Laptop had a fake 'Microsoft Security Essentials Alert' and now won't start.

Hello there. I'll apologise for the level of detail in advance; not sure what's relevant and what isn't.

I have been using Mcafee Internet Security (I think), and last night, a warning screen popped up saying that it had found a trojan and the problem had been dealt with. After that, I tried to run a full scan, but I've always had problems with Mcafee, so it froze and shut down almost as soon as I'd started the scan. Not longer after that, my internet browsers stopped working. I thought this may be down to not downloading the latest windows update, so I downloaded it and it crashed my laptop.

I attempted to turn it back on and had various problems with that, but was eventually successful. It was running very slowly and there was a new padlock sign in the tray/taskbar(?). When I clicked it, a box opened which claimed to be some sort of antivirus software but was clearly a scam so I opened task manager and closed it down. Not long after that, my computer crashed again and I restarted it. This time, it was unable to be turned back on, so I did a system restore and managed to turn it back on that way. As soon as I turned it back on, a message box claiming to be 'Microsoft Security Essentials Alert' opened, with a warning that my laptop was infected with a trojan. I found a guide to delete it, but it involved downloading things and opening task manager, which I could no longer do.

I finally managed to download something from another computer and put it onto my laptop, which stopped the virus taking control of my computer. I could now access internet browsers and donwloaded some different antivuris software, hoping that it would be able to remove it. The software acknowledged that the virus was there but didn't seem to be able to remove it. Halfway through the scan, it restarted my laptop. It wouldn't turn on, so I attempted to do another system restore, only to be told that there were no restore points. I have since managed to turn it on in safe mode and transferred my photos to another computer, but have no idea of what to do next. I can't turn it on normally and I can't restore it.

Any help would be much appreciated :smile2:

Welcome back.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 10-10-01.06 - Jade 02/10/2010 13:14:13.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2972.2515 [GMT 1:00]
Running from: c:\users\Jade\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jade\AppData\Local\{91CC340D-0A9E-42CF-92FE-CF63F8563F12}
c:\users\Jade\AppData\Local\{91CC340D-0A9E-42CF-92FE-CF63F8563F12}\chrome\content\overlay.xul
c:\users\Jade\AppData\Local\{91CC340D-0A9E-42CF-92FE-CF63F8563F12}\install.rdf
c:\users\Jade\AppData\Roaming\.#
c:\users\Jade\AppData\Roaming\.#\MBX@115C@1D22990.###
c:\users\Jade\AppData\Roaming\.#\MBX@115C@1D229C0.###
c:\users\Jade\AppData\Roaming\.#\MBX@115C@1D229F0.###
c:\users\Jade\AppData\Roaming\.#\MBX@B0@1C02990.###
c:\users\Jade\AppData\Roaming\.#\MBX@B0@1C029C0.###
c:\users\Jade\AppData\Roaming\.#\MBX@B0@1C029F0.###
c:\users\Jade\AppData\Roaming\.#\MBX@DC4@1D12990.###
c:\users\Jade\AppData\Roaming\.#\MBX@DC4@1D129C0.###
c:\users\Jade\AppData\Roaming\.#\MBX@DC4@1D129F0.###
c:\users\Jade\AppData\Roaming\.#\MBX@F34@1E02990.###
c:\users\Jade\AppData\Roaming\.#\MBX@F34@1E029C0.###
c:\users\Jade\AppData\Roaming\.#\MBX@F34@1E029F0.###
c:\users\Jade\AppData\Roaming\jsdfgs.bat
c:\users\Jade\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-10-02 12:20 . 2010-10-02 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-02 12:20 . 2010-10-02 12:20 -------- d-----w- c:\users\Jade\AppData\Local\temp
2010-10-01 11:48 . 2010-10-01 11:48 -------- d-----w- c:\users\Jade\AppData\Roaming\Avira
2010-10-01 11:46 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-01 11:46 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-01 11:46 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-01 11:46 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-01 11:46 . 2010-10-01 11:46 -------- d-----w- c:\programdata\Avira
2010-10-01 11:46 . 2010-10-01 11:46 -------- d-----w- c:\program files\Avira
2010-10-01 11:44 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 15:58 . 2010-09-30 15:58 120 ----a-w- c:\users\Jade\AppData\Local\Glezeqo.dat
2010-09-30 15:58 . 2010-09-30 15:58 0 ----a-w- c:\users\Jade\AppData\Local\Rsagikufevori.bin
2010-09-30 08:04 . 2010-10-02 12:20 843776 ----a-w- c:\windows\system32\drivers\twgcxszl.sys
2010-09-19 16:45 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-19 16:45 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-19 16:45 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-19 16:44 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 21:11 . 2010-09-08 21:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-07 20:30 . 2010-09-07 20:30 -------- d-----w- c:\users\Jade\AppData\Roaming\Birdstep Technology
2010-09-07 20:27 . 2010-09-07 20:28 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2010-09-07 20:25 . 2010-09-07 20:25 -------- d-----w- c:\program files\3 Mobile Broadband
2010-09-05 21:13 . 2010-09-05 21:13 -------- d-----w- c:\users\Jade\AppData\Roaming\ScummVM
2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\program files\ScummVM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 12:03 . 2009-10-10 14:05 -------- d-----w- c:\program files\Steam
2010-10-01 15:40 . 2009-10-10 12:41 1 ----a-w- c:\users\Jade\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-10-01 03:39 . 2009-10-10 14:02 -------- d-----w- c:\users\Jade\AppData\Roaming\vlc
2010-09-26 21:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-07 20:28 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-07 20:28 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-07 20:28 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-07 20:25 . 2009-02-02 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-05 21:05 . 2010-08-01 12:48 -------- d-----w- c:\program files\LucasArts
2010-08-24 13:57 . 2010-05-07 20:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 13:57 . 2010-05-07 20:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 13:57 . 2010-05-07 20:17 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 13:57 . 2010-05-07 20:17 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 13:57 . 2010-05-07 20:17 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 13:57 . 2010-05-07 20:17 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 13:57 . 2010-05-07 20:17 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 13:57 . 2010-05-07 20:17 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 13:57 . 2010-01-05 17:04 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57 . 2009-02-02 20:27 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-01 16:49 . 2010-08-01 16:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-24 13:57 . 2010-09-26 19:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-05 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-10 1217784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-29 202256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-06-26 212992]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-30 717296]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*Deregistered* - twgcxszl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0909&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0909&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {946DC58A-5624-4CB0-B49E-B09099A1BABC} = 217.171.132.1 195.27.1.1
FF - ProfilePath - c:\users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\rary4rhw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Jade\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 13:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\twgcxszl]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(256)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2010-10-02 13:22:04
ComboFix-quarantined-files.txt 2010-10-02 12:21

Pre-Run: 9,262,137,344 bytes free
Post-Run: 9,176,186,880 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 208276CFF6FEF5704127C1DAAEC35740

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  killall::
  Registry::
  [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\twgcxszl]
  
  Driver::
  twgcxszl
  
  Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-10-01.06 - Jade 03/10/2010 16:18:16.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2972.1921 [GMT 1:00]
Running from: c:\users\Jade\Desktop\ComboFix.exe
Command switches used :: c:\users\Jade\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TWGCXSZL
-------\Service_twgcxszl


((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 15:29 . 2010-10-03 15:32 -------- d-----w- c:\users\Jade\AppData\Local\temp
2010-10-03 15:29 . 2010-10-03 15:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-03 15:29 . 2010-10-03 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-03 15:16 . 2010-10-03 15:16 -------- d-----w- C:\32788R22FWJFW
2010-10-01 11:48 . 2010-10-01 11:48 -------- d-----w- c:\users\Jade\AppData\Roaming\Avira
2010-10-01 11:46 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-01 11:46 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-01 11:46 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-01 11:46 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-01 11:46 . 2010-10-01 11:46 -------- d-----w- c:\programdata\Avira
2010-10-01 11:46 . 2010-10-01 11:46 -------- d-----w- c:\program files\Avira
2010-10-01 11:44 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 15:58 . 2010-09-30 15:58 120 ----a-w- c:\users\Jade\AppData\Local\Glezeqo.dat
2010-09-30 15:58 . 2010-09-30 15:58 0 ----a-w- c:\users\Jade\AppData\Local\Rsagikufevori.bin
2010-09-30 08:04 . 2010-10-03 15:30 843776 ----a-w- c:\windows\system32\drivers\twgcxszl.sys
2010-09-19 16:45 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-19 16:45 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-19 16:45 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-19 16:44 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 21:11 . 2010-09-08 21:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-07 20:30 . 2010-09-07 20:30 -------- d-----w- c:\users\Jade\AppData\Roaming\Birdstep Technology
2010-09-07 20:27 . 2010-09-07 20:28 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2010-09-07 20:25 . 2010-09-07 20:25 -------- d-----w- c:\program files\3 Mobile Broadband
2010-09-05 21:13 . 2010-09-05 21:13 -------- d-----w- c:\users\Jade\AppData\Roaming\ScummVM
2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\program files\ScummVM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 15:07 . 2009-10-10 14:05 -------- d-----w- c:\program files\Steam
2010-10-01 15:40 . 2009-10-10 12:41 1 ----a-w- c:\users\Jade\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-10-01 03:39 . 2009-10-10 14:02 -------- d-----w- c:\users\Jade\AppData\Roaming\vlc
2010-09-26 21:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-07 20:28 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-07 20:28 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-07 20:28 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-07 20:25 . 2009-02-02 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-05 21:05 . 2010-08-01 12:48 -------- d-----w- c:\program files\LucasArts
2010-08-24 13:57 . 2010-05-07 20:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 13:57 . 2010-05-07 20:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 13:57 . 2010-05-07 20:17 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 13:57 . 2010-05-07 20:17 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 13:57 . 2010-05-07 20:17 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 13:57 . 2010-05-07 20:17 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 13:57 . 2010-05-07 20:17 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 13:57 . 2010-05-07 20:17 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 13:57 . 2010-01-05 17:04 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57 . 2009-02-02 20:27 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-01 16:49 . 2010-08-01 16:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-24 13:57 . 2010-09-26 19:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-05 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-10 1217784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-29 202256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\Jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-06-26 212992]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-30 717296]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0909&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0909&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {946DC58A-5624-4CB0-B49E-B09099A1BABC} = 217.171.132.1 195.27.1.1
FF - ProfilePath - c:\users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\rary4rhw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 16:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3584)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
.
**************************************************************************
.
Completion time: 2010-10-03 16:38:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-03 15:38
ComboFix2.txt 2010-10-02 12:22

Pre-Run: 5,936,586,752 bytes free
Post-Run: 5,729,652,736 bytes free

- - End Of File - - 3BE271B78289324790C012AA6D6D2E56

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  mpssvc
  
  :regfind
  mpssvc

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

I attempted to open SystemLook on my laptop (from an SD card) and the following message appeared:

I:\SystemLook.exe

Illegal operation attempted on a registry key that has been marked for deletion.

I also received this message when I attempted to open my mobile internet program and an internet browser.

Needs to be on the Desktop, please.

Missed that bit! But i've just moved it to the desktop and had the same message appear.

I've turned my laptop on in safe mode again and it's now working. Sorry for the confusion. Here's the log:

SystemLook 04.09.10 by jpshortstuff
Log created at 12:12 on 07/10/2010 by Jade
Administrator - Elevation successful

========== filefind ==========

Searching for "mpssvc"
No files found.

========== regfind ==========

Searching for "mpssvc"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3eb9598099de86cf]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_40f01b7c96c997a3]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6002.18005_en-us_42db948893eb62ef]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6000.16386_none_a31b6bf784e3e536]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6001.18000_none_a5522df381cef60a]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e45a498215364954]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-netsh_31bf3856ad364e35_6.0.6000.16386_none_acb9d32fc9c4af3d]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-netsh_31bf3856ad364e35_6.0.6001.18000_none_aef0952bc6afc011]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-r..cedition-deployment_31bf3856ad364e35_6.0.6000.16386_none_2862dd4ad678828c]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-bitssvc_31bf3856ad364e35_6.0.6000.16386_none_f5d6512ed28be13b]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-collab_31bf3856ad364e35_6.0.6000.16386_none_5f7f0086d2fa19ec]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_6.0.6000.16386_none_a6f5dd2647521dd1]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_6.0.6001.18000_none_a92c9f22443d2ea5]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_6.0.6000.16386_none_618150ff6009cf62]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_6.0.6001.18000_none_63b812fb5cf4e036]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-msdtc_31bf3856ad364e35_6.0.6000.16386_none_43bc5220a8f51602]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-msiscsi_31bf3856ad364e35_6.0.6000.16386_none_b179c5725a4c4908]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_6.0.6000.16386_none_9e7cbeb412119532]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_6.0.6001.18000_none_a0b380b00efca606]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-pnrpmnrs_31bf3856ad364e35_6.0.6000.16386_none_4bb80566bf8d206f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-remoteadmin_31bf3856ad364e35_6.0.6000.16386_none_549659dcfcc866a4]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-remoteassistance_31bf3856ad364e35_6.0.6000.16386_none_ce9cea8d792abaf7]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-remoteevntlogsvc_31bf3856ad364e35_6.0.6000.16386_none_2bb9e7375bb67416]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-remotefwadmin_31bf3856ad364e35_6.0.6000.16386_none_5da697339ebca50f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-remotesvcadmin_31bf3856ad364e35_6.0.6000.16386_none_593f0e90bed00924]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-remotetask_31bf3856ad364e35_6.0.6000.16386_none_0a721fe459c8135c]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-remotevolmgmt_31bf3856ad364e35_6.0.6000.16386_none_2132ff92ce3b1d37]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-rras_31bf3856ad364e35_6.0.6000.16386_none_13a0b8deda2b28e7]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-winrm_31bf3856ad364e35_6.0.6000.16386_none_a7d091f21f6c1a3c]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-wmi_31bf3856ad364e35_6.0.6000.16386_none_6921b7ed5b21cb20]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules-wpdmpt_31bf3856ad364e35_6.0.6000.16386_none_51235a2fe092cc73]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-rules_31bf3856ad364e35_6.0.6000.16386_none_abf2d82a300ba648]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8531f236918d1acc]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.0.6001.18000_en-us_8768b4328e782ba0]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16386_none_97dd797ccaf1acc5]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6001.18000_none_9a143b78c7dcbd99]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_9bffb484c4fe88e5]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c6881c41e8f6746f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc_31bf3856ad364e35_6.0.6000.16386_none_0842c4ddbc3f91a6]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_networking-mpssvc_31bf3856ad364e35_6.0.6001.18000_none_0a7986d9b92aa27a]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_none_ed48f444ebc84f67\f256!networking-mpssvc-svc-dl._1b1bac5cdce73693]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_en-us_7a69e9ee061853df]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-admin_31bf3856ad364e35_none_6c9e181d7a342cf0]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_en-us_062675204db93e42]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-netsh_31bf3856ad364e35_none_43ec144cc7e24f61]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-r..cedition-deployment_31bf3856ad364e35_none_7e8f537d8d9570ca]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-bitssvc_31bf3856ad364e35_none_45103df4719349d3]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-collab_31bf3856ad364e35_none_491d8b0c38a37c6a]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_none_a370236cf2d2986d]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_none_8af0a6b661daa124]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-msdtc_31bf3856ad364e35_none_eb4319c8046b2784]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-msiscsi_31bf3856ad364e35_none_39813b1d9b61772e]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_none_3713bb9086f635d4]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-pnrpmnrs_31bf3856ad364e35_none_25ddd95b90215f3f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remoteadmin_31bf3856ad364e35_none_65bd5c7633fe5772]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remoteassistance_31bf3856ad364e35_none_6b3bc8b909ba86f7]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remoteevntlogsvc_31bf3856ad364e35_none_129a3fc829721d10]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotefwadmin_31bf3856ad364e35_none_c5de9ccbe91c179f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotesvcadmin_31bf3856ad364e35_none_f1d05a7eaca828f2]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotetask_31bf3856ad364e35_none_00397e3e461ad27a]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotevolmgmt_31bf3856ad364e35_none_3d310654e3d526b7]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-rras_31bf3856ad364e35_none_fc08c85e37d6ec87]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-winrm_31bf3856ad364e35_none_b0f8619930250a9a]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-wmi_31bf3856ad364e35_none_8a36bafc62662fd6]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-wpdmpt_31bf3856ad364e35_none_d56fced9a8e7da5b]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules_31bf3856ad364e35_none_e8fd46892e4c33ee]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_en-us_fdd9c8aa78cc0a8a]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19\f256!mpssvc.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19\f256!mpssvc.mof]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc.resources_31bf3856ad364e35_en-us_82a7aed16f15ab3f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc_31bf3856ad364e35_none_40680d23e5d4a800]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_en-us_7a69e9ee061853df]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-admin_31bf3856ad364e35_none_6c9e181d7a342cf0]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_en-us_062675204db93e42]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-netsh_31bf3856ad364e35_none_43ec144cc7e24f61]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-r..cedition-deployment_31bf3856ad364e35_none_7e8f537d8d9570ca]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-bitssvc_31bf3856ad364e35_none_45103df4719349d3]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-collab_31bf3856ad364e35_none_491d8b0c38a37c6a]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_none_a370236cf2d2986d]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_none_8af0a6b661daa124]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-msdtc_31bf3856ad364e35_none_eb4319c8046b2784]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-msiscsi_31bf3856ad364e35_none_39813b1d9b61772e]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_none_3713bb9086f635d4]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-pnrpmnrs_31bf3856ad364e35_none_25ddd95b90215f3f]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-remoteadmin_31bf3856ad364e35_none_65bd5c7633fe5772]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-remoteassistance_31bf3856ad364e35_none_6b3bc8b909ba86f7]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-remoteevntlogsvc_31bf3856ad364e35_none_129a3fc829721d10]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-remotefwadmin_31bf3856ad364e35_none_c5de9ccbe91c179f]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-remotesvcadmin_31bf3856ad364e35_none_f1d05a7eaca828f2]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-remotetask_31bf3856ad364e35_none_00397e3e461ad27a]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-remotevolmgmt_31bf3856ad364e35_none_3d310654e3d526b7]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-rras_31bf3856ad364e35_none_fc08c85e37d6ec87]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-winrm_31bf3856ad364e35_none_b0f8619930250a9a]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-wmi_31bf3856ad364e35_none_8a36bafc62662fd6]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules-wpdmpt_31bf3856ad364e35_none_d56fced9a8e7da5b]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-rules_31bf3856ad364e35_none_e8fd46892e4c33ee]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_en-us_fdd9c8aa78cc0a8a]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc.resources_31bf3856ad364e35_en-us_82a7aed16f15ab3f]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_networking-mpssvc_31bf3856ad364e35_none_40680d23e5d4a800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM]
"Autorecover MOFs"="%windir%\system32\wbem\cimwin32.mof %windir%\system32\wbem\ncprov.mof %windir%\system32\wbem\wmipcima.mof %windir%\system32\wbem\secrcw32.mof %windir%\system32\wbem\subscrpt.mof %windir%\system32\wbem\scm.mof %windir%\system32\wbem\system.mof %windir%\system32\wbem\scrcons.mof %windir%\system32\wbem\smtpcons.mof %windir%\system32\wbem\wbemcons.mof %windir%\system32\wbem\wmi.mof %windir%\system32\wbem\wmi_tracing.mof %windir%\system32\wbem\win32_printer.mof %windir%\system32\wbem\tcpip.mof %windir%\system32\wbem\rsop.mof %windir%\system32\wbem\scersop.mof %windir%\system32\wbem\msv1_0.mof %windir%\system32\wbem\fundisc.mof %windir%\system32\wbem\ncsi.mof %windir%\system32\wbem\nlasvc.mof %windir%\system32\wbem\l2gpstore.mof %windir%\system32\wbem\schedsvc.mof %windir%\system32\wbem\l2sechc.mof %windir%\system32\wbem\onex.mof %windir%\system32\wbem\netprofm.mof %windir%\system32\wbem\lltdio.mof %windir%\system32\wbem\rspndr.mof %windir%\sys
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_0.0.0.0_en-us_64ca1129def3d3d9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-admin_31bf3856ad364e35_0.0.0.0_none_c92c23a0c9f93240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-netsh_31bf3856ad364e35_0.0.0.0_none_d2ca8ad90ed9fc47]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_0.0.0.0_none_cd0694cf8c676adb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_0.0.0.0_none_879208a8a51f1c6c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_0.0.0.0_none_c48d765d5726e23c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_0.0.0.0_en-us_ab42a9dfd6a267d6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc-svc_31bf3856ad364e35_0.0.0.0_none_bdee31261006f9cf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_networking-mpssvc_31bf3856ad364e35_0.0.0.0_none_2e537c870154deb0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-BusinessNEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-EnterpriseEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-EnterpriseNEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-HomeBasicEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-HomeBasicNEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-HomePremiumNEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-StarterEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Networking-MPSSVC-Rules-UltimateNEdition-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-HomeBasicEdition-Package~31bf3856ad364e35~x86~~6.0.6000.16386]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-HomeBasicEdition-Package~31bf3856ad364e35~x86~~6.0.6000.16386]
"InstallName"="Networking-MPSSVC-Rules-HomeBasicEdition-Package~31bf3856ad364e35~x86~~6.0.6000.16386.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{37945dc2-899b-44d1-b79c-dd4a9e57ff98}]
"ResourceFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{37945dc2-899b-44d1-b79c-dd4a9e57ff98}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{37945dc2-899b-44d1-b79c-dd4a9e57ff98}]
"ParameterFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{50bd1bfd-936b-4db3-86be-e25b96c25898}]
"ResourceFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{50bd1bfd-936b-4db3-86be-e25b96c25898}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{50bd1bfd-936b-4db3-86be-e25b96c25898}]
"ParameterFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5444519f-2484-45a2-991e-953e4b54c8e0}]
"ResourceFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5444519f-2484-45a2-991e-953e4b54c8e0}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5444519f-2484-45a2-991e-953e4b54c8e0}]
"ParameterFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e595f735-b42a-494b-afcd-b68666945cd3}]
"ResourceFileName"="%SystemRoot%\System32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e595f735-b42a-494b-afcd-b68666945cd3}]
"MessageFileName"="%SystemRoot%\System32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3eb9598099de86cf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_40f01b7c96c997a3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6002.18005_en-us_42db948893eb62ef]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6000.16386_none_a31b6bf784e3e536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6001.18000_none_a5522df381cef60a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e45a498215364954]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-netsh_31bf3856ad364e35_6.0.6000.16386_none_acb9d32fc9c4af3d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-netsh_31bf3856ad364e35_6.0.6001.18000_none_aef0952bc6afc011]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-r..cedition-deployment_31bf3856ad364e35_6.0.6000.16386_none_2862dd4ad678828c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-bitssvc_31bf3856ad364e35_6.0.6000.16386_none_f5d6512ed28be13b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-collab_31bf3856ad364e35_6.0.6000.16386_none_5f7f0086d2fa19ec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_6.0.6000.16386_none_a6f5dd2647521dd1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_6.0.6001.18000_none_a92c9f22443d2ea5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_6.0.6000.16386_none_618150ff6009cf62]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_6.0.6001.18000_none_63b812fb5cf4e036]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-msdtc_31bf3856ad364e35_6.0.6000.16386_none_43bc5220a8f51602]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-msiscsi_31bf3856ad364e35_6.0.6000.16386_none_b179c5725a4c4908]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_6.0.6000.16386_none_9e7cbeb412119532]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_6.0.6001.18000_none_a0b380b00efca606]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-pnrpmnrs_31bf3856ad364e35_6.0.6000.16386_none_4bb80566bf8d206f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-remoteadmin_31bf3856ad364e35_6.0.6000.16386_none_549659dcfcc866a4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-remoteassistance_31bf3856ad364e35_6.0.6000.16386_none_ce9cea8d792abaf7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-remoteevntlogsvc_31bf3856ad364e35_6.0.6000.16386_none_2bb9e7375bb67416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-remotefwadmin_31bf3856ad364e35_6.0.6000.16386_none_5da697339ebca50f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-remotesvcadmin_31bf3856ad364e35_6.0.6000.16386_none_593f0e90bed00924]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-remotetask_31bf3856ad364e35_6.0.6000.16386_none_0a721fe459c8135c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-remotevolmgmt_31bf3856ad364e35_6.0.6000.16386_none_2132ff92ce3b1d37]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-rras_31bf3856ad364e35_6.0.6000.16386_none_13a0b8deda2b28e7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-winrm_31bf3856ad364e35_6.0.6000.16386_none_a7d091f21f6c1a3c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-wmi_31bf3856ad364e35_6.0.6000.16386_none_6921b7ed5b21cb20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules-wpdmpt_31bf3856ad364e35_6.0.6000.16386_none_51235a2fe092cc73]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-rules_31bf3856ad364e35_6.0.6000.16386_none_abf2d82a300ba648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8531f236918d1acc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.0.6001.18000_en-us_8768b4328e782ba0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16386_none_97dd797ccaf1acc5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6001.18000_none_9a143b78c7dcbd99]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_9bffb484c4fe88e5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c6881c41e8f6746f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc_31bf3856ad364e35_6.0.6000.16386_none_0842c4ddbc3f91a6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_networking-mpssvc_31bf3856ad364e35_6.0.6001.18000_none_0a7986d9b92aa27a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_none_ed48f444ebc84f67\f256!networking-mpssvc-svc-dl._1b1bac5cdce73693]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_en-us_7a69e9ee061853df]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-admin_31bf3856ad364e35_none_6c9e181d7a342cf0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_en-us_062675204db93e42]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-netsh_31bf3856ad364e35_none_43ec144cc7e24f61]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-r..cedition-deployment_31bf3856ad364e35_none_7e8f537d8d9570ca]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-bitssvc_31bf3856ad364e35_none_45103df4719349d3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-collab_31bf3856ad364e35_none_491d8b0c38a37c6a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_none_a370236cf2d2986d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_none_8af0a6b661daa124]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-msdtc_31bf3856ad364e35_none_eb4319c8046b2784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-msiscsi_31bf3856ad364e35_none_39813b1d9b61772e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_none_3713bb9086f635d4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-pnrpmnrs_31bf3856ad364e35_none_25ddd95b90215f3f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remoteadmin_31bf3856ad364e35_none_65bd5c7633fe5772]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remoteassistance_31bf3856ad364e35_none_6b3bc8b909ba86f7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remoteevntlogsvc_31bf3856ad364e35_none_129a3fc829721d10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotefwadmin_31bf3856ad364e35_none_c5de9ccbe91c179f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotesvcadmin_31bf3856ad364e35_none_f1d05a7eaca828f2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotetask_31bf3856ad364e35_none_00397e3e461ad27a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-remotevolmgmt_31bf3856ad364e35_none_3d310654e3d526b7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-rras_31bf3856ad364e35_none_fc08c85e37d6ec87]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-winrm_31bf3856ad364e35_none_b0f8619930250a9a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-wmi_31bf3856ad364e35_none_8a36bafc62662fd6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules-wpdmpt_31bf3856ad364e35_none_d56fced9a8e7da5b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-rules_31bf3856ad364e35_none_e8fd46892e4c33ee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_en-us_fdd9c8aa78cc0a8a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19\f256!mpssvc.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19\f256!mpssvc.mof]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc.resources_31bf3856ad364e35_en-us_82a7aed16f15ab3f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_networking-mpssvc_31bf3856ad364e35_none_40680d23e5d4a800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_en-us_7a69e9ee061853df]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-admin_31bf3856ad364e35_none_6c9e181d7a342cf0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_en-us_062675204db93e42]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-netsh_31bf3856ad364e35_none_43ec144cc7e24f61]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-r..cedition-deployment_31bf3856ad364e35_none_7e8f537d8d9570ca]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-bitssvc_31bf3856ad364e35_none_45103df4719349d3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-collab_31bf3856ad364e35_none_491d8b0c38a37c6a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-corenet_31bf3856ad364e35_none_a370236cf2d2986d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-fps_31bf3856ad364e35_none_8af0a6b661daa124]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-msdtc_31bf3856ad364e35_none_eb4319c8046b2784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-msiscsi_31bf3856ad364e35_none_39813b1d9b61772e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-netdis_31bf3856ad364e35_none_3713bb9086f635d4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-pnrpmnrs_31bf3856ad364e35_none_25ddd95b90215f3f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-remoteadmin_31bf3856ad364e35_none_65bd5c7633fe5772]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-remoteassistance_31bf3856ad364e35_none_6b3bc8b909ba86f7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-remoteevntlogsvc_31bf3856ad364e35_none_129a3fc829721d10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-remotefwadmin_31bf3856ad364e35_none_c5de9ccbe91c179f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-remotesvcadmin_31bf3856ad364e35_none_f1d05a7eaca828f2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-remotetask_31bf3856ad364e35_none_00397e3e461ad27a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-remotevolmgmt_31bf3856ad364e35_none_3d310654e3d526b7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-rras_31bf3856ad364e35_none_fc08c85e37d6ec87]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-winrm_31bf3856ad364e35_none_b0f8619930250a9a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-wmi_31bf3856ad364e35_none_8a36bafc62662fd6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules-wpdmpt_31bf3856ad364e35_none_d56fced9a8e7da5b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules_31bf3856ad364e35_none_e8fd46892e4c33ee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_en-us_fdd9c8aa78cc0a8a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-svc_31bf3856ad364e35_none_6f4c24a600a46c19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc.resources_31bf3856ad364e35_en-us_82a7aed16f15ab3f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc_31bf3856ad364e35_none_40680d23e5d4a800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceNoNetwork"="PLA DPS BFE mpssvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc\Parameters]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI.dll,-23306|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI,-23307|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
"DependOnService"="HTTP Eventlog mpssvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\SafeBoot\Network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\MpsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\MpsSvc\Parameters]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI.dll,-23306|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI,-23307|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Wecsvc]
"DependOnService"="HTTP Eventlog mpssvc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI.dll,-23306|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI,-23307|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc]
"DependOnService"="HTTP Eventlog mpssvc"

-= EOF =-

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=27feeb7097658b49bf0758527e607613
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-10 07:53:10
# local_time=2010-10-10 08:53:10 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 785152 45816789 789684 0
# compatibility_mode=5121 16777214 100 75 1222228 15985816 0 0
# compatibility_mode=5892 16776574 100 95 85843639 124260068 0 0
# compatibility_mode=8192 67108863 100 0 3386 3386 0 0
# scanned=87527
# found=0
# cleaned=0
# scan_time=13093
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=27feeb7097658b49bf0758527e607613
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-11 04:13:34
# local_time=2010-10-11 05:13:34 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 798326 45829963 802858 0
# compatibility_mode=5121 16777214 100 75 1235402 15998990 0 0
# compatibility_mode=5892 16776574 100 95 85856813 124273242 0 0
# compatibility_mode=8192 67108863 100 0 16560 16560 0 0
# scanned=87527
# found=0
# cleaned=0
# scan_time=29944

Are you getting any more fake alerts? Any other issues?

No. It seems to be running normally again. I haven't had any problems opening programs or connecting to the internet and am no longer in safe mode. Thank you very much for your help. :smile2:

If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I haven't done what you asked yet. I'm just posting because my antivirus software told me that it found another trojan. I've looked at it in the quarantine area of the antivirus software and it's a different trojan with a different name. I don't know whether it's serious, it doesn't seem to have affected my laptop (not yet anyway), but I don't know if it's related to the problems I've had. Your advice would be much appreciated

Re-run ComboFix and post a log, please.