Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes won't install - rogue service [Solved]


  • This topic is locked This topic is locked

#46
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Hey :)

There is no error screen attached :whistling:

Bye,
Machiavelli


D'oh!

Capture.PNG
  • 0

Advertisements


#47
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey Montery,

First, please download Microsoft FixIt from here and run it. Follow the onscreen instructions.

Then, try to make Windows Updates. Instructions are available here.

Problems solved? :unsure:
  • 0

#48
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hiya Machiavelli,

Nope, still the same issue. :(

Capture.PNG
  • 0

#49
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey,
While I'm discussing with further colleagues I like to do a little scan for RootKits. I know it takes time to fix the issue, but please be patient, I'm pretty sure we will fix that issue.

===== > Step 1: ASWMBR < =====

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1


  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

===== > Step 2: TDSSKiller < =====

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the TDSSKiller icon and select Run as Administrator).
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#50
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli,

I think this is annoying you more than it is me! :)

Here are the results of the aswMBR log. The TDSSKiller log is too large to paste, so I have attached it instead.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-10 10:00:54
-----------------------------
10:00:54.410 OS Version: Windows x64 6.1.7601 Service Pack 1
10:00:54.410 Number of processors: 8 586 0x2A07
10:00:54.411 ComputerName: ANTEC UserName: Ralph
10:00:54.744 Initialize success
10:05:53.839 AVAST engine defs: 14031000
10:06:29.499 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:06:29.501 Disk 0 Vendor: ST31000526SV CV15 Size: 953869MB BusType: 11
10:06:29.504 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
10:06:29.507 Disk 1 Vendor: ST3500630AS 3.AAE Size: 476940MB BusType: 11
10:06:29.510 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
10:06:29.513 Disk 2 Vendor: OCZ-VERTEX3_MI 2.13 Size: 228936MB BusType: 11
10:06:29.520 Disk 2 MBR read successfully
10:06:29.524 Disk 2 MBR scan
10:06:29.529 Disk 2 Windows 7 default MBR code
10:06:29.533 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:06:29.537 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 228833 MB offset 206848
10:06:29.544 Disk 2 scanning C:\Windows\system32\drivers
10:06:31.429 Service scanning
10:06:36.856 Modules scanning
10:06:36.867 Disk 2 trace - called modules:
10:06:36.876 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:06:36.882 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800fd45060]
10:06:36.886 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800e8241e0]
10:06:36.891 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800e844060]
10:06:37.228 AVAST engine scan C:\Windows
10:06:37.732 AVAST engine scan C:\Windows\system32
10:07:28.055 AVAST engine scan C:\Windows\system32\drivers
10:07:30.392 AVAST engine scan C:\Users\Ralph
10:08:15.696 AVAST engine scan C:\ProgramData
10:08:22.583 Scan finished successfully
10:08:35.613 Disk 2 MBR has been saved successfully to "C:\Users\Ralph\Desktop\MBR.dat"
10:08:35.616 The log file has been saved successfully to "C:\Users\Ralph\Desktop\aswMBR.txt"


Attached File  TDSSKiller.3.0.0.25_10.03.2014_10.13.59_log.txt   725.38KB   43 downloads
  • 0

#51
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello,

  • please download ProcessMonitor from here to your Desktop
  • Create on your Desktop a folder called ProcessMonitor. Then double click on ProcessMonitor.zip and select all items and move it into the ProcessMonitor folder
  • Right click on Procmon.exe and select Run as Administrator
  • A window will open

Try to install Microsoft Essentials. You will get the same error as before, don't exit.

  • Go back to the ProcessMonitor window (don't exit the installer window of Essentials) and click on the save symbol in the left corner
  • A window will open. Click OK.
  • A logfile called Logfile.PML will be saved on the same location where the exe file is located (should be)
  • Attach the file here.

  • 0

#52
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ooh, this looks interesting! I have my suspicions on files that need removing, but I will not do anything till I hear back from you.

I've posted the file up to Dropbox, since the forum won't allow PML files to be uploaded.

https://www.dropbox....f2b/Logfile.PML
  • 0

#53
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey :)

I have my suspicions on files that need removing, but I will not do anything till I hear back from you.

Which suspicions? Please list the files.

I'm analyzing the log :)
  • 0

#54
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Well, recall how all this started with a google installer?

I find it odd that the GoogleUpdate.exe is being called, when the only activity is the installation of MSEInstall.

But, this lead me to look at the Event Viewer, which typically has good info in it. Don't know why I didn't think to look there. :)

At 1:38:36, the MsiInstaller application logged this error:
Product: Microsoft Security Client -- Error 1310. Error writing to file: C:\Program Files (x86)\Microsoft Security Client\MsMpLics.dll.  System error 0.  Verify that you have access to that directory.

The next log entry (chronologically) is Windows Error Reporting:
Fault bucket , type 0
Event Name: MSSecurityClient
Response: Not available
Cab Id: 0

Problem signature:
P1: Setup.exe
P2: 4.4.304.0
P3: 0x80070643
P4: MorroBootstraper::CInstallFlow::InternalRun - GetEPPInstallAction
P5: MorroBootstraper::CFlow::ProcessFlowActionResult
P6: 0
P7: Security Essentials
P8: 
P9: 
P10: 

Attached files:
C:\Users\Ralph\AppData\Local\Temp\\{35D1E6AC-CBE6-40F3-9D17-BB8E0FE60647}.tmp
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetup.etl
C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.4.304.0_epp_Install.log
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetup.log
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetupResult.ini

These files may be available here:


Analysis symbol: 
Rechecking for solution: 0
Report Id: bf6d625c-a95c-11e3-97dd-002522cd7073
Report Status: 0

Followed by this one:
Fault bucket 3979265016, type 5
Event Name: MSSecurityClient
Response: Not available
Cab Id: 0

Problem signature:
P1: Setup.exe
P2: 4.4.304.0
P3: 0x80070643
P4: MorroBootstraper::CInstallFlow::InternalRun - GetEPPInstallAction
P5: MorroBootstraper::CFlow::ProcessFlowActionResult
P6: 0
P7: Security Essentials
P8: 
P9: 
P10: 

Attached files:
C:\Users\Ralph\AppData\Local\Temp\\{35D1E6AC-CBE6-40F3-9D17-BB8E0FE60647}.tmp
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetup.etl
C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.4.304.0_epp_Install.log
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetup.log
C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetupResult.ini

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Setup.exe_60834eb452dc749840d17c44e5888e29a20d9b1_1617fd40

Analysis symbol: 
Rechecking for solution: 0
Report Id: bf6d625c-a95c-11e3-97dd-002522cd7073
Report Status: 0

Looking at this directory:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Setup.exe_60834eb452dc749840d17c44e5888e29a20d9b1_1617fd40

Yields a file called report.wer, which contains this information:
Version=1
EventType=MSSecurityClient
EventTime=130390437574969085
Consent=2
UploadTime=130390437575059090
ReportIdentifier=bf6d625c-a95c-11e3-97dd-002522cd7073
Response.BucketId=3979265016
Response.BucketTable=5
Response.type=4
Sig[0].Name=Problem Signature 01
Sig[0].Value=Setup.exe
Sig[1].Name=Problem Signature 02
Sig[1].Value=4.4.304.0
Sig[2].Name=Problem Signature 03
Sig[2].Value=0x80070643
Sig[3].Name=Problem Signature 04
Sig[3].Value=MorroBootstraper::CInstallFlow::InternalRun - GetEPPInstallAction
Sig[4].Name=Problem Signature 05
Sig[4].Value=MorroBootstraper::CFlow::ProcessFlowActionResult
Sig[5].Name=Problem Signature 06
Sig[5].Value=0
Sig[6].Name=Problem Signature 07
Sig[6].Value=Security Essentials
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.1
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=4105
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=MSSecurityClient
ConsentKey=MSSecurityClient
AppName=Microsoft Security Client Setup
AppPath=D:\4236aeaf4c51a08837fe2b\amd64\setup.exe

Hmm, dead end there. But going back to the error event:
Product: Microsoft Security Client -- Error 1310. Error writing to file: C:\Program Files (x86)\Microsoft Security Client\MsMpLics.dll. System error 0. Verify that you have access to that directory.

... I tried to (as administrator) access C:\Program Files (x86)\Microsoft Security Client, and was blocked with this message:
MSC-1.PNG

Clicked the Security Tab link and got this
MSC-2.PNG

I clicked continue and ended here:
MSC-3.PNG
...where I didn't know what to do. :)

My thinking is that my Admin account does not have access to this directory, which is preventing MSC from reading/writing the DLL it wants in there.

What do you think? :)
  • 0

#55
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey,
I think we have the same problem as by Malwarebytes. But first try this below.

Please activate Windows Firewall. Here are instructions for that.

Test if the installation works.
  • 0

Advertisements


#56
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Windows Firewall has always been on, but I verified it was on before installing MSE.

Same issue, failed to install. :)
  • 0

#57
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey Montery,

With the steps below we will see the errors when you download MSE.
  • Please download this fixit from here and run it.
  • Try to install Essentials again. Now, you probably wonder , you will get the same issues again :P

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    dir %temp% > %USERPROFILE%\Desktop\Machiavelli.txt

  • This will create a text file called Machiavelli.txt on your Desktop. Please copy and paste the contents of this into your next post.

  • 0

#58
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machivelli...

Here you go!

Volume in drive C has no label.
 Volume Serial Number is 9858-36D0

 Directory of C:\Users\Ralph\AppData\Local\Temp

12/03/2014  09:18 AM    <DIR>          .
12/03/2014  09:18 AM    <DIR>          ..
11/03/2014  11:10 AM    <DIR>          acrord32_sbx
12/03/2014  09:11 AM    <DIR>          acro_rd_dir
11/03/2014  03:31 PM                65 adb.log
12/03/2014  03:18 AM             8,686 AdobeARM.log
11/03/2014  03:35 PM               158 CFG589A.tmp
11/03/2014  03:36 PM               158 CFG86FA.tmp
08/03/2014  05:42 PM    <DIR>          comtypes_cache
08/03/2014  01:03 PM               298 dd_NETFXRepair.log
09/03/2014  05:48 PM           403,362 dd_vcredistMSI612E.txt
09/03/2014  05:48 PM            13,624 dd_vcredistUI612E.txt
11/03/2014  02:56 PM                 0 DMI1093.tmp
11/03/2014  04:18 PM                 0 DMI28D4.tmp
11/03/2014  03:33 PM                 0 DMI2D46.tmp
11/03/2014  04:10 PM                 0 DMI2DC4.tmp
11/03/2014  03:15 PM                 0 DMI3DDA.tmp
11/03/2014  03:04 PM                 0 DMI426C.tmp
11/03/2014  03:04 PM                 0 DMI5B0B.tmp
11/03/2014  03:15 PM                 0 DMI63A3.tmp
11/03/2014  04:05 PM                 0 DMI8113.tmp
11/03/2014  02:58 PM                 0 DMI8F82.tmp
11/03/2014  04:04 PM                 0 DMI94FE.tmp
11/03/2014  04:04 PM                 0 DMI9628.tmp
11/03/2014  03:02 PM                 0 DMID24C.tmp
11/03/2014  01:58 PM                 0 DMID99B.tmp
11/03/2014  04:11 PM                 0 DMIDE8C.tmp
11/03/2014  02:50 PM                 0 DMIDE9B.tmp
11/03/2014  03:02 PM                 0 DMIEB49.tmp
11/03/2014  04:09 PM                 0 DMIF3A1.tmp
09/03/2014  03:55 PM    <DIR>          FixitTempFolder(34B9DFE5-2C9B-404E-AC8C-9B4AF77E7D0A)
08/03/2014  01:05 PM                 0 FXSAPIDebugLogFile.txt
09/03/2014  11:08 AM                 0 geColladaModelCacheLock
09/03/2014  11:08 AM                 0 geIconCacheLock
09/03/2014  11:18 PM    <DIR>          hsperfdata_Ralph
12/03/2014  03:23 AM             7,276 jusched.log
08/03/2014  01:00 PM    <DIR>          LCFEM
11/03/2014  06:25 PM         1,300,193 Logfile.PML
09/03/2014  04:54 PM    <DIR>          Low
12/03/2014  07:30 AM    <DIR>          mozilla-temp-files
11/03/2014  04:20 PM    <DIR>          msdt
11/03/2014  04:20 PM    <DIR>          msdtadmin
12/03/2014  09:18 AM            15,354 MSIae3b0.LOG
10/03/2014  09:45 AM    <DIR>          plugtmp
11/03/2014  02:52 PM    <DIR>          plugtmp-1
12/03/2014  08:31 AM    <DIR>          plugtmp-2
11/03/2014  04:26 PM            33,806 PrintPreview.hta
09/03/2014  04:50 PM    <DIR>          scoped_dir1220_13703
11/03/2014  03:11 PM    <DIR>          scoped_dir2180_1529
08/03/2014  05:42 PM    <DIR>          scoped_dir2240_3867
09/03/2014  05:44 PM    <DIR>          scoped_dir2416_24114
11/03/2014  03:19 PM    <DIR>          scoped_dir2684_2956
09/03/2014  05:06 PM    <DIR>          scoped_dir3584_16832
11/03/2014  03:45 PM    <DIR>          scoped_dir3704_8079
11/03/2014  03:30 PM    <DIR>          scoped_dir3744_5238
09/03/2014  05:03 PM    <DIR>          scoped_dir3804_16087
12/03/2014  03:18 AM    <DIR>          scoped_dir3940_12787
10/03/2014  10:14 AM    <DIR>          scoped_dir3984_21478
11/03/2014  02:54 PM    <DIR>          scoped_dir7148_30972
09/03/2014  04:55 PM               802 StructuredQuery.log
09/03/2014  11:25 AM    <DIR>          Temp1_OCZToolbox_v4.5.0.227_Windows.zip
11/03/2014  06:42 PM                 0 tmp318E.tmp
11/03/2014  06:42 PM               340 tmp318E.url
11/03/2014  06:42 PM                 0 tmp318F.tmp
11/03/2014  06:42 PM               210 tmp318F.vbs
12/03/2014  03:18 AM             1,085 TWAIN.LOG
12/03/2014  03:18 AM                 3 Twain001.Mtx
12/03/2014  03:18 AM               156 Twunk001.MTX
09/03/2014  05:44 PM                 0 Twunk002.MTX
09/03/2014  04:50 PM             1,869 wmsetup.log
12/03/2014  03:18 AM    <DIR>          WPDNSE
10/03/2014  10:00 AM    <DIR>          _av4_
10/03/2014  10:08 AM    <DIR>          _avast4_
              42 File(s)      1,787,445 bytes
              31 Dir(s)  65,192,161,280 bytes free

