Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes won't install - rogue service [Solved]


  • This topic is locked This topic is locked

#16
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey Montery. :)
Hope everything is well.

===== > Step 1: OTL Fix < =====

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    [2014/02/27 14:13:13 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

===== > Step 2: MBAM Scan < =====

  • Please start MBAM. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the MBAM icon and select Run as Administrator)
  • Please go to the Update Tab and update the definitions, then go back to the Scanner.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

===== > Step 3: ESET < =====

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:

    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):

    • ESET Online Scanner

  • 0

Advertisements


#17
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli,

You didn't want the OTL log?

Here's the ESET Log:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d55386ad64f43f4d99e68eab01af04d0
# engine=17274
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-01 12:20:16
# local_time=2014-02-28 04:20:16 (-0800, Pacific Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 145176666 0 0
# scanned=436440
# found=21
# cleaned=0
# scan_time=6603
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=BB9D738FE60ACB21AC21D954053B2EAB58FA9EB9 ft=1 fh=980610410a7a1e07 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Ralph\Downloads\FreeVideoToJPGConverter.exe"
sh=2EB9FDDBB95FF49E505044EA297AC4D441B5F082 ft=1 fh=3f8c02ce2059fdc4 vn="Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="C:\Users\Ralph\Downloads\Nebulosity\nebulosity.2.4.0-patch.exe"
sh=F0AA4FECDB1762FD18702D177345C6EB56EE1016 ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="C:\Users\Ralph\Downloads\Nebulosity\Nebulosity.2.4.0.patch-SND.zip"
sh=8D1123A771583BABB75BAACD2DB40065FCC35EF2 ft=1 fh=c13683fd4dd33f62 vn="RAR/Agent.U trojan" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_ProgramData\{$1284-9213-2940-1289$}\l.exe"
sh=E2A3064605AC27BE94EA78683A0024EED40341C8 ft=1 fh=38db60c57cdc00ac vn="RAR/Agent.X trojan" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_ProgramData\{$1284-9213-2940-1289$}\md.exe"
sh=8DEAFE9915DC23EFC8D0EA61320B165BA6B0CE7F ft=1 fh=e0701c5ccac4430f vn="RAR/Agent.X trojan" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_ProgramData\{$1284-9213-2940-1289$}\mf.exe"
sh=E2DFEA6D28943A5803D36B7EBBF114D0D40B690C ft=1 fh=b41f712cedc9aec6 vn="RAR/Agent.U trojan" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_ProgramData\{$1284-9213-2940-1289$}\mp.exe"
sh=EE216612E22A2A30860227F5434F0A383987C209 ft=1 fh=ae614cea20eec4a7 vn="RAR/Agent.U trojan" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_ProgramData\{$1284-9213-2940-1289$}\mv.exe"
sh=25BB4E244FAD6E58DC8080C448F5E84246D58CF2 ft=1 fh=d933b98461358f24 vn="RAR/Agent.X trojan" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_ProgramData\{$1284-9213-2940-1289$}\n.exe"
sh=BA49E863397A4823A79B599946DA28AC85F1168E ft=1 fh=56579857f67c80b6 vn="RAR/Agent.X trojan" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_ProgramData\{$1284-9213-2940-1289$}\p.exe"
sh=D82DA807AFB0C3408F1DC50D86944F39BD191F04 ft=1 fh=0fa51149b34f0953 vn="a variant of Win32/Amonetize.AC potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\02252014_131514\C_Users\Ralph\AppData\Local\SwvUpdater\Updater.exe"
sh=F5EE5460CB27CFAA23FF4C6200A271934F53A3D9 ft=1 fh=f30687f6eade656f vn="a variant of MSIL/Injector.CVL trojan" ac=I fn="C:\_OTL\MovedFiles\02272014_084141\C_ProgramData\Application Services\appsvc.exe"
sh=BC7F6756E76FAF672ED4C176B2DFC2CEDE7DC8CA ft=1 fh=894a45bc0255cd5b vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="D:\Apps\3DS Max 2014\3ds Max 2014\xf-adsk64.exe"
sh=49D2EE14D375119BA618D465F04ED2F578ABD245 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="D:\Apps\3DS Max 2014\Autodesk2014 XFORCE\xf-adsk32.7z"
sh=F4A01AFB5F505725D60C3BBBFC8759DB3EE53EE4 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="D:\Apps\3DS Max 2014\Autodesk2014 XFORCE\xf-adsk64.7z"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BL potentially unsafe application" ac=I fn="D:\Downloads\rld-baaror.iso"
sh=E03AF63146A3B4E85C04551706AEFE110AA30E73 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.EM potentially unsafe application" ac=I fn="D:\Downloads\Nebulosity V3.10\Nebulosity.v3.1.0_KEYGEN-FFF.zip"
sh=F5EE5460CB27CFAA23FF4C6200A271934F53A3D9 ft=1 fh=f30687f6eade656f vn="a variant of MSIL/Injector.CVL trojan" ac=I fn="D:\Files from SeedStuff.ca\Google Earth Pro 7.1.2.2041 Final\Google Earth Pro 7.1.2.2041 Final\google.earth.free2pro.v6.2.2.6613.patch-MPT.exe"
sh=66A5D5198EC1F101F3707983696E4E6105AD627C ft=1 fh=5f93d9a6fa22a982 vn="a variant of Win32/Amonetize.AG potentially unwanted application" ac=I fn="D:\Files from SeedStuff.ca\Google Earth Pro 7.1.2.2041 Final\Google Earth Pro 7.1.2.2041 Final\GoogleEarthWin.exe"
sh=459173DF33D50CFAF50815B0BCB9D7B5E1187328 ft=1 fh=9dadc245de04900a vn="RAR/Agent.U trojan" ac=I fn="D:\Files from SeedStuff.ca\MyLanViewer 4.16+CraCk [FULL]\MyLanViewer 4.16.9 + Crack\~CraCk\MyLanViewer.exe"
  • 0

#18
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey Montery ;),
Well done so far! :thumbsup:

You didn't want the OTL log?

Please do a Quickscan as it said in my OTL Fix Instructions. :)

After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.


  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Also, please show me the MBAM Log.

Bye,
Gerrit
  • 0

#19
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hope you're having a good weekend, Machiavelli!

Here's the latest OTL log and MBAM log. Still haven't been able to install MS Security Essentials anti-virus software. I get an Error Code 0x80070643 when I attempt to install.

OTL logfile created on: 01/03/2014 4:46:15 PM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.91 Gb Total Physical Memory | 10.98 Gb Available Physical Memory | 69.04% Memory free
31.82 Gb Paging File | 26.62 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 61.96 Gb Free Space | 27.73% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 499.47 Gb Free Space | 53.62% Space Free | Partition Type: NTFS
Drive I: | 7.39 Gb Total Space | 2.30 Gb Free Space | 31.13% Space Free | Partition Type: FAT32

Computer Name: ANTEC | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 16:42:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/14 11:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2013/03/10 09:08:47 | 000,088,984 | ---- | M] (Elaborate Bytes AG) -- D:\Apps\VirtualCloneDrive\VCDDaemon.exe
PRC - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/25 20:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/06/11 14:11:48 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 16:42:44 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 03:31:50 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 03:27:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:27:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:27:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:27:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:27:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:27:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 03:27:08 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:27:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:27:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:26:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010/06/08 09:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/07/16 20:33:49 | 001,471,352 | ---- | M] (Flexera Software LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 11:56:00 | 000,240,640 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/15 12:03:14 | 009,695,744 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 22:30:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 16:42:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/09 17:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64)
SRV - [2011/09/12 20:38:06 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/12 20:32:55 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/10 22:48:42 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/07/03 18:20:42 | 000,085,016 | -H-- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PROCMON23.SYS -- (PROCMON23)
DRV:64bit: - [2013/03/10 16:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/07 12:36:18 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/03/07 12:36:16 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/03/04 04:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 11:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 03:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 16:36:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/10/12 16:36:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/10/12 16:36:00 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/10/12 16:36:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/09/28 23:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/30 13:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 13:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/04/08 03:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/09 11:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/01 09:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0A 34 61 AF 95 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://google.ca"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: viewabout%40rumblingedge.com:2.0.1
FF - prefs.js..extensions.enabledAddons: youtubequality%40rzll:1.2
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:11.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: D:\Apps\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ralph\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ralph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Components: D:\APPS\64BIT FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Plugins: D:\APPS\64BIT FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/18 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Extensions
[2014/02/28 11:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions
[2013/12/02 12:39:09 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/09 20:20:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/28 11:59:13 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2012/07/05 06:54:39 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/06 10:23:14 | 000,104,966 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/09/18 08:30:16 | 000,021,977 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/10/21 22:29:35 | 000,009,961 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/26 09:57:54 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/07/31 10:45:46 | 000,000,968 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\searchplugins\scrapetorrent.xml
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 16:42:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Apps\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = D:\Apps\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/25 13:15:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Apps\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941263B3-6134-4436-B8B2-922E30D62EFB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/27 15:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/27 15:32:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/27 15:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/27 14:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/27 14:43:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/27 08:45:22 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ralph\Desktop\tdsskiller.exe
[2014/02/26 13:04:53 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/26 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CrashDumps
[2014/02/26 10:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2014/02/26 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 13:29:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 13:27:18 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:23:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/25 13:15:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/25 09:06:00 | 000,000,000 | ---D | C] -- C:\Users\Ralph\Desktop\RK_Quarantine
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/02/24 15:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/02/19 10:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2014/02/18 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/18 17:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/16 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CADlogic Limited
[2014/02/16 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CADlogic Limited
[2014/02/16 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CADlogic Limited
[2014/02/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/16 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/15 16:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/06 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014/02/06 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/06 10:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Sun
[2014/02/06 10:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/05 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2014/02/05 15:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/05 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2014/02/05 15:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/02/05 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2014/02/05 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/04 03:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2014/02/04 03:43:23 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2014/02/03 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\inkscape

========== Files - Modified Within 30 Days ==========

[2014/02/28 14:22:52 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/28 14:22:52 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/28 14:20:02 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/28 14:20:02 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/28 14:20:02 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/28 14:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/28 14:15:40 | 4222,160,894 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/27 15:57:43 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/27 15:32:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/27 14:15:37 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Free Video to JPG Converter.lnk
[2014/02/27 08:45:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ralph\Desktop\tdsskiller.exe
[2014/02/27 03:00:35 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 16:27:00 | 000,002,280 | -H-- | M] () -- C:\Users\Ralph\Documents\Default.rdp
[2014/02/26 13:04:56 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/25 13:47:39 | 000,004,365 | ---- | M] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:27:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:22:42 | 001,241,834 | ---- | M] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:15:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/25 13:01:19 | 000,001,046 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/24 15:41:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 15:38:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000UA.job
[2014/02/24 15:32:07 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/02/24 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 09:38:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000Core.job
[2014/02/23 22:17:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 09:19:31 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | M] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 16:00:13 | 000,000,071 | ---- | M] () -- C:\Windows\ESNX625.ini
[2014/02/16 15:51:21 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/10 16:34:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 12:56:02 | 000,440,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/06 11:03:39 | 000,032,766 | ---- | M] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk

========== Files Created - No Company Name ==========

[2014/02/27 15:32:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/27 14:15:37 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Free Video to JPG Converter.lnk
[2014/02/25 13:47:39 | 000,004,365 | ---- | C] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:22:29 | 001,241,834 | ---- | C] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:01:19 | 000,001,046 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | C] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 15:51:21 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/16 15:50:55 | 000,000,071 | ---- | C] () -- C:\Windows\ESNX625.ini
[2014/02/10 16:34:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/10 16:34:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 11:03:39 | 000,032,766 | ---- | C] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:07:00 | 000,000,652 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/03/13 16:28:29 | 000,000,024 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Usage.ini
[2013/03/08 22:03:42 | 000,043,874 | ---- | C] () -- C:\Users\Ralph\Network_Meter_Data.js
[2013/02/11 21:00:00 | 000,017,895 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2012/11/27 07:02:44 | 000,060,304 | ---- | C] () -- C:\Users\Ralph\g2mdlhlpx.exe
[2012/09/16 21:26:11 | 000,000,073 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane_drm.prf
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 17:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 17:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/06 20:09:44 | 000,001,108 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Settings.ini
[2011/10/11 21:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Temptable.xml
[2011/09/18 20:29:15 | 000,000,080 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane Installer.prf
[2011/07/18 18:03:56 | 000,007,791 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Autodesk
[2013/07/11 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\BitKinex
[2012/05/06 10:23:28 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Blender Foundation
[2011/12/18 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Canon
[2011/10/06 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\CircuitWorks
[2012/10/27 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Citrix
[2013/11/07 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\cYo
[2011/09/12 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DassaultSystemes
[2014/02/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\deluge
[2014/02/28 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Dropbox
[2013/12/03 01:15:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DxO Labs
[2013/11/26 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Easy Thumbnails
[2014/02/28 13:50:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/27 19:36:49 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FileZilla
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\flightgear.org
[2011/08/28 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\fltk.org
[2013/09/21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\GmailNotifierPro
[2013/05/20 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\gtk-2.0
[2013/12/02 17:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\HDRsoft
[2012/10/10 18:58:10 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Hulubulu
[2011/07/19 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\InfraRecorder
[2014/02/03 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\inkscape
[2014/02/04 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2013/09/22 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JAM Software
[2013/07/22 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JPEGView
[2012/06/07 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Leadertech
[2011/10/07 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Luxology
[2013/10/31 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\ManyCam
[2012/05/10 06:50:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MediaMonkey
[2011/10/22 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mobipocket
[2012/04/24 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MonoDevelop-Unity-2.8
[2013/12/02 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mp3tag
[2013/11/18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MusicBrainz
[2012/07/08 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\mypcdrivers
[2013/12/02 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Nebulosity3
[2014/02/14 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2013/09/22 13:17:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Notepad++
[2013/05/15 11:18:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Oracle
[2012/10/27 22:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PACE Anti-Piracy
[2013/12/13 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\SecondLife
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Subversion
[2012/05/26 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TagScanner
[2014/02/06 12:54:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TeraCopy
[2012/04/11 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Unity
[2012/12/30 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\uqm

========== Purity Check ==========



< End of report >


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Ralph :: ANTEC [administrator]

01/03/2014 4:50:03 PM
mbam-log-2014-03-01 (16-50-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218632
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#20
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey Montery,
the fix below won't fix the Defender error, this will be our next step (the step after the steps below). :) Don't worry, we will fix that Defender issue.

===== > Step 1: Illegal Software Warning < =====

In your log(s) I see some things which are related to illegal Sofware. We do not support illegal Software. With the fix below we will remove the illegal software. If you opt not to remove I will have to withdraw my free assistance per this forums terms of use.

Following file(s) is/are illegal:

  • D:\Files from SeedStuff.ca\Google Earth Pro 7.1.2.2041 Final
  • D:\Files from SeedStuff.ca\MyLanViewer 4.16+CraCk [FULL]
  • D:\Downloads\rld-baaror.iso

===== > Step 2: OTL Fix < =====

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    
    :Files
    C:\Users\Ralph\Downloads\FreeVideoToJPGConverter.exe
    C:\Users\Ralph\Downloads\Nebulosity
    D:\Apps\3DS Max 2014
    D:\Downloads\rld-baaror.iso
    D:\Downloads\Nebulosity V3.10
    D:\Files from SeedStuff.ca\Google Earth Pro 7.1.2.2041 Final
    D:\Files from SeedStuff.ca\MyLanViewer 4.16+CraCk [FULL]
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.
  • Then run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

===== > Step 3: CKScanner < =====

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#21
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli,

Ah, apologies for the inappropriate software. I ran the script as requested. If there's anything else I should remove, please don't hesitate to let me know!

I've attached the OTL log as a file, since it's too long to paste into the message here.

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\ralph\downloads\faststone.capture.v7.7.winall.incl.keygen-fallen.torrent
c:\_otl\movedfiles\03022014_161002\d_apps\3ds max 2014\3ds max 2014\maps\substance\textures\cracked_plaster.sbsar
c:\_otl\movedfiles\03022014_161002\d_apps\3ds max 2014\autodesk installer\autodesk_3ds_max_2014_efgjks_win_64bit_dlm\x64\max\autodesk\3ds max 2014\maps\substance\textures\cracked_plaster.sbsar
scanner sequence 3.AB.11.EJNAUZ
----- EOF -----

Attached Files


  • 0

#22
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey Montery. :)

Ah, apologies for the inappropriate software.

Acknowledged. :)

Now we are going to find a fix for the Microsoft Essential issue.

===== > Step 1: OTL Fix < =====

  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    c:\users\ralph\downloads\faststone.capture.v7.7.winall.incl.keygen-fallen.torrent
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the fixlog into your next reply.

===== > Step 2: Question to MS Essentials < =====

In the EXTRAS Log I can see you have "Microsoft Security Client" = Microsoft Security Essentials installed.

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, please search after these:

    • Microsoft Security Essentials
    • Microsoft Security Client
  • Please let me know if any of the software above is installed on your system.

Also, please let me know if the Defender Error is now solved. So far I understood you have solved that issue on your way. Also, please let me know what AntiVirus you currently have on your system and what AntiVirus you had in the past.
  • 0

#23
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Greetings, Machiavelli,

Microsoft Security Essentials is the only product that I use for both Spyware & unwanted software protection, and antivirus protection. This program isn't in the uninstall list.

Windows Defender appears to be superseded by Microsoft Security Essentials, from what I've been reading, and I have it running at the moment simply because I don't have MSE running yet.

Here's the OTL Log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
c:\users\ralph\downloads\FastStone.Capture.v7.7.WinAll.Incl.Keygen-FALLEN.torrent moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ralph
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111967968 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03032014_072616

Files\Folders moved on Reboot...
C:\Users\Ralph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20140302164708604).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20140302164708604).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20140302164708604).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Thanks again!! :)
  • 0

#24
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey ;),

So you had Essentials installed before the problems started and then uninstalled it?
  • 0

#25
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Yes, I had essentials installed before the problems started. The problems had caused it to be rendered inoperable, and so I uninstalled it. Subsequent attempts to install it have proved fruitless. :)
  • 0

Advertisements


#26
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey Montery,
Hope the weekend was great for you. Sadly it is over now. :)

===== > Step 1: Microsoft Security Essentials Removal Tool < =====

Please download the Removal Tool from here and run it. Follow the onscreen instructions to remove the last traces of Security Essentials. After it has finished try to install Essentials again and tell me if it worked.
  • 0

#27
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hmm, this is interesting. I am beginning to think I'm not quite virus-free just yet.

I ran the Fix-it program, and it stalled. Would not finish despite waiting 15-20 minutes.

I looked up the Fix it number 50535 on Microsoft, and even went through the manual process of removing MSE. None of the registry keys listed here on the Microsoft Support site were found.

I subsequently went through the entire registry removing any entries containing the word Microsoft Security Essentials (none found) and Microsoft Antimalware (a couple found, including the directory where log files are kept).

I removed all the directories found here: C:\ProgramData\Microsoft\Microsoft Security Client, and rebooted. Then I re-installed MSE. Failed, but this time I had fresh logs:

ERRORS_ONLY=0
MAX_SIZE=5120
APPEND=1
MAX_LINE_SIZE=256
-------------------------------------------------
START 2014/03/03 14:11:01:673 TID:3808 PID:2216

INFO 2014/03/03 14:11:01:673 TID:3808 PID:2216
Log location [C:\ProgramData\Microsoft\Microsoft Security Client\Support]

INFO 2014/03/03 14:11:01:673 TID:3808 PID:2216
WPP logging session is already open. HR: 0x80070020

INFO 2014/03/03 14:11:01:673 TID:3808 PID:2216
Initializing WPP Logging with APP NAME[MSSESetup]

SUCCESS 2014/03/03 14:11:01:673 TID:3808 PID:2216
Starting setup...

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
Current version number is '4.4.304.0'

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
Command line arguments: []

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
Setup type is 0x2

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
Market set to 'en-us'

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
Internal brand name is 'MSEv2'

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
Processor Architecture: amd64

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
OS type: 16

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
OS friendly name: Windows 7 Ultimate

INFO 2014/03/03 14:11:01:688 TID:3808 PID:2216
Attempt to run Install scenario

INFO 2014/03/03 14:11:01:798 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetInstallPrequalChecksAction

INFO 2014/03/03 14:11:01:798 TID:3808 PID:2216
Show dialog, ID [1]

INFO 2014/03/03 14:11:03:857 TID:3808 PID:2216
Show dialog, ID [9]

INFO 2014/03/03 14:11:05:432 TID:3808 PID:2216
Show dialog, ID [45]

INFO 2014/03/03 14:11:08:552 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetSqmOptInAction

INFO 2014/03/03 14:11:08:552 TID:3808 PID:2216
Show dialog, ID [51]

INFO 2014/03/03 14:11:09:754 TID:3808 PID:2216
Show dialog, ID [52]

INFO 2014/03/03 14:11:09:800 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetWmiInfrastructureCheckAction

INFO 2014/03/03 14:11:11:813 TID:2416 PID:2216
Show dialog, ID [34]

INFO 2014/03/03 14:11:13:326 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetCompetitiveAppRemoveAction

INFO 2014/03/03 14:11:13:326 TID:3808 PID:2216
Show dialog, ID [2]

INFO 2014/03/03 14:11:13:357 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetInstallNisPrequal

INFO 2014/03/03 14:11:13:357 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetUninstallExternalPackagesAction

INFO 2014/03/03 14:11:13:373 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetEPPUninstallAction

INFO 2014/03/03 14:11:13:373 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetCopyFileAction

INFO 2014/03/03 14:11:13:373 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::InternalRun - GetDrWatsonInstallAction

ERROR 2014/03/03 14:11:14:621 TID:3808 PID:2216
Operation failed: MorroBootstraper::CInstallFlow::InternalRun - GetEPPInstallAction - Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation. [80070643]

INFO 2014/03/03 14:11:14:621 TID:3808 PID:2216
Performing Rollback

INFO 2014/03/03 14:11:14:621 TID:3808 PID:2216
Show dialog, ID [38]

INFO 2014/03/03 14:11:14:636 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::RollbackInstallation - GetBetaUninstallAction

INFO 2014/03/03 14:11:14:636 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::RollbackInstallation - GetUninstallExternalPackagesAction

INFO 2014/03/03 14:11:14:636 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::RollbackInstallation - GetEPPUninstallAction

INFO 2014/03/03 14:11:14:636 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::RollbackInstallation - GetArpUninstallAction

INFO 2014/03/03 14:11:14:636 TID:3808 PID:2216
Operation finished: MorroBootstraper::CInstallFlow::RollbackInstallation - GetDrWatsonUninstallAction

INFO 2014/03/03 14:11:14:636 TID:3808 PID:2216
Show dialog, ID [10]

ERROR 2014/03/03 14:11:17:959 TID:3808 PID:2216
Operation failed: Flow InternalRun - Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation. [80070643]

ERROR 2014/03/03 14:11:17:959 TID:3808 PID:2216
Operation failed: Setup - Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation. [80070643]

INFO 2014/03/03 14:11:17:975 TID:3808 PID:2216
Operation finished: Sending setup completed event to event log

INFO 2014/03/03 14:11:17:975 TID:3808 PID:2216
Stopping logging...

FINISH 2014/03/03 14:11:17:975 TID:3808 PID:2216

After running the MSE installer, I noticed that my Task manager had a msiexec.exe running that wouuldn't die.

Thoughts? :confused:
  • 0

#28
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey Montery ;),

Hmm, this is interesting. I am beginning to think I'm not quite virus-free just yet.

After your last logs your machine seems to be clean.

===== > Step 1: System Update Readiness Tool < =====

  • Download the System Update Readiness Tool from here to your Desktop.
  • After the download has completed, double-click the file and wait while it initializes. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the icon and select Run as Administrator)
  • Click Yes to begin installation. Please note it may take some time to complete and may appear to stall whilst installing. Don't worry, this is perfectly normal behaviour. Also note, whilst I say "installing", it's actually running the tool and can therefore be "installed" (run) repeatedly.

===== > Step 2: Export CBS Folder < =====

  • Click the Start button Posted Image then click Computer.
  • Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
  • Find and double click on the Logs folder.
  • Right-click on the CBS folder, and select Copy.
  • Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
  • Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
  • A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.
  • Attach this to your next post please. If it is too big, please use an alternative uploading method then send me the link (Dropbox, SkyDrive, SendSpace etc.).

  • 0

#29
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Good morning, Machiavelli!

I ran the System Update Readiness Tool, and it installed a hotfix.

I have a copy of the CBS folder located here.

Thanks!
  • 0

#30
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey Montery :),

===== > Step 1: Checking Windows Installer Service < =====

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    regedit /e %USERPROFILE%\Desktop\Machiavelli.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer"

  • This will create a text file called Machiavelli.txt on your Desktop. Please copy and paste the contents of this into your next post.

===== > Step 2: Searching after a file < =====

Download SystemLook from here.


  • Double-click SystemLook.exe to run it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the SystemLook.exe icon and select Run as Administrator).
  • Copy the content of the following codebox into the main textfield:
    :filefind
    msiexec.exe 
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP