUninstallDriver,CustomActionData=C:\Program Files\Microsoft Security Client\Drivers\mpfilter\) MSI (s) (08:FC) [19:53:43:051]: Executing op: ActionStart(Name=InstallMpFilterDriver,,) MSI (s) (08:FC) [19:53:43:051]: Executing op: CustomActionSchedule(Action=InstallMpFilterDriver,ActionType=3073,Source=BinaryData,Target=MpInstallDriver,CustomActionData=C:\Program Files\Microsoft Security Client\Drivers\mpfilter\) MSI (s) (08:70) [19:53:43:051]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIAA71.tmp, Entrypoint: MpInstallDriver WIXFXCA: MpInstallDriver: INFO: MpDrvInst - installation begin. WIXFXCA: MpInstallDriver: INFO: Driver package located at C:\Program Files\Microsoft Security Client\Drivers\mpfilter\ WIXFXCA: MpInstallDriver: INFO: Driver service name is mpfilter WIXFXCA: MpInstallDriver: INFO: MpDrvInst: Reboot is NOT required to finish installation MSI (s) (08:FC) [19:53:43:211]: Executing op: ActionStart(Name=WriteRegistryValues,Description=Writing system registry values,Template=Key: [1], Name: [2], Value: [3]) WIXFXCA: MpInstallDriver: INFO: MpDrvInst - installation end. MSI (s) (08:FC) [19:53:43:211]: Executing op: ProgressTotal(Total=184,Type=1,ByteEquivalent=13200) MSI (s) (08:FC) [19:53:43:211]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocServer32,,BinaryType=0,,) MSI (s) (08:FC) [19:53:43:211]: Executing op: RegAddValue(,Value=C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll,) MSI (s) (08:FC) [19:53:43:211]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,) MSI (s) (08:FC) [19:53:43:221]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE},,BinaryType=0,,) MSI (s) (08:FC) [19:53:43:221]: Executing op: RegAddValue(,Value=Microsoft Antimalware IOfficeAntiVirus implementation,) MSI (s) (08:FC) [19:53:43:221]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocHandler32,,BinaryType=0,,) MSI (s) (08:FC) [19:53:43:221]: Executing op: RegAddValue(,Value=C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll,) MSI (s) (08:FC) [19:53:43:231]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Implemented Categories,,BinaryType=0,,) MSI (s) (08:FC) [19:53:43:231]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:241]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49},,BinaryType=0,,) MSI (s) (08:FC) [19:53:43:241]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:241]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware,SecurityDescriptor=BinaryData,BinaryType=0,,) MSI (s) (08:FC) [19:53:43:241]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:241]: Executing op: RegAddValue(Name=InstallLocation,Value=C:\Program Files (x86)\Microsoft Security Client\,) MSI (s) (08:FC) [19:53:43:251]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:251]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Microsoft\Windows\CurrentVersion\Policies\Attachments,,BinaryType=0,,) MSI (s) (08:FC) [19:53:43:251]: Executing op: RegAddValue(Name=ScanWithAntiVirus,Value=#3,) MSI (s) (08:FC) [19:53:43:251]: Executing op: RegOpenKey(Root=-1,Key=SOFTWARE\Microsoft\Microsoft Antimalware Setup\StartMenu,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:251]: Executing op: RegAddValue(Name=Microsoft Security Essentials,Value=MSEv2,) MSI (s) (08:FC) [19:53:43:251]: Executing op: RegOpenKey(,Key=AppID\{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:251]: Executing op: RegAddValue(,Value=MsMpCom,) MSI (s) (08:FC) [19:53:43:261]: Executing op: RegAddValue(Name=DllSurrogate,,) MSI (s) (08:FC) [19:53:43:261]: Executing op: RegOpenKey(,Key=MsMpComExports.MsMpComFactoryFcs,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:261]: Executing op: RegAddValue(,Value=Microsoft AntiMalware Com Layer,) MSI (s) (08:FC) [19:53:43:261]: Executing op: RegOpenKey(,Key=MsMpComExports.MsMpComFactoryFcs\CLSID,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:261]: Executing op: RegAddValue(,Value={546BF232-C9DD-4F28-8E38-30AE2D964D46},) MSI (s) (08:FC) [19:53:43:271]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\VersionIndependentProgID,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:271]: Executing op: RegAddValue(,Value=MsMpComExports.MsMpComFactoryFcs,) MSI (s) (08:FC) [19:53:43:271]: Executing op: RegOpenKey(,Key=MsMpComExports.MsMpComFactoryFcs\CurVer,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:271]: Executing op: RegAddValue(,Value=MsMpComExports.MsMpComFactoryFcs.1,) MSI (s) (08:FC) [19:53:43:281]: Executing op: RegOpenKey(,Key=MsMpComExports.MsMpComFactoryFcs.1,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:281]: Executing op: RegAddValue(,Value=Microsoft AntiMalware Com Layer,) MSI (s) (08:FC) [19:53:43:281]: Executing op: RegOpenKey(,Key=MsMpComExports.MsMpComFactoryFcs.1\CLSID,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:281]: Executing op: RegAddValue(,Value={546BF232-C9DD-4F28-8E38-30AE2D964D46},) MSI (s) (08:FC) [19:53:43:281]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\ProgID,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:281]: Executing op: RegAddValue(,Value=MsMpComExports.MsMpComFactoryFcs.1,) MSI (s) (08:FC) [19:53:43:291]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocServer32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:291]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\MsMpCom.dll,) MSI (s) (08:FC) [19:53:43:291]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,) MSI (s) (08:FC) [19:53:43:301]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:301]: Executing op: RegAddValue(Name=LocalizedString,Value=#%@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000,) MSI (s) (08:FC) [19:53:43:301]: Executing op: RegAddValue(Name=AppId,Value={A79DB36D-6218-48E6-9EC9-DCBA9A39BF00},) MSI (s) (08:FC) [19:53:43:301]: Executing op: RegAddValue(,Value=Microsoft AntiMalware Com Layer,) MSI (s) (08:FC) [19:53:43:301]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocHandler32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:301]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\MsMpCom.dll,) MSI (s) (08:FC) [19:53:43:311]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\TypeLib,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:311]: Executing op: RegAddValue(,Value={8C389764-F036-48F2-9AE2-88C260DCF400},) MSI (s) (08:FC) [19:53:43:311]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\Version,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:311]: Executing op: RegAddValue(,Value=1.0,) MSI (s) (08:FC) [19:53:43:311]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\Programmable,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:311]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:311]: Executing op: RegOpenKey(,Key=Interface\{AC30C2BA-0109-403D-9D8E-140BB4703700},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:311]: Executing op: RegAddValue(,Value=IMsMpComFactory,) MSI (s) (08:FC) [19:53:43:321]: Executing op: RegOpenKey(,Key=Interface\{AC30C2BA-0109-403D-9D8E-140BB4703700}\TypeLib,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:321]: Executing op: RegAddValue(,Value={8C389764-F036-48F2-9AE2-88C260DCF400},) MSI (s) (08:FC) [19:53:43:321]: Executing op: RegAddValue(Name=Version,Value=1.0,) MSI (s) (08:FC) [19:53:43:331]: Executing op: RegOpenKey(,Key=Interface\{AC30C2BA-0109-403D-9D8E-140BB4703700}\ProxyStubClsid32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:331]: Executing op: RegAddValue(,Value={00020424-0000-0000-C000-000000000046},) MSI (s) (08:FC) [19:53:43:331]: Executing op: RegOpenKey(,Key=Interface\{E2D74550-8E41-460E-BB51-52E1F9522100},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:331]: Executing op: RegAddValue(,Value=IMsMpClientUtils,) MSI (s) (08:FC) [19:53:43:331]: Executing op: RegOpenKey(,Key=Interface\{E2D74550-8E41-460E-BB51-52E1F9522100}\TypeLib,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:331]: Executing op: RegAddValue(,Value={8C389764-F036-48F2-9AE2-88C260DCF400},) MSI (s) (08:FC) [19:53:43:341]: Executing op: RegAddValue(Name=Version,Value=1.0,) MSI (s) (08:FC) [19:53:43:341]: Executing op: RegOpenKey(,Key=Interface\{E2D74550-8E41-460E-BB51-52E1F9522100}\ProxyStubClsid32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:341]: Executing op: RegAddValue(,Value={00020424-0000-0000-C000-000000000046},) MSI (s) (08:FC) [19:53:43:341]: Executing op: RegOpenKey(,Key=Interface\{CDFED399-7999-4309-B064-1EDE04BC5800},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:341]: Executing op: RegAddValue(,Value=IMsMpSimpleConfig,) MSI (s) (08:FC) [19:53:43:351]: Executing op: RegOpenKey(,Key=Interface\{CDFED399-7999-4309-B064-1EDE04BC5800}\TypeLib,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:351]: Executing op: RegAddValue(,Value={8C389764-F036-48F2-9AE2-88C260DCF400},) MSI (s) (08:FC) [19:53:43:351]: Executing op: RegAddValue(Name=Version,Value=1.0,) MSI (s) (08:FC) [19:53:43:351]: Executing op: RegOpenKey(,Key=Interface\{CDFED399-7999-4309-B064-1EDE04BC5800}\ProxyStubClsid32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:351]: Executing op: RegAddValue(,Value={00020424-0000-0000-C000-000000000046},) MSI (s) (08:FC) [19:53:43:361]: Executing op: RegOpenKey(,Key=TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:361]: Executing op: RegAddValue(,Value=Microsoft AntiMalware 1.0 Type Library,) MSI (s) (08:FC) [19:53:43:361]: Executing op: RegOpenKey(,Key=TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\0\win64,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:361]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\MsMpCom.dll,) MSI (s) (08:FC) [19:53:43:371]: Executing op: RegOpenKey(,Key=TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\FLAGS,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:371]: Executing op: RegAddValue(,Value=0,) MSI (s) (08:FC) [19:53:43:371]: Executing op: RegOpenKey(,Key=TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\HELPDIR,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:371]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\,) MSI (s) (08:FC) [19:53:43:371]: Executing op: RegOpenKey(,Key=CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocServer32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:371]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\MsMpCom.dll,) MSI (s) (08:FC) [19:53:43:381]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,) MSI (s) (08:FC) [19:53:43:381]: Executing op: RegOpenKey(,Key=CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:381]: Executing op: RegAddValue(,Value=Microsoft AntiMalware Com Layer,) MSI (s) (08:FC) [19:53:43:381]: Executing op: RegAddValue(Name=AppId,Value={A79DB36D-6218-48E6-9EC9-DCBA9A39BF00},) MSI (s) (08:FC) [19:53:43:391]: Executing op: RegOpenKey(,Key=CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocHandler32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:391]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\MsMpCom.dll,) MSI (s) (08:FC) [19:53:43:391]: Executing op: RegOpenKey(,Key=CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\Version,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:391]: Executing op: RegAddValue(,Value=1.0,) MSI (s) (08:FC) [19:53:43:401]: Executing op: RegOpenKey(,Key=CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\Programmable,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:401]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:401]: Executing op: RegOpenKey(,Key=CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\Elevation,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:401]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:401]: Executing op: RegAddValue(Name=Enabled,Value=#1,) MSI (s) (08:FC) [19:53:43:401]: Executing op: RegAddValue(Name=IconReference,Value=#%@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100,) MSI (s) (08:FC) [19:53:43:401]: Executing op: RegOpenKey(,Key=APPID\{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:401]: Executing op: RegAddValue(Name=AccessPermission,Value=#x010004805800000068000000000000001400000002004400030000000000140003000000010100000000000512000000000014000300 000001010000000000050A00000000001400030000000101000000000005040000000102000000000005200000002002000001020000000000052000000020020000,) MSI (s) (08:FC) [19:53:43:401]: Executing op: RegAddValue(Name=LaunchPermission,Value=#x010004805C0000006C00000000000000140000000200480003000000000014000B000000010100000000000512000000000018000B00 000001020000000000052000000020020000000014000B0000000101000000000005040000000102000000000005200000002002000001020000000000052000000020020000,) MSI (s) (08:FC) [19:53:43:411]: Executing op: RegOpenKey(,Key=CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\Implemented Categories\{82BDC749-597A-4DEF-B6CA-833E3F18D4C9},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:411]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:411]: Executing op: RegOpenKey(,Key=Component Categories\{82BDC749-597A-4DEF-B6CA-833E3F18D4C9},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:411]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:411]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocServer32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:411]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\MpOAv.dll,) MSI (s) (08:FC) [19:53:43:411]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,) MSI (s) (08:FC) [19:53:43:421]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:421]: Executing op: RegAddValue(,Value=Microsoft Antimalware IOfficeAntiVirus implementation,) MSI (s) (08:FC) [19:53:43:421]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocHandler32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:421]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\MpOAV.dll,) MSI (s) (08:FC) [19:53:43:421]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:421]: Executing op: RegAddValue(,Value=Scanned Hosting Applications,) MSI (s) (08:FC) [19:53:43:431]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts\shdocvw,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:431]: Executing op: RegAddValue(,Value=IAttachmentExecute,) MSI (s) (08:FC) [19:53:43:431]: Executing op: RegAddValue(Name=Enable,Value=#1,) MSI (s) (08:FC) [19:53:43:441]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Hosts\urlmon,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:441]: Executing op: RegAddValue(,Value=ActiveX controls,) MSI (s) (08:FC) [19:53:43:441]: Executing op: RegAddValue(Name=Enable,Value=#1,) MSI (s) (08:FC) [19:53:43:451]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Implemented Categories,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:451]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:451]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:451]: Executing op: RegOpenKey(,Key=CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:451]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:451]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:451]: Executing op: RegOpenKey(,Key=CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:451]: Executing op: RegAddValue(,Value=C:\Program Files\Microsoft Security Client\shellext.dll,) MSI (s) (08:FC) [19:53:43:451]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,) MSI (s) (08:FC) [19:53:43:461]: Executing op: RegOpenKey(,Key=CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\Version,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:461]: Executing op: RegAddValue(,Value=4.2.0223.1,) MSI (s) (08:FC) [19:53:43:461]: Executing op: RegOpenKey(,Key=*\shellex\ContextMenuHandlers\EPP,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:461]: Executing op: RegAddValue(,Value={09A47860-11B0-4DA5-AFA5-26D86198A780},) MSI (s) (08:FC) [19:53:43:471]: Executing op: RegOpenKey(,Key=Directory\shellex\ContextMenuHandlers\EPP,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:471]: Executing op: RegAddValue(,Value={09A47860-11B0-4DA5-AFA5-26D86198A780},) MSI (s) (08:FC) [19:53:43:471]: Executing op: RegOpenKey(,Key=Drive\shellex\ContextMenuHandlers\EPP,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:471]: Executing op: RegAddValue(,Value={09A47860-11B0-4DA5-AFA5-26D86198A780},) MSI (s) (08:FC) [19:53:43:471]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:471]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:471]: Executing op: RegAddValue(Name=InstallLocation,Value=C:\Program Files\Microsoft Security Client\,) MSI (s) (08:FC) [19:53:43:481]: Executing op: RegAddValue(Name=ProductAppDataPath,Value=C:\ProgramData\Microsoft\Microsoft Antimalware,) MSI (s) (08:FC) [19:53:43:481]: Executing op: RegAddValue(Name=ServiceHardeningFlags,Value=#3,) MSI (s) (08:FC) [19:53:43:481]: Executing op: RegAddValue(Name=ProductIcon,Value=@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100,) MSI (s) (08:FC) [19:53:43:481]: Executing op: RegAddValue(Name=ProductLocalizedName,Value=@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000,) MSI (s) (08:FC) [19:53:43:491]: Executing op: RegAddValue(Name=RemediationExe,Value=C:\Program Files\Microsoft Security Client\msseces.exe,) MSI (s) (08:FC) [19:53:43:491]: Executing op: RegAddValue(Name=WATPath,Value=C:\Program Files\Microsoft Security Client\mssewat.dll,) MSI (s) (08:FC) [19:53:43:491]: Executing op: RegAddValue(Name=Edt,Value=#x0000000000000000,) MSI (s) (08:FC) [19:53:43:501]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:501]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Reporting,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:501]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:501]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:501]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:501]: Executing op: RegAddValue(Name=SignatureCategoryID,Value=6b9e8b26-8f50-44b9-94c6-7846084383ec,) MSI (s) (08:FC) [19:53:43:501]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:511]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:511]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:511]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:511]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:511]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Scan,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:511]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:511]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:511]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Quarantine,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:511]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:521]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:521]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:521]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:521]: Executing op: RegAddValue(Name=SpyNetReportingLocation,Value=[~]https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx,) MSI (s) (08:FC) [19:53:43:521]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:521]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Threats,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:521]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:531]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:531]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:531]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:531]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:531]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:531]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:531]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:531]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:531]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:541]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:541]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:541]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:541]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:541]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:541]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:541]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:541]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\TemporaryPaths,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:541]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:551]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:551]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\UX Configuration,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:551]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\Miscellaneous Configuration,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:551]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\MpEngine,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:551]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:561]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:561]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:561]: Executing op: RegAddValue(Name=PRODUCTICON,Value=@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100,) MSI (s) (08:FC) [19:53:43:561]: Executing op: RegAddValue(Name=PRODUCTLOCALIZEDNAME,Value=@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000,) MSI (s) (08:FC) [19:53:43:561]: Executing op: RegAddValue(Name=REMEDIATIONEXE,Value=C:\Program Files\Microsoft Security Client\msseces.exe,) MSI (s) (08:FC) [19:53:43:571]: Executing op: RegAddValue(Name=SIGNATURECATEGORYID,Value=6b9e8b26-8f50-44b9-94c6-7846084383ec,) MSI (s) (08:FC) [19:53:43:571]: Executing op: RegAddValue(Name=PRODUCT_SKU,Value=MSEv2,) MSI (s) (08:FC) [19:53:43:571]: Executing op: RegAddValue(Name=INSTALLDIR,Value=C:\Program Files\Microsoft Security Client\,) MSI (s) (08:FC) [19:53:43:571]: Executing op: RegAddValue(Name=WATCHECKDLL,Value=C:\Program Files\Microsoft Security Client\mssewat.dll,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegAddValue(Name=MARKET,Value=de-de,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\SKU Differentiation,SecurityDescriptor=BinaryData,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegAddValue(Name={7A692DFC-A587-4230-B53B-6B8E867B3212},Value=#0,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Microsoft\Windows\CurrentVersion\Policies\Attachments,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegAddValue(Name=ScanWithAntiVirus,Value=#3,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Services\Eventlog\Application\MPSampleSubmission,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegAddValue(,Value=1,) MSI (s) (08:FC) [19:53:43:581]: Executing op: RegAddValue(Name=EventMessageFile,Value=C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=TypesSupported,Value=#7,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:591]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(,Value=Service,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:591]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(,Value=Service,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:591]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=EventMessageFile,Value=C:\Program Files\Microsoft Security Client\MpEvMsg.dll,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=ParameterMessageFile,Value=C:\Program Files\Microsoft Security Client\MpEvMsg.dll,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=TypesSupported,Value=#7,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:591]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Services\MsMpSvc,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=ServiceSidType,Value=#1,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=RequiredPrivileges,Value=SeLoadDriverPrivilege[~]SeImpersonatePrivilege[~]SeBackupPrivilege[~]SeRestorePrivilege[~]SeDebugPrivilege[~]SeChangeNotifyPrivilege[~]SeSecurityPrivilege[~]SeShutdownPrivilege[~]SeIncreaseQuotaPrivilege[~]SeAssignPrimaryTokenPrivilege[~]SeTcbPrivilege[~]SeSystemEnvironmentPrivilege,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegCreateKey() MSI (s) (08:FC) [19:53:43:591]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Services\NisSrv\Parameters,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=ServiceID,Value=#x01060000000000055000000037bf7e57164ad67335b2da479a3525beabebc66f,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft Security Client,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=EventMessageFile,Value=C:\Program Files\Microsoft Security Client\MsMpRes.dll,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:591]: Executing op: RegAddValue(Name=MSC,Value="C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=ClockType,Value=#2,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=FileName,Value=C:\ProgramData\Microsoft\Microsoft Security Client\Support\Application.etl,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=FlushTimer,Value=#1,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=Guid,Value={ebb5d2d1-897c-483c-a28d-0b02b8e5f4a5},) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=LogFileMode,Value=#2,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=MaxFileSize,Value=#5,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=Start,Value=#1,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=Status,Value=#0,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client\{a1488156-5391-4f34-9214-105e4335f3a4},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=Enabled,Value=#1,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=EnableFlags,Value=#255,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=EnableLevel,Value=#0,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=Status,Value=#0,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name={09A47860-11B0-4DA5-AFA5-26D86198A780},Value=EPP,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Microsoft Security Client,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:601]: Executing op: RegAddValue(Name=OOBE,Value=#0,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=Market,Value=de-de,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=2D153B43-11B4-461F-AA43-832B2C8B8872,Value=C:\Program Files\Microsoft Security Client\MSESysprep.dll,DllSysprep_Cleanup,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE,,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=ClockType,Value=#2,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=FileName,Value=C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=FlushTimer,Value=#1,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=Guid,Value={8BFBB25E-3C2C-47eb-BFAF-6002768DF89A},) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=LogFileMode,Value=#5,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=MaxFileSize,Value=#5,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=Start,Value=#1,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=Status,Value=#0,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegOpenKey(Root=-2147483646,Key=SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\Microsoft Security Client OOBE\{913EFF0B-2CC3-4c64-A840-B0D7A38E90E4},,BinaryType=1,,) MSI (s) (08:FC) [19:53:43:611]: Executing op: RegAddValue(Name=Enabled,Value=#1,) MSI (s) (08:FC) [19:53:43:621]: Executing op: RegAddValue(Name=EnableFlags,Value=#255,) MSI (s) (08:FC) [19:53:43:621]: Executing op: RegAddValue(Name=EnableLevel,Value=#0,) MSI (s) (08:FC) [19:53:43:621]: Executing op: RegAddValue(Name=Status,Value=#0,) MSI (s) (08:FC) [19:53:43:621]: Executing op: ActionStart(Name=Rollback_RefreshShellFTA,,) MSI (s) (08:FC) [19:53:43:621]: Executing op: CustomActionSchedule(Action=Rollback_RefreshShellFTA,ActionType=1345,Source=BinaryData,Target=RefreshShellFileTypeAssociation,) MSI (s) (08:FC) [19:53:43:621]: Executing op: ActionStart(Name=RefreshShellFTA,,) MSI (s) (08:FC) [19:53:43:621]: Executing op: CustomActionSchedule(Action=RefreshShellFTA,ActionType=1089,Source=BinaryData,Target=RefreshShellFileTypeAssociation,) MSI (s) (08:38) [19:53:43:621]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIACB3.tmp, Entrypoint: RefreshShellFileTypeAssociation MSI (s) (08:FC) [19:53:43:631]: Executing op: ActionStart(Name=ModifyClientAppLogLocation,,) Custom Action Trace (RefreshShellFileTypeAssociation): Shell file type association was refreshed MSI (s) (08:FC) [19:53:43:641]: Executing op: CustomActionSchedule(Action=ModifyClientAppLogLocation,ActionType=3137,Source=BinaryData,Target=ModifyClientAppLogLocation,) MSI (s) (08:54) [19:53:43:641]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIACC4.tmp, Entrypoint: ModifyClientAppLogLocation Custom Action Trace (ModifyClientAppLogLocation): Enter Function ModifyClientAppLogLocation Custom Action Trace (ModifyClientAppLogLocation): Set registry value FileName successfully. MSI (s) (08:FC) [19:53:43:641]: Executing op: ActionStart(Name=RegisterClientAppTraceSession,,) Custom Action Trace (ModifyClientAppLogLocation): Exit Function ModifyClientAppLogLocation MSI (s) (08:FC) [19:53:43:641]: Executing op: CustomActionSchedule(Action=RegisterClientAppTraceSession,ActionType=3137,Source=BinaryData,Target=RegisterClientAppTraceSession,) MSI (s) (08:E8) [19:53:43:651]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIACC5.tmp, Entrypoint: RegisterClientAppTraceSession Custom Action Trace (RegisterClientAppTraceSession): Enter Function RegisterClientAppTraceSession MSI (s) (08:FC) [19:53:43:651]: Executing op: ActionStart(Name=InstallServices,Description=Installing new services,Template=Service: [2]) Custom Action Trace (RegisterClientAppTraceSession): Exit Function RegisterClientAppTraceSession MSI (s) (08:FC) [19:53:43:651]: Executing op: ProgressTotal(Total=2,Type=1,ByteEquivalent=1300000) MSI (s) (08:FC) [19:53:43:651]: Executing op: ServiceInstall(Name=MsMpSvc,DisplayName=Microsoft Antimalware Service,ImagePath="C:\Program Files\Microsoft Security Client\MsMpEng.exe",ServiceType=16,StartType=2,ErrorControl=1,LoadOrderGroup=COM Infrastructure,Dependencies=RpcSs[~][~][~],,,Password=**********,Description=@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-240,,) MSI (s) (08:FC) [19:53:44:264]: Executing op: ServiceInstall(Name=NisSrv,DisplayName=@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243,ImagePath="C:\Program Files\Microsoft Security Client\NisSrv.exe",ServiceType=16,StartType=3,ErrorControl=32769,,Dependencies=NisDrv[~][~][~],,,Password=**********,Description=@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-242,,) MSI (s) (08:FC) [19:53:44:303]: Executing op: ActionStart(Name=MpExecServiceConfig,,) MSI (s) (08:FC) [19:53:44:303]: Executing op: CustomActionSchedule(Action=MpExecServiceConfig,ActionType=1025,Source=BinaryData,Target=MpExecServiceConfig,CustomActionData=MsMpSvc€1€NisSrv€0) MSI (s) (08:EC) [19:53:44:313]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIAF55.tmp, Entrypoint: MpExecServiceConfig WIXFXCA: MpExecServiceConfig: INFO: Successfully configured 'MsMpSvc' service WIXFXCA: MpExecServiceConfig: INFO: Successfully applied ACL to 'MsMpSvc' service WIXFXCA: MpExecServiceConfig: INFO: Successfully configured 'NisSrv' service WIXFXCA: MpExecServiceConfig: INFO: No special ACL requested for 'NisSrv' service MSI (s) (08:FC) [19:53:44:395]: Executing op: ActionStart(Name=CollectErrorLogFiles,,) MSI (s) (08:FC) [19:53:44:395]: Executing op: CustomActionSchedule(Action=CollectErrorLogFiles,ActionType=3393,Source=BinaryData,Target=CollectErrorLogFiles,CustomActionData=C:\ProgramData\Microso ft\Microsoft Antimalware\Support\) MSI (s) (08:FC) [19:53:44:395]: Executing op: ActionStart(Name=ConfigServiceHardening,,) MSI (s) (08:FC) [19:53:44:405]: Executing op: CustomActionSchedule(Action=ConfigServiceHardening,ActionType=3137,Source=BinaryData,Target=ConfigServiceHardening,CustomActionData=MsMpSvc;C:\Program Files\Microsoft Security Client\MsMpEng.exe) MSI (s) (08:EC) [19:53:44:405]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIAFC3.tmp, Entrypoint: ConfigServiceHardening WIXFXCA: ConfigServiceHardening: INFO: begin. MSI (s) (08:FC) [19:53:44:505]: Executing op: ActionStart(Name=EnableWDRollback,,) WIXFXCA: ConfigServiceHardening: INFO: end. MSI (s) (08:FC) [19:53:44:505]: Executing op: CustomActionSchedule(Action=EnableWDRollback,ActionType=3393,Source=BinaryData,Target=EnableWD,CustomActionData=Microsoft Antimalware) MSI (s) (08:FC) [19:53:44:505]: Executing op: ActionStart(Name=FinalizeNisInstall,,) MSI (s) (08:FC) [19:53:44:515]: Executing op: CustomActionSchedule(Action=FinalizeNisInstall,ActionType=11265,Source=BinaryData,Target=**********,CustomActionData=**********) MSI (s) (08:9C) [19:53:44:515]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIB031.tmp, Entrypoint: FinalizeNisInstall MSI (s) (08:FC) [19:53:44:595]: Executing op: ActionStart(Name=StartServices,Description=Starting services,Template=Service: [1]) MSI (s) (08:FC) [19:53:44:595]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000) MSI (s) (08:FC) [19:53:44:595]: Executing op: ServiceControl(,Name=MsMpSvc,Action=1,,) MSI (s) (08:FC) [19:53:46:129]: Executing op: ActionStart(Name=ValidateServiceStart,,) MSI (s) (08:FC) [19:53:46:129]: Executing op: CustomActionSchedule(Action=ValidateServiceStart,ActionType=3073,Source=BinaryData,Target=ValidateServiceStart,CustomActionData=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:46:129]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIB679.tmp, Entrypoint: ValidateServiceStart WIXFXCA: ValidateServiceStart: INFO: begin. MSI (s) (08:FC) [19:53:46:149]: Executing op: ActionStart(Name=RegisterProduct,Description=Registering product,Template=[1]) WIXFXCA: ValidateServiceStart: INFO: end. MSI (s) (08:FC) [19:53:46:149]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=product.cab,BytesPerTick=0,CopierType=2,ModuleFileName=C:\Windows\Installer\809e05.msi,,,,,IsFirstPhysicalMedia=1) MSI (s) (08:FC) [19:53:46:149]: Executing op: DatabaseCopy(DatabasePath=C:\Windows\Installer\809e05.msi,ProductCode={D954C6C2-544B-4091-A47F-11E77162883E},,,) MSI (s) (08:FC) [19:53:46:149]: Note: 1: 1402 2: UNKNOWN\Products\2C6C459DB44519044AF7117E172688E3\InstallProperties 3: 2 MSI (s) (08:FC) [19:53:46:149]: File will have security applied from OpCode. MSI (s) (08:FC) [19:53:46:169]: Executing op: ProductRegister(UpgradeCode={93F31D62-E849-45D1-B610-605B3559409D},VersionString=4.2.0223.1,,,InstallLocation=C:\Program Files\Microsoft Security Client\,InstallSource=d:\e7c248284070f03bb2c8732485aefe93\amd64\,Publisher=Microsoft Corporation,,,,NoModify=1,,,,,,,SystemComponent=1,EstimatedSize=12481,,,,) MSI (s) (08:FC) [19:53:46:289]: Executing op: ProductCPDisplayInfoRegister() MSI (s) (08:FC) [19:53:46:289]: Executing op: ActionStart(Name=PublishFeatures,Description=Publishing Product Features,Template=Feature: [1]) MSI (s) (08:FC) [19:53:46:289]: Executing op: FeaturePublish(Feature=NIS,,Absent=2,) MSI (s) (08:FC) [19:53:46:299]: Executing op: FeaturePublish(Feature=EppOobe,,Absent=2,Component=UeW22n3]H9IK4h&mMaN0=F]Q2S8_U=p6f}1+_wmLJ!mkT[v{h9j}5Wb`6U.Pr]oZLOWm8?AXn+gPpAvH[myKYG7z`9M9rxRb9YubLY_UEKw1y?F'f5wyzF!wn]OdF]{m1=PIwg^J)]dU9~,}?m%L(=,?7wx!A&UC8NTV%HpMB=COJY^S*6cyI^1^!ZkW^@2g3oqYIdasq,k*%hpxr@8BOuVnReJ1t$Y+3R!!4@{Kty!pa]J=t9ROZ6O(o8RB%(*acQs6S8nrYsMAv=Z^.c52lQ[uXbm-+f5NZ85E4D9d(Wss'LYzm'Y1-@AJ6vE_N-Urui,ad?m5}?))%`03b3YpOK'I.lt%]=Yf[el*WVJm) MSI (s) (08:FC) [19:53:46:299]: Executing op: FeaturePublish(Feature=UACSupport,Parent=MSMPService,Absent=2,Component=KaYSUOy7U=fuABMGqd[_]q6G'ZJLOAn.Xl`bJ3i(M^Q6?a%$]A'WcGG=Jg{&E)tnvmiYj9vcD-2phH=Z) MSI (s) (08:FC) [19:53:46:309]: Executing op: FeaturePublish(Feature=MSMPService,,Absent=2,Component=KaYSUOy7U=fuABMGqd[_]q6G'ZJLOAn.Xl`bJ3i(M^Q6?a%$]A'WcGG=Jg{&E)tnvmiYj9vcD-2phH=ZB{od?X`DZ=DEY@8X=5iA~4Wc[oB1f@_Bi?,T,Frvs(r?jTdHm@2Sekdb%7qog14WykIa'Ah`I2qLv0B7bk@FF(4i@@)0-)?H3m8P(AS&(jm@+?V0(e2s{GVWOl?ZFuIiK=jNBaR*QrV35JLjliTZ5?7=$I3+^(YHv]YNdLrxl=tIR)o^=i8,-6ial_U_1?]ruFM^Acpkf.jLu4zqD=I={5cUhCd$cl3IZyt-T=}OGBGz0yv0^'JVm_Vb2Aa[=UmKq2wwb4zV)scLD@pQ,)[&o3DV@$MXQEv`w@6+4DD5X.,-4F6$,ap*x8IQNU'5HJ)zUNX^txejM?k!tM6%.~B,II!qg8W~2Ak]cxRzs6,0%RuMW8B@S={JbiE17yUoFk__3U7b!@X1A9U`vBiTWKHAjTO36=]T=)vh64RX5$Ydq,=-o8zB`bh]Oycaw^^@xp2ci?qT%y0pO1Wr$Zo`2n?UY@E0pV)e3VqglVDT5j$uYA!M.'pD4SIv}70kwLzGX@'(2SBlNy4@6mw0bJP8o9z9Q7Cfk9D`ZrHxzheQT=-dZa4cn4g9vfD~UMLxx?X+rcF}v8[XDe&D3LIG29)5xzQYE$s2Uc9IQi17k@*J[tWjye.1G'FI0Yo6?=o+^b`r3UP^qe}^L2?&mDeZ&J.Fvn!$Om'-wb$+sC%Q0kQ@V=C@M5be5X$AjC{X6uRe!t]qe33SU~m}MDM+Rtm5Btk*n+&hy@H1OEwwl=v@(NP8zwO-V^yV1Dscx3J!9skS$6yQP?rpQFsobG$7yej9J[vEj,W+9EM7ud@{f.AYrM_?s16u1B2{!9*zG6h0^+s)@C4KPF4i-x8mGD@)7}OAKNc!b9I*+jNdI5X$(x(JXB{5e9TT$DCTG96a.)C`]dheA9g~z3^=&kSzI}z*1m!Q)9J%h=e$9E MSI (s) (08:FC) [19:53:46:319]: Executing op: FeaturePublish(Feature=LocFiles,,Absent=2,Component=J'%4TI5!F?Dht60,z8=@yH(d8=AKOARjvb],JG8T.-uaa!.r~@A{UTZ8tc'$~EAVT((q5=F$Qs+VvRT&iX&WxmNJLAajKhk!Lxjnjcz9QmEI1=izYl9SmIaQXcRDG+DKj?.Jg`x6RlIx`WZihl&UJ=5e,za@RgDPIxI2R'4aP9o^1Y@4TW7]=`Mx)[HiN@Frj}tL&l3Aj.KV^vFts@R.~htD^@$e=O_e9~my]A@e6=XDn%}P}$RQrNOUh?bk.]8[T%d%3CEu3ixg=ARfM_Ym?&'{@K[iLTZSZ@bk[Z5p81sAZ3]nAoUBE?[(E.,67~VlHS{ly~%sV@pE?W&WlHRL&C'GG[P?X@qbD-myIyLQ@IQOT&%2m?!p(Ti1~u}kjHj7fT~LS@`08%vUu,AfydCKH$H(m9oI+lx@,G*M@]aA?3Efk?sF%.q2~+]vTl73.lk$v=c~${[?+FsSrWCEio=+{80Eg&rY-`F%7^flqpp52@2Vj?Zt7_aH`S%6^(f.A?^tHA7FY!Yg)?dRZM~?!@8vSa6Ler-LgA8}58S@$@(6j-!Xv)RdMkiP=-D]L?H'H`R^F8YcI'UWS,vt3?8-?r({K@`u')=4V$+M0=(GgYEc9(Yaw~{hyQ$Q3?}wtnjxoqy9d.tIH%{d{9zAX_Q9?=T_,RuBcwjk%=y{FPbx{Wk=2@32X&%9W=VSVlL_hajUtUSEimtal@$({1Sn)3,FCOa%y8igX=k?@7tJ_2{Bql duLX_[-Al7s,)NfH?_+x7dl-RKZ@a7S3.d^oz0d&'G&cWN*Ab0wtkJpQ1NXZ7o=3=uA9,Y0QnnRCMe,]S^IW8ao8iId&68)n`gu`[jdzJ!B9Kp]%bjtmQGh$ZqRYDAPARAtif@Myj)0lnFEH@bR@DItPavOGAbt0H7hJgU&=*{Z*nIO?C-NWsuGoauT?%MI4,41GKZ)4G[adu]'A5=Qg'zd4AVJh)=H]k%k?xmZ09O)qzK_7FW0uV*RAg6]}LTM&~-P MSI (s) (08:FC) [19:53:46:319]: Executing op: FeaturePublish(Feature=NIS_FEATURE,Parent=NIS,Absent=2,Component=08?8n84O?@q2]sa1K,haU+74?V}1^9'i?Pcx[{IkzYB1jozmz9MWUL^URPiW`gaT9rBc`?WmHg3Jv1.VK6U_zf]eF?G%OCHyzuF?kyaGjLjB0?_Meh%Z41b0) MSI (s) (08:FC) [19:53:46:329]: Executing op: FeaturePublish(Feature=EppBody,,Absent=2,Component=Bs,?Dvp?g=[_Ol?AQ~{r=}_KU)aGv=uXL7t9hWdZxyNJRDls2?D{7N!rL73QXk*!*7(iC=*[4%f8Dp]L7R&Rq9LvCA)tO,h]4Zsfd`bQjr2P,9&`3HN6pIsA^1(332Dv5@~,4-WaOtj['ezs4?-dFA_9Nf+lPt-nD0A2@z]Oi@zwtQ$PnsUr}ZlMBv_e,90Jn9T=d[x4]']B%g`(4A=9,3$A(Z2p-ne7TcpPEA(N&!=^*)%h.i)2o1p2p88GZCvT1O7-,PHNAOSEd8+2}fwSCO13]4ndEu&wb?qnmEGzCRd$lSG7imloB@IjU&X%{dpC*~L=3`O!%?O+t?LmCr9yM{.vTr?~z=yAbysnXK2BhQNt'bMhP?324O_CH0aT}bnG?+!sk@Ld@946Ab'Q!f^S357C2A-G_QNi_bjx9&ya7WfxY@YkEYdb0.'*+-tMBBiG~@^^0lfv-OXZr2^dEXKsf85Sde.GJd*swG_iiRDsa?p$!JTdk2&&Puca2,AH^Cg=i6s-7)jYt3RmhT~R(E9sI{.IAakKAjZ.MpoG.F4FiM1h_RlB2_vqF2E]QFmo8)42,J@7*AkT]89$yBx^a1Km{!HUA9jHdA0adFyWkh@tKo^t`'}^1YX8`@1&HK!?O5U.nNy9_8yRw@U}Pzc&DG)6) MSI (s) (08:FC) [19:53:46:329]: Executing op: FeaturePublish(Feature=EppLocFullBody,,Absent=2,Component=DjGbE2?GgCCN7~*6)Ye6oRWl!%_'2F%_XwdMwgt=k=70j$^q}Egebb1_QxRtB]tgSa&9kAf$RQq0j}q4ayr}B%M?1BF=fs=1J`'qk6a=^$Wm~D*H!S)}!,ni5X`^!jh$uDCER3C?Q38?`b$~SY%eDE@4d*^sNJF9wpjRy}D_ZCy$rq1a[ZpgMPWLwyMb.CAcRLZz13,nKW`YBAIj}AJo.BddR^6%J!hTDchePFxo0fgV~buFzuQ}&[.t`F+o2W$74[v+~VS}Z7AOPDP~[v*MRI=^4D]%C'%WGCZ4mw2`+K',n1JLo3_ZZF,IBk5cCo^a?$(H[[O2!B.978j=L58[C.?+AUA$KCSy[0Q{Z(]-F?QKud%ILFER]w'G%goHI1p.$a.6JE.e7(tV!Q!X$]Q9+7'qaC4'.(7&1HPY(8x=!aR!pB_E[qgnKbt9e+.1re!QMEOyR(zXvQtJ_C*r0j.*5FIXvNf~b4z4S)56QztuiCd(yZ$aBb=kbrI[!].KZDu4..N={^SPi4g(B=TNAD)1iFvF4,rHn~fK%=+UVDB'}mI@{kdrnIMy?4I.tB?v6?ko4tExs[IjG~khtAj+X%ERxtNc6!E0'%LEeD8R@ZpCSU5h=A~L++fR.E+=%%YeVt^CPeM$Q.JiJEr}@ji1`&t.{'QFjC=X]F*r)IJ49+Kw',CLoGPd]F%0A=C(j*HxP^Fy5INeVDAZ*QJ8-N,2,%Lu%J&)1Fn~%$B%$+[T9C6Sn)2ikD*}bzQj!bPyBwous_a'MF[ry*dpnxE?(nW`N]1uNCxv{IE,S93+opZJ+wc~WC1}WRuS5DRk7=aak$2a}EG%2`tl1D!cvLZ!WNd)XF98aiUhHh6LsJ84J(-&{Dj]%Fq17E0x,7`&eLvvYC073cXE+}Kh-2fFh2VEzBHd%*`PSv~P!xxbC1c[bFUU~+(paDj$4`k2P$7?4F7~*rb*(tW04E{!['6W*F$J!xvw2wF8!QEJ?cl1pEx^%Xw MSI (s) (08:FC) [19:53:46:339]: Executing op: FeaturePublish(Feature=BootStrapper,,Absent=2,Component=G+0.z~1YBB)]$XCM,{maKE,'fY4mxCkdg[So@$}WEQC!&Oa@2=eo*1@h{CEzD`crptI'^?UnJKr,OQeNVtuud}&k_Ao5AUDMO'm6wr13!h&*[8+mY0-LCl^CQi84mINQl8+*]YvID~hd`X)5c`1^f@.Y!aTFQGo=7n+CC}(,YAOI@YFJKv,w6_D0PzDOqFXf*P9D7Ta2gjWLsoWy~CMLZ?m1+4jx%dtYGc-)DEGj66Xk,ujML!O+c6]=-DWh!BQ0h&p7&tQZV(NoRBNv@Rkg1AlqrtN5@,!AsB%W7sXj^5i`{M(Y`Y=QsCWN-'*2ZW0FVG,t+(0'mA[[!(g4tpTETJjJ!bZjNB[ixGtE~SzANWHAT0bl5FFoz5Wq9_==A^22[nvD}B-5CaOmTGhWAf&.rf$$tCRF~}gAXL`wPBVBb}x@zDfEN(SM'7i$M5aqT^AtPFe)a4Kha)9.%ZLx=%,*-C32_7_e(heT7ZNEb2.zpAtDgllr'~8^mocN-ZNLEEF@AVynbE_z06a0=aUSlE1B8~2wYP2XqB9'D7wVaEOxL^,vf3gfAx=g4DQe]FUH0nA$3_6z8{Qvx]S74CK0w6+DEbtJ9u***b{a~C-Zgpbx}%*VOxD[,)PLdDQt^9[.SuaZOoFfi[eD@FTzX!VZX~d1t~NK9Qf0EBBUPj+jmP$zp&Obz&p4cF@b{3D6&+vA6hj99l$B_B}v`7]$9!.{h-Q9=Y58BE`pL9DyqO%tsd(+^@p9SDx%sMO0uOL5*cc4M,'*VFP7qYd0hPO4Q1Q4'g-DNBZ(~bfUw_i!8%$580&NpDw2(]b3'I0DLE[{Y58tYFa}1vP6rXF[KgavLoGGEBzmLsfXz^AmtK7QAwqO*CQ5`BWSfW]h) MSI (s) (08:FC) [19:53:46:349]: Executing op: ActionStart(Name=PublishProduct,Description=Publishing product information,) MSI (s) (08:FC) [19:53:46:349]: Executing op: IconCreate(Icon=MSE.exe,Data=BinaryData) MSI (s) (08:FC) [19:53:46:349]: Executing op: IconCreate(Icon=FEP.exe,Data=BinaryData) MSI (s) (08:FC) [19:53:46:349]: Executing op: IconCreate(Icon=SCEP.exe,Data=BinaryData) MSI (s) (08:FC) [19:53:46:349]: Executing op: IconCreate(Icon=INTUNE.exe,Data=BinaryData) MSI (s) (08:FC) [19:53:46:349]: Executing op: IconCreate(Icon=EPP.exe,Data=BinaryData) MSI (s) (08:FC) [19:53:46:349]: Executing op: IconCreate(Icon=MSEPrerelease.exe,Data=BinaryData) MSI (s) (08:FC) [19:53:46:349]: Executing op: CleanupConfigData() MSI (s) (08:FC) [19:53:46:349]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C6C459DB44519044AF7117E172688E3\Patches 3: 2 MSI (s) (08:FC) [19:53:46:349]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0) MSI (s) (08:FC) [19:53:46:349]: Note: 1: 1402 2: UNKNOWN\Products\2C6C459DB44519044AF7117E172688E3\Patches 3: 2 MSI (s) (08:FC) [19:53:46:359]: Executing op: ProductPublish(PackageKey={1E0A59F2-CF88-4EF2-A092-12DE0A8E6E5A}) MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:359]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3 3: 2 MSI (s) (08:FC) [19:53:46:379]: Executing op: UpgradeCodePublish(UpgradeCode={93F31D62-E849-45D1-B610-605B3559409D}) MSI (s) (08:FC) [19:53:46:379]: Executing op: SourceListPublish(,,,,NumberOfDisks=1) MSI (s) (08:FC) [19:53:46:379]: Note: 1: 1402 2: UNKNOWN\Installer\Products\2C6C459DB44519044AF7117E172688E3\SourceList 3: 2 MSI (s) (08:FC) [19:53:46:389]: Executing op: ProductPublishClient(,,) MSI (s) (08:FC) [19:53:46:389]: Executing op: SourceListRegisterLastUsed(SourceProduct={D954C6C2-544B-4091-A47F-11E77162883E},LastUsedSource=d:\e7c248284070f03bb2c8732485aefe93\amd64\) MSI (s) (08:FC) [19:53:46:389]: Entering CMsiConfigurationManager::SetLastUsedSource. MSI (s) (08:FC) [19:53:46:389]: Specifed source is already in a list. MSI (s) (08:FC) [19:53:46:389]: User policy value 'SearchOrder' is 'nmu' MSI (s) (08:FC) [19:53:46:389]: Adding new sources is allowed. MSI (s) (08:FC) [19:53:46:389]: Set LastUsedSource to: d:\e7c248284070f03bb2c8732485aefe93\amd64\. MSI (s) (08:FC) [19:53:46:389]: Set LastUsedType to: n. MSI (s) (08:FC) [19:53:46:389]: Set LastUsedIndex to: 1. MSI (s) (08:FC) [19:53:46:399]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=41510511) MSI (s) (08:FC) [19:53:46:399]: Skipping action: ScheduleLateRemoveExistingProducts (condition is false) MSI (s) (08:FC) [19:53:46:399]: Doing action: CreateShortcuts Action ended 19:53:46: InstallExecute. Return value 1. MSI (s) (08:FC) [19:53:46:399]: Note: 1: 2205 2: 3: MsiPatchCertificate MSI (s) (08:FC) [19:53:46:399]: LUA patching is disabled: missing MsiPatchCertificate table Action start 19:53:46: CreateShortcuts. MSI (s) (08:FC) [19:53:46:399]: Skipping action: WixFailWhenDeferred (condition is false) MSI (s) (08:FC) [19:53:46:399]: Doing action: InstallFinalize Action ended 19:53:46: CreateShortcuts. Return value 1. MSI (s) (08:FC) [19:53:46:399]: Running Script: C:\Windows\Installer\MSIB793.tmp MSI (s) (08:FC) [19:53:46:399]: User policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:46:399]: Machine policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:46:409]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1117167288,LangId=1033,Platform=589824,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,Scrip tAttributes=1) Action start 19:53:46: InstallFinalize. MSI (s) (08:FC) [19:53:46:409]: Executing op: ProductInfo(ProductKey={D954C6C2-544B-4091-A47F-11E77162883E},ProductName=Microsoft Security Client,PackageName=epp.msi,Language=1033,Version=67240159,Assignment=1,ObsoleteArg=0,,,PackageCode={1E0A59F2-CF88-4EF2-A092-12DE0A8E6E5A},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3) MSI (s) (08:FC) [19:53:46:409]: Executing op: DialogInfo(Type=0,Argument=1033) MSI (s) (08:FC) [19:53:46:409]: Executing op: DialogInfo(Type=1,Argument=Microsoft Security Client) MSI (s) (08:FC) [19:53:46:409]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1]) MSI (s) (08:FC) [19:53:46:409]: Executing op: SetBaseline(Baseline=0,) MSI (s) (08:FC) [19:53:46:409]: Executing op: SetBaseline(Baseline=1,) MSI (s) (08:FC) [19:53:46:409]: Executing op: ActionStart(Name=CreateShortcuts,Description=Creating shortcuts,Template=Shortcut: [1]) MSI (s) (08:FC) [19:53:46:409]: Executing op: SetTargetFolder(Folder=23) MSI (s) (08:FC) [19:53:46:409]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs MSI (s) (08:FC) [19:53:46:409]: Executing op: ShortcutCreate(Name=kox1cdhq|Microsoft Security Essentials,,,FileName=C:\Program Files\Microsoft Security Client\msseces.exe,,,Icon=MSE.exe,,,,Description=Microsoft Security Essentials,,,,) MSI (s) (08:FC) [19:53:46:539]: Executing op: ShortcutPropertyCreate(ShortcutName=kox1cdhq|Microsoft Security Essentials,PropertyKey=System.AppUserModel.ID,PropVariantValue=Microsoft.Protection.OOB) MSI (s) (08:FC) [19:53:46:559]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0) MSI (s) (08:FC) [19:53:46:579]: User policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:46:579]: Machine policy value 'DisableRollback' is 0 MSI (s) (08:FC) [19:53:46:591]: Note: 1: 2318 2: MSI (s) (08:FC) [19:53:46:593]: Note: 1: 2318 2: MSI (s) (08:FC) [19:53:46:594]: No System Restore sequence number for this installation. MSI (s) (08:FC) [19:53:46:594]: Unlocking Server MSI (s) (08:FC) [19:53:46:597]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'. MSI (s) (08:FC) [19:53:46:611]: Doing action: WixCheckRebootRequired Action ended 19:53:46: InstallFinalize. Return value 1. MSI (s) (08:04) [19:53:46:618]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIB861.tmp, Entrypoint: WixCheckRebootRequired MSI (s) (08:9C) [19:53:46:618]: Generating random cookie. MSI (s) (08:9C) [19:53:46:620]: Created Custom Action Server with PID 5232 (0x1470). MSI (s) (08:F4) [19:53:46:662]: Running as a service. MSI (s) (08:F4) [19:53:46:663]: Hello, I'm your 32bit Impersonated custom action server. Action start 19:53:46: WixCheckRebootRequired. WixCheckRebootRequired: Entering WixCheckRebootRequired in C:\Windows\Installer\MSIB861.tmp, version 3.5.2519.0 Action ended 19:53:46: WixCheckRebootRequired. Return value 1. Action ended 19:53:46: INSTALL. Return value 1. Property(S): UpgradeCode = {93F31D62-E849-45D1-B610-605B3559409D} Property(S): DRWATSON20PATH = ********** Property(S): FLTMGRREGVALUE = #1 Property(S): PRODUCTICON = @C:\Program Files\Microsoft Security Client\EppManifest.dll,-100 Property(S): PRODUCTLOCALIZEDNAME = @C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000 Property(S): REMEDIATIONEXE = C:\Program Files\Microsoft Security Client\msseces.exe Property(S): SIGNATURECATEGORYID = 6b9e8b26-8f50-44b9-94c6-7846084383ec Property(S): PRODUCT_SKU = MSEv2 Property(S): INSTALLDIR = C:\Program Files\Microsoft Security Client\ Property(S): WATCHECKDLL = C:\Program Files\Microsoft Security Client\mssewat.dll Property(S): MARKET = de-de Property(S): MSI_INSTALLED = C:\Windows\system32\msi.dll Property(S): INSTALLDIRWOW64 = C:\Program Files (x86)\Microsoft Security Client\ Property(S): MSMPAPPDATAFOLDER = C:\ProgramData\Microsoft\Microsoft Antimalware\ Property(S): SignatureRootFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\ Property(S): Backup = C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\ Property(S): Updates = C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\ Property(S): QuarantineLocationFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine\ Property(S): ScanLocationFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\ Property(S): SupportFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Support\ Property(S): TelemetryFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\ Property(S): LocalCopyFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\ Property(S): CleanStoreFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Clean Store\ Property(S): MuiLang = C:\Program Files\Microsoft Security Client\en-US\ Property(S): MuiLang_Wow64 = C:\Program Files (x86)\Microsoft Security Client\en-US\ Property(S): MPFILTER = C:\Program Files\Microsoft Security Client\Drivers\mpfilter\ Property(S): MPBOOT = C:\Program Files\Microsoft Security Client\Drivers\MpBoot\ Property(S): MuiLang_BG_BG = C:\Program Files\Microsoft Security Client\BG-BG\ Property(S): MuiLang_Wow64_BG_BG = C:\Program Files (x86)\Microsoft Security Client\BG-BG\ Property(S): MuiLang_CS_CZ = C:\Program Files\Microsoft Security Client\CS-CZ\ Property(S): MuiLang_Wow64_CS_CZ = C:\Program Files (x86)\Microsoft Security Client\CS-CZ\ Property(S): MuiLang_DA_DK = C:\Program Files\Microsoft Security Client\DA-DK\ Property(S): MuiLang_Wow64_DA_DK = C:\Program Files (x86)\Microsoft Security Client\DA-DK\ Property(S): MuiLang_DE_DE = C:\Program Files\Microsoft Security Client\DE-DE\ Property(S): MuiLang_Wow64_DE_DE = C:\Program Files (x86)\Microsoft Security Client\DE-DE\ Property(S): MuiLang_EL_GR = C:\Program Files\Microsoft Security Client\EL-GR\ Property(S): MuiLang_Wow64_EL_GR = C:\Program Files (x86)\Microsoft Security Client\EL-GR\ Property(S): MuiLang_ES_ES = C:\Program Files\Microsoft Security Client\ES-ES\ Property(S): MuiLang_Wow64_ES_ES = C:\Program Files (x86)\Microsoft Security Client\ES-ES\ Property(S): MuiLang_ET_EE = C:\Program Files\Microsoft Security Client\ET-EE\ Property(S): MuiLang_Wow64_ET_EE = C:\Program Files (x86)\Microsoft Security Client\ET-EE\ Property(S): MuiLang_FI_FI = C:\Program Files\Microsoft Security Client\FI-FI\ Property(S): MuiLang_Wow64_FI_FI = C:\Program Files (x86)\Microsoft Security Client\FI-FI\ Property(S): MuiLang_FR_FR = C:\Program Files\Microsoft Security Client\FR-FR\ Property(S): MuiLang_Wow64_FR_FR = C:\Program Files (x86)\Microsoft Security Client\FR-FR\ Property(S): MuiLang_HR_HR = C:\Program Files\Microsoft Security Client\HR-HR\ Property(S): MuiLang_Wow64_HR_HR = C:\Program Files (x86)\Microsoft Security Client\HR-HR\ Property(S): MuiLang_HU_HU = C:\Program Files\Microsoft Security Client\HU-HU\ Property(S): MuiLang_Wow64_HU_HU = C:\Program Files (x86)\Microsoft Security Client\HU-HU\ Property(S): MuiLang_IT_IT = C:\Program Files\Microsoft Security Client\IT-IT\ Property(S): MuiLang_Wow64_IT_IT = C:\Program Files (x86)\Microsoft Security Client\IT-IT\ Property(S): MuiLang_LT_LT = C:\Program Files\Microsoft Security Client\LT-LT\ Property(S): MuiLang_Wow64_LT_LT = C:\Program Files (x86)\Microsoft Security Client\LT-LT\ Property(S): MuiLang_JA_JP = C:\Program Files\Microsoft Security Client\JA-JP\ Property(S): MuiLang_Wow64_JA_JP = C:\Program Files (x86)\Microsoft Security Client\JA-JP\ Property(S): MuiLang_KO_KR = C:\Program Files\Microsoft Security Client\KO-KR\ Property(S): MuiLang_Wow64_KO_KR = C:\Program Files (x86)\Microsoft Security Client\KO-KR\ Property(S): MuiLang_LV_LV = C:\Program Files\Microsoft Security Client\LV-LV\ Property(S): MuiLang_Wow64_LV_LV = C:\Program Files (x86)\Microsoft Security Client\LV-LV\ Property(S): MuiLang_NB_NO = C:\Program Files\Microsoft Security Client\NB-NO\ Property(S): MuiLang_Wow64_NB_NO = C:\Program Files (x86)\Microsoft Security Client\NB-NO\ Property(S): MuiLang_NL_NL = C:\Program Files\Microsoft Security Client\NL-NL\ Property(S): MuiLang_Wow64_NL_NL = C:\Program Files (x86)\Microsoft Security Client\NL-NL\ Property(S): MuiLang_PL_PL = C:\Program Files\Microsoft Security Client\PL-PL\ Property(S): MuiLang_Wow64_PL_PL = C:\Program Files (x86)\Microsoft Security Client\PL-PL\ Property(S): MuiLang_PS_MI = C:\Program Files\Microsoft Security Client\qps-plocm\ Property(S): MuiLang_Wow64_PS_MI = C:\Program Files (x86)\Microsoft Security Client\qps-plocm\ Property(S): MuiLang_PS_PS = C:\Program Files\Microsoft Security Client\qps-ploc\ Property(S): MuiLang_Wow64_PS_PS = C:\Program Files (x86)\Microsoft Security Client\qps-ploc\ Property(S): MuiLang_PT_BR = C:\Program Files\Microsoft Security Client\PT-BR\ Property(S): MuiLang_Wow64_PT_BR = C:\Program Files (x86)\Microsoft Security Client\PT-BR\ Property(S): MuiLang_PT_PT = C:\Program Files\Microsoft Security Client\PT-PT\ Property(S): MuiLang_Wow64_PT_PT = C:\Program Files (x86)\Microsoft Security Client\PT-PT\ Property(S): MuiLang_RO_RO = C:\Program Files\Microsoft Security Client\RO-RO\ Property(S): MuiLang_Wow64_RO_RO = C:\Program Files (x86)\Microsoft Security Client\RO-RO\ Property(S): MuiLang_RU_RU = C:\Program Files\Microsoft Security Client\RU-RU\ Property(S): MuiLang_Wow64_RU_RU = C:\Program Files (x86)\Microsoft Security Client\RU-RU\ Property(S): MuiLang_SK_SK = C:\Program Files\Microsoft Security Client\SK-SK\ Property(S): MuiLang_Wow64_SK_SK = C:\Program Files (x86)\Microsoft Security Client\SK-SK\ Property(S): MuiLang_SV_SE = C:\Program Files\Microsoft Security Client\SV-SE\ Property(S): MuiLang_Wow64_SV_SE = C:\Program Files (x86)\Microsoft Security Client\SV-SE\ Property(S): MuiLang_TH_TH = C:\Program Files\Microsoft Security Client\TH-TH\ Property(S): MuiLang_Wow64_TH_TH = C:\Program Files (x86)\Microsoft Security Client\TH-TH\ Property(S): MuiLang_TR_TR = C:\Program Files\Microsoft Security Client\TR-TR\ Property(S): MuiLang_Wow64_TR_TR = C:\Program Files (x86)\Microsoft Security Client\TR-TR\ Property(S): MuiLang_UK_UA = C:\Program Files\Microsoft Security Client\UK-UA\ Property(S): MuiLang_Wow64_UK_UA = C:\Program Files (x86)\Microsoft Security Client\UK-UA\ Property(S): MuiLang_VI_VN = C:\Program Files\Microsoft Security Client\VI-VN\ Property(S): MuiLang_Wow64_VI_VN = C:\Program Files (x86)\Microsoft Security Client\VI-VN\ Property(S): MuiLang_ZH_CN = C:\Program Files\Microsoft Security Client\ZH-CN\ Property(S): MuiLang_Wow64_ZH_CN = C:\Program Files (x86)\Microsoft Security Client\ZH-CN\ Property(S): MuiLang_ZH_TW = C:\Program Files\Microsoft Security Client\ZH-TW\ Property(S): MuiLang_Wow64_ZH_TW = C:\Program Files (x86)\Microsoft Security Client\ZH-TW\ Property(S): MuiLang_SR_LATN = C:\Program Files\Microsoft Security Client\SR-LATN-CS\ Property(S): MuiLang_Wow64_SR_LATN = C:\Program Files (x86)\Microsoft Security Client\SR-LATN-CS\ Property(S): NIS_DRIVER = C:\Program Files\Microsoft Security Client\Drivers\NisDrv\ Property(S): enus = C:\Program Files\Microsoft Security Client\en-us\ Property(S): TARGETDIR = C:\Program Files\Microsoft Security Client\ Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Property(S): UpgradeParams = MSIRESTARTMANAGERCONTROL=DisableShutdown Property(S): InstallMpFilterDriverRollback = C:\Program Files\Microsoft Security Client\Drivers\mpfilter\ Property(S): InstallMpFilterDriver = C:\Program Files\Microsoft Security Client\Drivers\mpfilter\ Property(S): AMPRODUCT = MORRO Property(S): ARPINSTALLLOCATION = C:\Program Files\Microsoft Security Client\ Property(S): MpAppDataSubDir = Microsoft\Microsoft Antimalware Property(S): MSMPAPPDATAFOLDERNOBS = C:\ProgramData\Microsoft\Microsoft Antimalware Property(S): RegistrySaveKeyParams = RegBackupKey;HKLM;;HKLM;SOFTWARE\Microsoft\Microsoft Antimalware Property(S): ConfigServiceHardening = MsMpSvc;C:\Program Files\Microsoft Security Client\MsMpEng.exe Property(S): ServiceDescription = @C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-240 Property(S): ValidateServiceStart = C:\Program Files\Microsoft Security Client\ Property(S): CollectErrorLogFiles = C:\ProgramData\Microsoft\Microsoft Antimalware\Support\ Property(S): DeleteScheduledTasks = Microsoft\Microsoft Antimalware Property(S): EnableWDRollback = Microsoft Antimalware Property(S): MpSchedServiceConfig = AntimalwareService|MsMpSvc|1|NisSrv|NisSrv|0 Property(S): MpExecServiceConfig = MsMpSvc€1€NisSrv€0 Property(S): NISService = @C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243 Property(S): NISServiceDesc = @C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-242 Property(S): FinalizeNisInstall = C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\ Property(S): InstallDriverRollback = 0#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat#NisDrvWFP.cat Property(S): InstallDriver = 1#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf#C:\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat#NisDrvWFP.cat Property(S): OEMRegValue = 0 Property(S): WixOP_FreshInstall = Yes Property(S): InstallOOBEComponents = 1 Property(S): MarketValue = de-de Property(S): METROUISHORTCUTDIR = C:\Program Files\Microsoft Security Client\Programs\ Property(S): HomeDir = C:\Program Files\Microsoft Security Client\ Property(S): ProgramFiles64Folder = C:\Program Files\ Property(S): Symbols = C:\Program Files\Microsoft Security Client\Symbols\ Property(S): ScanContextsFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Contexts\ Property(S): ScanHistoryFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\ Property(S): QuickResultsFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\ Property(S): ScanResultsFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\ Property(S): ScanResourceFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\ Property(S): ResultsSystemFolder = C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\System\ Property(S): HomeDir_Wow64 = C:\Program Files (x86)\Microsoft Security Client\ Property(S): ProgramFilesFolder = C:\Program Files (x86)\ Property(S): CommonFiles64Folder = C:\Program Files\Common Files\ Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\ Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\ Property(S): System16Folder = C:\Program Files\Microsoft Security Client\ Property(S): System64Folder = C:\Windows\system32\ Property(S): SystemFolder = C:\Windows\SysWOW64\ Property(S): TempFolder = C:\Users\ASUS\AppData\Local\Temp\ Property(S): WindowsFolder = C:\Windows\ Property(S): SourceDir = d:\e7c248284070f03bb2c8732485aefe93\amd64\ Property(S): ALLUSERSPROFILE = C:\Program Files\Microsoft Security Client\ Property(S): USERPROFILE = C:\Program Files\Microsoft Security Client\ Property(S): DriverFolder = C:\Windows\system32\Drivers\ Property(S): InfFolder = C:\Windows\ Property(S): MPFILTER_Backup = C:\Program Files\Microsoft Security Client\Drivers\Backup\mpfilter\ Property(S): DRIVERBACKUP = C:\Program Files\Microsoft Security Client\Drivers\Backup\ Property(S): DRIVERS = C:\Program Files\Microsoft Security Client\Drivers\ Property(S): MPBOOT_Backup = C:\Program Files\Microsoft Security Client\Drivers\Backup\MpBoot\ Property(S): NIS_DRIVER_Backup = C:\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\ Property(S): VersionNT = 601 Property(S): Privileged = 1 Property(S): Manufacturer = Microsoft Corporation Property(S): ProductCode = {D954C6C2-544B-4091-A47F-11E77162883E} Property(S): ProductLanguage = 1033 Property(S): ProductName = Microsoft Security Client Property(S): ProductVersion = 4.2.0223.1 Property(S): ALLUSERS = 1 Property(S): ARPNOMODIFY = 1 Property(S): ARPSYSTEMCOMPONENT = 1 Property(S): MSIENFORCEUPGRADECOMPONENTRULES = 1 Property(S): MSIRESTARTMANAGERCONTROL = DisableShutdown Property(S): MsiLogging = voicewarmup! Property(S): RegConfigRoot = SOFTWARE\Microsoft\Microsoft Antimalware Property(S): ServiceShortName = MsMpSvc Property(S): ServiceEventSourceName = Microsoft Antimalware Property(S): ServiceName = Microsoft Antimalware Service Property(S): PROMPTROLLBACKCOST = P Property(S): REBOOT = ReallySuppress Property(S): INSTALLLEVEL = 100 Property(S): SecureCustomProperties = ASB1FOUND;MCPB1FOUND;NEWERFOUND;NEWERFOUND_AMBITS;NEWERFOUND_AMLOC;NEWERFOUND_EPP;NEWERFOUND_EPPLOC;OLDERFOUND;OLDERFOUND_AMBITS;OLDERFOUND_AMLOC;OLDE RFOUND_EPP;OLDERFOUND_EPPLOC;ONECAREFOUND;WDFOUND Property(S): MsiHiddenProperties = ActionText;CommonLaunchConditions;CommonProperties;CustomActions;Directories;DRWATSON20PATH;Error;InstallExecuteSequence;LaunchConditions;NO_UI;Produc tComponents;ProductCustom;ProductFeatures;StandardActions;StandardDirectories;StandardLaunchConditions;UacFeature;Upgrade;WixFX_Module;WixFX_Product Property(S): DesktopFolder = C:\Users\Public\Desktop\ Property(S): MsiLogFileLocation = C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.2.223.1_epp_Install.log Property(S): PackageCode = {1E0A59F2-CF88-4EF2-A092-12DE0A8E6E5A} Property(S): ProductState = -1 Property(S): PackagecodeChanging = 1 Property(S): DEPLOYOEMFILES = 1 Property(S): INSTALLNIS = 0 Property(S): OEMMODE = 0 Property(S): PRESERVEWSCREGISTRATION = 1 Property(S): CURRENTDIRECTORY = d:\e7c248284070f03bb2c8732485aefe93\amd64 Property(S): CLIENTUILEVEL = 3 Property(S): MSICLIENTUSESEXTERNALUI = 1 Property(S): CLIENTPROCESSID = 3172 Property(S): MsiSystemRebootPending = 1 Property(S): VersionDatabase = 200 Property(S): VersionMsi = 5.00 Property(S): VersionNT64 = 601 Property(S): WindowsBuild = 7601 Property(S): ServicePackLevel = 1 Property(S): ServicePackLevelMinor = 0 Property(S): MsiNTProductType = 1 Property(S): MsiNTSuitePersonal = 1 Property(S): WindowsVolume = C:\ Property(S): RemoteAdminTS = 1 Property(S): AppDataFolder = C:\Users\ASUS\AppData\Roaming\ Property(S): FavoritesFolder = C:\Users\ASUS\Favorites\ Property(S): NetHoodFolder = C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Network Shortcuts\ Property(S): PersonalFolder = C:\Users\ASUS\Documents\ Property(S): PrintHoodFolder = C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\ Property(S): RecentFolder = C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Recent\ Property(S): SendToFolder = C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\SendTo\ Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\ Property(S): CommonAppDataFolder = C:\ProgramData\ Property(S): LocalAppDataFolder = C:\Users\ASUS\AppData\Local\ Property(S): MyPicturesFolder = C:\Users\ASUS\Pictures\ Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Property(S): FontsFolder = C:\Windows\Fonts\ Property(S): GPTSupport = 1 Property(S): OLEAdvtSupport = 1 Property(S): ShellAdvtSupport = 1 Property(S): MsiAMD64 = 6 Property(S): Msix64 = 6 Property(S): Intel = 6 Property(S): PhysicalMemory = 4000 Property(S): VirtualMemory = 5773 Property(S): AdminUser = 1 Property(S): MsiTrueAdminUser = 1 Property(S): LogonUser = ASUS Property(S): UserSID = S-1-5-21-3021723594-1300924059-129605095-1000 Property(S): UserLanguageID = 1031 Property(S): ComputerName = LAURA-PC Property(S): SystemLanguageID = 1031 Property(S): ScreenX = 1024 Property(S): ScreenY = 768 Property(S): CaptionHeight = 22 Property(S): BorderTop = 1 Property(S): BorderSide = 1 Property(S): TextHeight = 16 Property(S): TextInternalLeading = 3 Property(S): ColorBits = 32 Property(S): TTCSupport = 1 Property(S): Time = 19:53:46 Property(S): Date = 22.04.2013 Property(S): MsiNetAssemblySupport = 4.0.30319.1 Property(S): MsiWin32AssemblySupport = 6.1.7601.17514 Property(S): RedirectedDllSupport = 2 Property(S): MsiRunningElevated = 1 Property(S): USERNAME = ASUS Property(S): DATABASE = C:\Windows\Installer\809e05.msi Property(S): OriginalDatabase = d:\e7c248284070f03bb2c8732485aefe93\amd64\epp.msi Property(S): UILevel = 2 Property(S): MsiUISourceResOnly = 1 Property(S): ACTION = INSTALL Property(S): WinNullSid = NULL SID Property(S): WinWorldSid = Jeder Property(S): WinLocalSid = LOKAL Property(S): WinCreatorOwnerSid = ERSTELLER-BESITZER Property(S): WinCreatorGroupSid = ERSTELLERGRUPPE Property(S): WinCreatorOwnerServerSid = ERSTELLER-BESITZER-SERVER Property(S): WinCreatorGroupServerSid = ERSTELLER-GRUPPEN-SERVER Property(S): WinNtAuthoritySid = NT-Pseudodomäne Property(S): WinDialupSid = DIALUP Property(S): WinNetworkSid = NETZWERK Property(S): WinBatchSid = BATCH Property(S): WinInteractiveSid = INTERAKTIV Property(S): WinServiceSid = DIENST Property(S): WinAnonymousSid = ANONYMOUS-ANMELDUNG Property(S): WinProxySid = PROXY Property(S): WinEnterpriseControllersSid = DOMÄNENCONTROLLER DER ORGANISATION Property(S): WinSelfSid = SELBST Property(S): WinAuthenticatedUserSid = Authentifizierte Benutzer Property(S): WinRestrictedCodeSid = EINGESCHRÄNKTER ZUGRIFF Property(S): WinTerminalServerSid = TERMINALSERVERBENUTZER Property(S): WinRemoteLogonIdSid = INTERAKTIVE REMOTEANMELDUNG Property(S): WinLocalSystemSid = SYSTEM Property(S): WinLocalServiceSid = LOKALER DIENST Property(S): WinNetworkServiceSid = NETZWERKDIENST Property(S): WinBuiltinDomainSid = VORDEFINIERT Property(S): WinBuiltinAdministratorsSid = Administratoren Property(S): WinBuiltinUsersSid = Benutzer Property(S): WinBuiltinGuestsSid = Gäste Property(S): WinNTLMAuthenticationSid = NTLM-Authentifizierung Property(S): WinDigestAuthenticationSid = Digestauthentifizierung Property(S): WinSChannelAuthenticationSid = SChannel-Authentifizierung Property(S): WinThisOrganizationSid = Diese Organisation Property(S): WinOtherOrganizationSid = Andere Organisation Property(S): WinBuiltinPerfMonitoringUsersSid = Leistungsüberwachungsbenutzer Property(S): WinBuiltinPerfLoggingUsersSid = Leistungsprotokollbenutzer Property(S): WinBuiltinDCOMUsersSid = Distributed COM-Benutzer Property(S): WinBuiltinIUsersSid = IIS_IUSRS Property(S): WinIUserSid = IUSR Property(S): WinUntrustedLabelSid = Nicht vertrauenswürdige Verbindlichkeitsstufe Property(S): WinLowLabelSid = Niedrige Verbindlichkeitsstufe Property(S): WinMediumLabelSid = Mittlere Verbindlichkeitsstufe Property(S): WinHighLabelSid = Hohe Verbindlichkeitsstufe Property(S): WinSystemLabelSid = Systemverbindlichkeitsstufe Property(S): WinWriteRestrictedCodeSid = SCHREIBEN EINGESCHRÄNKT Property(S): WinCreatorOwnerRightsSid = EIGENTÜMERRECHTE Property(S): WinEnterpriseReadonlyControllersSid = SCHREIBGESCHÜTZTE DOMÄNENCONTROLLER DER ORGANISATION BETA Property(S): WinBuiltinEventLogReadersGroup = Ereignisprotokollleser Property(S): ROOTDRIVE = d:\ Property(S): CostingComplete = 1 Property(S): OutOfDiskSpace = 0 Property(S): OutOfNoRbDiskSpace = 0 Property(S): PrimaryVolumeSpaceAvailable = 0 Property(S): PrimaryVolumeSpaceRequired = 0 Property(S): PrimaryVolumeSpaceRemaining = 0 Property(S): SOURCEDIR = d:\e7c248284070f03bb2c8732485aefe93\amd64\ Property(S): SourcedirProduct = {D954C6C2-544B-4091-A47F-11E77162883E} Property(S): ProductToBeRegistered = 1 MSI (s) (08:FC) [19:53:46:701]: Note: 1: 1707 MSI (s) (08:FC) [19:53:46:701]: Product: Microsoft Security Client -- Installation completed successfully. MSI (s) (08:FC) [19:53:46:701]: Das Produkt wurde durch Windows Installer installiert. Produktname: Microsoft Security Client. Produktversion: 4.2.0223.1. Produktsprache: 1033. Hersteller: Microsoft Corporation. Erfolg- bzw. Fehlerstatus der Installation: 0. MSI (s) (08:FC) [19:53:46:701]: Deferring clean up of packages/files, if any exist MSI (s) (08:FC) [19:53:46:701]: MainEngineThread is returning 0 MSI (s) (08:A4) [19:53:46:701]: RESTART MANAGER: Session closed. MSI (s) (08:A4) [19:53:46:701]: No System Restore sequence number for this installation. === Logging stopped: 22.04.2013 19:53:46 === MSI (s) (08:A4) [19:53:46:701]: User policy value 'DisableRollback' is 0 MSI (s) (08:A4) [19:53:46:701]: Machine policy value 'DisableRollback' is 0 MSI (s) (08:A4) [19:53:46:701]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (08:A4) [19:53:46:701]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (08:A4) [19:53:46:711]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (08:A4) [19:53:46:711]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (s) (08:A4) [19:53:46:711]: Restoring environment variables MSI (s) (08:A4) [19:53:46:711]: Destroying RemoteAPI object. MSI (s) (08:9C) [19:53:46:711]: Custom Action Manager thread ending. MSI (c) (64:00) [19:53:46:711]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (64:00) [19:53:46:711]: MainEngineThread is returning 0 === Verbose logging stopped: 22.04.2013 19:53:46 === MSI (s) (08:FC) [19:53:42:341]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:351]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:351]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:351]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:351]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:351]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Support\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:391]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:391]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:391]: Executing op: FolderCreate(Folder=C:\ProgramData\Microsoft\Microsoft Antimalware\Clean Store\,Foreign=0,SecurityDescriptor=BinaryData,) MSI (s) (08:FC) [19:53:42:391]: Executing op: FolderCreate(Folder=C:\Program Files\Microsoft Security Client\,Foreign=0,,) MSI (s) (08:FC) [19:53:42:391]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1], Directory: [9], Size: [6]) MSI (s) (08:FC) [19:53:42:391]: Executing op: ProgressTotal(Total=12869071,Type=0,ByteEquivalent=1) MSI (s) (08:FC) [19:53:42:391]: Executing op: SetTargetFolder(Folder=C:\Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:391]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\elklmiub\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:391]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=product.cab,BytesPerTick=65536,CopierType=2,ModuleFileName=C:\Windows\Installer\809e05.msi,,,,,IsFirstPhysicalMedia=1) MSI (s) (08:FC) [19:53:42:391]: Executing op: FileCopy(SourceName=MsMpEng.exe,SourceCabKey=Antimalware_MsMpEng.exe,DestName=MsMpEng.exe,Attributes=512,FileSize=22056,PerTick=65536,,VerifyMedia=1,, ,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:391]: File: C:\Program Files\Microsoft Security Client\MsMpEng.exe; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:391]: Source for file 'Antimalware_MsMpEng.exe' is compressed MSI (s) (08:FC) [19:53:42:401]: Executing op: FileCopy(SourceName=DbgHelp.dll,SourceCabKey=DbgHelp.dll,DestName=DbgHelp.dll,Attributes=512,FileSize=1558912,PerTick=65536,,VerifyMedia=1,,,,,CheckCR C=0,Version=6.12.2.633,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:401]: File: C:\Program Files\Microsoft Security Client\DbgHelp.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:401]: Source for file 'DbgHelp.dll' is compressed MSI (s) (08:FC) [19:53:42:421]: Executing op: FileCopy(SourceName=gescc3n0.dll|EppManifest.dll,SourceCabKey=EppManifestForMse,DestName=EppManifest.dll,Attributes=512,FileSize=182248,PerTick=65536, ,VerifyMedia=1,,,,,CheckCRC=0,Version=4.2.223.1,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:421]: File: C:\Program Files\Microsoft Security Client\EppManifest.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:421]: Source for file 'EppManifestForMse' is compressed MSI (s) (08:FC) [19:53:42:441]: Executing op: FileCopy(SourceName=MsMpLics.dll,SourceCabKey=MORRO_MsMpLics.dll,DestName=MsMpLics.dll,Attributes=512,FileSize=18408,PerTick=65536,,VerifyMedia=1,,,,, CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:441]: File: C:\Program Files\Microsoft Security Client\MsMpLics.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:441]: Source for file 'MORRO_MsMpLics.dll' is compressed MSI (s) (08:FC) [19:53:42:451]: Executing op: SetTargetFolder(Folder=C:\Program Files (x86)\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:451]: Executing op: SetSourceFolder(Folder=1\xlqr-nev\m8czvycy\|Program Files\Microsoft Security Client\) MSI (s) (08:FC) [19:53:42:451]: Executing op: FileCopy(SourceName=MsMpLics.dll,SourceCabKey=MORRO_MsMpLics.dll_Wow64,DestName=MsMpLics.dll,Attributes=512,FileSize=18408,PerTick=65536,,VerifyMedia= 1,,,,,CheckCRC=0,Version=4.2.223.0,Language=1033,InstallMode=58982400,,,,,,,) MSI (s) (08:FC) [19:53:42:451]: File: C:\Program Files (x86)\Microsoft Security Client\MsMpLics.dll; To be installed; Won't patch; No existing file MSI (s) (08:FC) [19:53:42:451]: Source for file 'MORRO_MsMpLics.dll_Wow64' is compressed Ich musste das Ganze wieder in mehrere Teile teilen. Ich hoffe, es ist das Richtige. ;-) Also ich habe da ja nicht wirklich Ahnung von, aber das sieht mir irgendwie nicht so aus, als ob das anzeigt, was MSE gemacht hat...;D |
30.04.2013, 10:04 | #14 |
/// TB-Ausbilder | "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet Servus, ok, vielen Dank. Dann starten wir jetzt mal die Bereinigung. Lesestoff: Banking-Trojaner Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von |