  • 0

#59
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey Montery, :)

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    copy %TEMP%\MSIae3b0.LOG %userprofile%\Desktop\MSILog.txt

  • This will create a text file called MSILog.txt on your desktop. Attach it here.

Then,
Download the next fixit from here, run it. This will disable Windows Installer Logging.

Hopefully we will be able to find the issue.

Gerrit
  • 0

#60
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli,

Not sure this is helpful, but here it is:

=== Verbose logging started: 12/03/2014  9:18:52  Build type: SHIP UNICODE 5.00.7601.00  Calling process: d:\f0f1f04a0b4e0caf1f\amd64\Setup.exe ===
MSI (c) (B8:B8) [09:18:52:379]: Cloaking enabled.
MSI (c) (B8:B8) [09:18:52:379]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (B8:B8) [09:18:52:380]: End dialog not enabled
MSI (c) (B8:B8) [09:18:52:380]: Original package ==> d:\f0f1f04a0b4e0caf1f\amd64\epp.msi
MSI (c) (B8:B8) [09:18:52:380]: Package we're running from ==> d:\f0f1f04a0b4e0caf1f\amd64\epp.msi
MSI (c) (B8:B8) [09:18:52:382]: APPCOMPAT: Compatibility mode property overrides found.
MSI (c) (B8:B8) [09:18:52:382]: APPCOMPAT: looking for appcompat database entry with ProductCode '{E102B843-786A-4F58-AF75-6504570E207B}'.
MSI (c) (B8:B8) [09:18:52:382]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (B8:B8) [09:18:52:383]: MSCOREE not loaded loading copy from system32
MSI (c) (B8:B8) [09:18:52:385]: APPCOMPAT: looking for appcompat database entry with ProductCode '{E102B843-786A-4F58-AF75-6504570E207B}'.
MSI (c) (B8:B8) [09:18:52:385]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (B8:B8) [09:18:52:385]: Transforms are not secure.
MSI (c) (B8:B8) [09:18:52:385]: Note: 1: 2205 2:  3: Control 
MSI (c) (B8:B8) [09:18:52:385]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Ralph\AppData\Local\Temp\MSIae3b0.LOG'.
MSI (c) (B8:B8) [09:18:52:385]: No Command Line.
MSI (c) (B8:B8) [09:18:52:385]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{C46130FB-F111-42CD-B47C-BF2DB79F4CB0}'.
MSI (c) (B8:B8) [09:18:52:385]: Product Code passed to Engine.Initialize:           '(none)'
MSI (c) (B8:B8) [09:18:52:385]: Product Code from property table before transforms: '{E102B843-786A-4F58-AF75-6504570E207B}'
MSI (c) (B8:B8) [09:18:52:385]: Product Code from property table after transforms:  '{E102B843-786A-4F58-AF75-6504570E207B}'
MSI (c) (B8:B8) [09:18:52:385]: Product not registered: beginning first-time install
MSI (c) (B8:B8) [09:18:52:385]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (c) (B8:B8) [09:18:52:385]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (B8:B8) [09:18:52:385]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (B8:B8) [09:18:52:385]: Adding new sources is allowed.
MSI (c) (B8:B8) [09:18:52:385]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (c) (B8:B8) [09:18:52:385]: Package name extracted from package path: 'epp.msi'
MSI (c) (B8:B8) [09:18:52:385]: Package to be registered: 'epp.msi'
MSI (c) (B8:B8) [09:18:52:386]: Note: 1: 2262 2: AdminProperties 3: -2147287038 
MSI (c) (B8:B8) [09:18:52:386]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (c) (B8:B8) [09:18:52:386]: TRANSFORMS property is now: 
MSI (c) (B8:B8) [09:18:52:386]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\Favorites
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\Documents
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (B8:B8) [09:18:52:386]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Local
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\Pictures
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\Users\Ralph\Desktop
MSI (c) (B8:B8) [09:18:52:387]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (B8:B8) [09:18:52:388]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (c) (B8:B8) [09:18:52:388]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16 
MSI (c) (B8:B8) [09:18:52:390]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (B8:B8) [09:18:52:390]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (c) (B8:B8) [09:18:52:390]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (c) (B8:B8) [09:18:52:390]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (B8:B8) [09:18:52:390]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 
MSI (c) (B8:B8) [09:18:52:390]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Ralph'.
MSI (c) (B8:B8) [09:18:52:390]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 
MSI (c) (B8:B8) [09:18:52:390]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'd:\f0f1f04a0b4e0caf1f\amd64\epp.msi'.
MSI (c) (B8:B8) [09:18:52:390]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'd:\f0f1f04a0b4e0caf1f\amd64\epp.msi'.
MSI (c) (B8:B8) [09:18:52:390]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (B8:B8) [09:18:52:390]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI
MSI (c) (B8:B8) [09:18:52:390]: EEUI - Disabling MsiEmbeddedUI in quiet mode
=== Logging started: 12/03/2014  9:18:52 ===
MSI (c) (B8:B8) [09:18:52:390]: Machine policy value 'DisableRollback' is 0
MSI (c) (B8:B8) [09:18:52:390]: User policy value 'DisableRollback' is 0
MSI (c) (B8:B8) [09:18:52:390]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
MSI (c) (B8:B8) [09:18:52:390]: Creating MSIHANDLE (1) of type 790537 for thread 1976
MSI (c) (B8:B8) [09:18:52:390]: MsiOpenPackageEx is returning 0
MSI (c) (B8:B8) [09:18:52:390]: Closing MSIHANDLE (1) of type 790537 for thread 1976
=== Verbose logging stopped: 12/03/2014  9:18:52 ===

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP