Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

brouser hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

brouser hijacked

Unread postby Lump » January 4th, 2009, 9:00 am

sorry just thought id better give the problem im having, have remove firefox and reloaded it. so esxcuse my spelling :? when i seach in google the links are being redirected to obscure pages. so far i have run avast and my normal anti virus stuff. i could really do with have just stuff to brouse the net and email. dont use it for much else, any help will be very gratfully recived.

new log, some one has help me this afternoon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:51, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AntispywareBot] C:\Program Files\AntispywareBot\AntispywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6185 bytes
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am
Advertisement
Register to Remove

Re: brouser hijacked

Unread postby MikeSwim07 » January 7th, 2009, 9:25 pm

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 5 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: brouser hijacked

Unread postby Lump » January 8th, 2009, 1:28 pm

many thanks for you help, turns out i have already had PayPal hacked, i would like as much as possible to be removed as i only really surf and use email

ABBYY FineReader 6.0 Sprint
Adobe Acrobat 4.0 ME
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Bonjour
Google Toolbar for Firefox
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Resizer Powertoy for Windows XP
Java(TM) 6 Update 11
Lexmark Toolbar
LG USB Modem driver
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla (1.7.13)
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.19)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
OpenOffice.org Installer 1.0
PC Connectivity Solution
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sky Broadband
Smart Link 56K Modem
Sonic MyDVD
Sonic RecordNow!
Spybot - Search & Destroy
Spyware Doctor 6.0
TeamViewer 4
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VIA/S3G Display Driver
videosoft
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Imaging Component
Windows Live installer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am

Re: brouser hijacked

Unread postby MikeSwim07 » January 10th, 2009, 2:55 pm

Sorry for the delay,

Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: brouser hijacked

Unread postby Lump » January 10th, 2009, 5:12 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by lump at 2009-01-10 21:09:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 29 GB (58%) free of 51 GB
Total RAM: 447 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:21, on 10/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lump\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\lump.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

--
End of file - 4262 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-03-10 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-03-10 688218]
"STDSB"=C:\WINDOWS\system32\drivers\STDSB.exe [2003-12-17 28672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MalwareRemovalBot"=C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe [2009-01-09 19382272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntispywareBot]
C:\Program Files\AntispywareBot\AntispywareBot.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2400 Series\ezprint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure\Common\FSM32.EXE /splash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Icon]
C:\WINDOWS\system32\drivers\Icon.exe [2005-08-23 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareRemovalBot]
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe [2009-01-09 19382272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
C:\PC-Checkup\PCCheckUp.exe -mini []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe -MINI []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-29 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA"
"C:\APPS\Powercinema\PowerCinema.exe"="C:\APPS\Powercinema\PowerCinema.exe:*:Disabled:PowerCinema"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Disabled:ActiveSync Connection Manager"
"C:\APPS\skype\phone\Skype.exe"="C:\APPS\skype\phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Defcon\defcon.exe"="C:\Program Files\Defcon\defcon.exe:*:Enabled:Defcon"
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Serif\PP80\Program\PagePlus.exe"="C:\Program Files\Serif\PP80\Program\PagePlus.exe:*:Disabled:Serif PagePlus 8"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek"
"C:\Documents and Settings\lump\Local Settings\Temp\Rar$EX00.953\StadeoTV.exe"="C:\Documents and Settings\lump\Local Settings\Temp\Rar$EX00.953\StadeoTV.exe:*:Disabled:StadeoTV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-01-10 21:02:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-01-10 18:33:06 ----SHD---- C:\Config.Msi
2009-01-10 16:57:36 ----D---- C:\Documents and Settings\lump\Application Data\F-Secure
2009-01-10 16:47:33 ----D---- C:\Program Files\F-Secure Internet Security
2009-01-10 16:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\f-secure
2009-01-10 16:12:52 ----D---- C:\Documents and Settings\lump\Application Data\MalwareRemovalBot
2009-01-10 16:12:40 ----D---- C:\Program Files\MalwareRemovalBot
2009-01-04 20:34:32 ----D---- C:\rsit
2009-01-04 20:28:41 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-04 20:28:41 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-04 20:28:41 ----A---- C:\WINDOWS\system32\java.exe
2009-01-04 20:27:50 ----A---- C:\WINDOWS\system32\RENB.tmp
2009-01-04 20:27:50 ----A---- C:\WINDOWS\system32\RENA.tmp
2009-01-04 18:47:01 ----A---- C:\WINDOWS\wininit.ini
2009-01-04 17:31:39 ----D---- C:\Documents and Settings\lump\Application Data\AntispywareBot
2009-01-04 13:49:40 ----A---- C:\WINDOWS\system32\RENDC.tmp
2009-01-04 13:49:40 ----A---- C:\WINDOWS\system32\RENDB.tmp
2009-01-04 13:19:41 ----D---- C:\Documents and Settings\lump\Application Data\TeamViewer
2009-01-04 13:19:36 ----D---- C:\Program Files\TeamViewer
2009-01-04 12:44:11 ----D---- C:\Program Files\Trend Micro
2009-01-04 12:32:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-03 22:28:44 ----D---- C:\Program Files\Common Files\Scanner
2008-12-22 20:12:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-22 05:48:20 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-22 05:48:19 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-22 05:48:19 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-21 20:19:06 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-21 20:18:35 ----D---- C:\Program Files\Windows Live
2008-12-21 20:18:00 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-20 16:37:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-11 20:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 20:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 20:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 20:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-10 21:07:37 ----D---- C:\Program Files\Mozilla Firefox
2009-01-10 21:02:42 ----D---- C:\WINDOWS\Temp
2009-01-10 21:02:32 ----A---- C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt
2009-01-10 21:02:22 ----RD---- C:\Program Files
2009-01-10 21:01:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 20:15:53 ----D---- C:\WINDOWS\Prefetch
2009-01-10 19:10:21 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-10 18:59:57 ----D---- C:\WINDOWS\occache
2009-01-10 18:51:33 ----D---- C:\Temp
2009-01-10 18:34:18 ----SHD---- C:\WINDOWS\Installer
2009-01-10 18:34:17 ----D---- C:\WINDOWS\WinSxS
2009-01-10 18:34:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-10 18:33:15 ----D---- C:\WINDOWS\system32
2009-01-10 18:33:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-10 18:32:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-10 18:32:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-10 18:31:59 ----D---- C:\WINDOWS
2009-01-10 18:27:22 ----SHD---- C:\RECYCLER
2009-01-10 18:27:22 ----D---- C:\Documents and Settings
2009-01-10 18:09:22 ----RASH---- C:\BOOT.INI
2009-01-10 18:09:22 ----A---- C:\WINDOWS\win.ini
2009-01-10 18:09:22 ----A---- C:\WINDOWS\system.ini
2009-01-10 17:44:26 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-10 17:40:25 ----HD---- C:\WINDOWS\inf
2009-01-10 17:40:17 ----D---- C:\WINDOWS\system32\drivers
2009-01-10 17:12:10 ----D---- C:\Program Files\Mozilla Thunderbird
2009-01-10 16:50:21 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-10 16:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2009-01-10 16:12:57 ----SD---- C:\WINDOWS\Tasks
2009-01-04 21:12:43 ----D---- C:\Documents and Settings\lump\Application Data\Mozilla
2009-01-04 13:48:26 ----D---- C:\Program Files\Microsoft Office
2009-01-04 13:48:25 ----D---- C:\Program Files\Common Files
2009-01-04 13:48:21 ----RSD---- C:\WINDOWS\Fonts
2009-01-04 13:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-04 13:38:42 ----D---- C:\Program Files\RegistryRepair
2009-01-04 10:31:30 ----D---- C:\WINDOWS\Debug
2009-01-04 10:31:28 ----D---- C:\WINDOWS\Minidump
2009-01-03 21:54:13 ----D---- C:\Program Files\Java
2009-01-03 21:17:24 ----D---- C:\Program Files\Lavasoft
2009-01-03 21:17:24 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-02 17:53:47 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-22 20:11:05 ----RSD---- C:\WINDOWS\assembly
2008-12-21 20:21:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 21:59:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 20:16:15 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 MTC0007_STDSB;Scroll Bar Driver; C:\WINDOWS\system32\drivers\STDSB.sys [2005-08-25 11279]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-28 449344]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-08-08 43008]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys [2005-05-10 237616]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys [2005-05-10 698848]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys [2005-05-10 13248]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-03-10 189408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-02-24 172416]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 STDSB;STDSB; C:\WINDOWS\System32\DRIVERS\STDSB.sys [2005-08-25 11279]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys [2005-06-21 1464912]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-02-23 228992]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys [2005-05-10 101328]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slmdmsr.exe [2005-05-10 61440]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am

Re: brouser hijacked

Unread postby MikeSwim07 » January 12th, 2009, 7:34 pm

Download and Run OTMoveIt3
Download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :processes
    MalwareRemovalBot.exe
    
    :files
    C:\Program Files\MalwareRemovalBot\
    C:\Documents and Settings\lump\Application Data\MalwareRemovalBot
    C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
    C:\Program Files\AntispywareBot\
    C:\Program Files\Azureus\
    C:\WINDOWS\system32\P2P Networking\
    C:\Program Files\BitTorrent_DNA\
    C:\Program Files\BitTorrent\
    C:\Program Files\Soulseek\
    C:\Documents and Settings\lump\Application Data\AntispywareBot
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MalwareRemovalBot"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntispywareBot]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareRemovalBot]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Azureus\Azureus.exe"=-
    "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"=-
    "C:\Program Files\BitTorrent_DNA\dna.exe"=-
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    "C:\Program Files\Soulseek\slsk.exe"=-
    
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please post the OTMoveIt3 log and a new Hijackthis Log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: brouser hijacked

Unread postby Lump » January 13th, 2009, 2:17 pm

not 100% sure i have given you the right log, there wasnt one named as you said ?


=== Verbose logging started: 24/11/2006 06:48:27 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (48:38) [06:48:27:734]: Resetting cached policy values
MSI (c) (48:38) [06:48:27:734]: Machine policy value 'Debug' is 0
MSI (c) (48:38) [06:48:27:734]: ******* RunEngine:
******* Product: c:\a9fbea324ee3931108bc\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (48:38) [06:48:27:750]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (48:38) [06:48:27:781]: Grabbed execution mutex.
MSI (c) (48:38) [06:48:28:078]: Cloaking enabled.
MSI (c) (48:38) [06:48:28:078]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (48:38) [06:48:28:093]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (84:00) [06:48:28:265]: Grabbed execution mutex.
MSI (s) (84:20) [06:48:28:265]: Resetting cached policy values
MSI (s) (84:20) [06:48:28:265]: Machine policy value 'Debug' is 0
MSI (s) (84:20) [06:48:28:265]: ******* RunEngine:
******* Product: c:\a9fbea324ee3931108bc\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (84:20) [06:48:28:671]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (84:20) [06:48:29:015]: File will have security applied from OpCode.
MSI (s) (84:20) [06:48:29:203]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\a9fbea324ee3931108bc\msxml.msi' against software restriction policy
MSI (s) (84:20) [06:48:29:203]: SOFTWARE RESTRICTION POLICY: c:\a9fbea324ee3931108bc\msxml.msi has a digital signature
MSI (s) (84:20) [06:48:33:093]: SOFTWARE RESTRICTION POLICY: c:\a9fbea324ee3931108bc\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (84:20) [06:48:33:140]: End dialog not enabled
MSI (s) (84:20) [06:48:33:140]: Original package ==> c:\a9fbea324ee3931108bc\msxml.msi
MSI (s) (84:20) [06:48:33:140]: Package we're running from ==> c:\WINDOWS\Installer\3a8a36b.msi
MSI (s) (84:20) [06:48:33:343]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (84:20) [06:48:33:375]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (84:20) [06:48:33:484]: MSCOREE not loaded loading copy from system32
MSI (s) (84:20) [06:48:33:968]: Machine policy value 'TransformsSecure' is 0
MSI (s) (84:20) [06:48:34:000]: User policy value 'TransformsAtSource' is 0
MSI (s) (84:20) [06:48:34:046]: Machine policy value 'DisablePatch' is 0
MSI (s) (84:20) [06:48:34:046]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (84:20) [06:48:34:046]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (84:20) [06:48:34:062]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (84:20) [06:48:34:093]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (84:20) [06:48:34:093]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (84:20) [06:48:34:093]: Transforms are not secure.
MSI (s) (84:20) [06:48:34:093]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\a9fbea324ee3931108bc CLIENTUILEVEL=3 CLIENTPROCESSID=1096
MSI (s) (84:20) [06:48:34:093]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (84:20) [06:48:34:093]: Product Code passed to Engine.Initialize: ''
MSI (s) (84:20) [06:48:34:093]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (84:20) [06:48:34:093]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (84:20) [06:48:34:093]: Product not registered: beginning first-time install
MSI (s) (84:20) [06:48:34:093]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (84:20) [06:48:34:093]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (84:20) [06:48:34:093]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (84:20) [06:48:34:125]: Adding new sources is allowed.
MSI (s) (84:20) [06:48:34:125]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (84:20) [06:48:34:125]: Package name extracted from package path: 'msxml.msi'
MSI (s) (84:20) [06:48:34:125]: Package to be registered: 'msxml.msi'
MSI (s) (84:20) [06:48:34:125]: Note: 1: 2729
MSI (s) (84:20) [06:48:34:218]: Note: 1: 2729
MSI (s) (84:20) [06:48:34:234]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (84:20) [06:48:34:234]: Machine policy value 'DisableMsi' is 0
MSI (s) (84:20) [06:48:34:234]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (84:20) [06:48:34:234]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (84:20) [06:48:34:234]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (84:20) [06:48:34:234]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (84:20) [06:48:34:234]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (84:20) [06:48:34:234]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\a9fbea324ee3931108bc'.
MSI (s) (84:20) [06:48:34:234]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (84:20) [06:48:34:234]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '1096'.
MSI (s) (84:20) [06:48:34:234]: TRANSFORMS property is now:
MSI (s) (84:20) [06:48:34:234]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (84:20) [06:48:34:328]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (84:20) [06:48:34:343]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (84:20) [06:48:34:578]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (84:20) [06:48:34:718]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (84:20) [06:48:34:734]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (84:20) [06:48:34:734]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (s) (84:20) [06:48:34:906]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (84:20) [06:48:34:906]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (84:20) [06:48:34:906]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (84:20) [06:48:34:906]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'lump'.
MSI (s) (84:20) [06:48:34:906]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (84:20) [06:48:34:906]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\3a8a36b.msi'.
MSI (s) (84:20) [06:48:34:906]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\a9fbea324ee3931108bc\msxml.msi'.
MSI (s) (84:20) [06:48:34:906]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (84:20) [06:48:34:906]: Machine policy value 'DisableRollback' is 0
MSI (s) (84:20) [06:48:34:906]: User policy value 'DisableRollback' is 0
MSI (s) (84:20) [06:48:34:906]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 24/11/2006 06:48:34 ===
MSI (s) (84:20) [06:48:34:906]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (84:20) [06:48:34:906]: Doing action: INSTALL
MSI (s) (84:20) [06:48:34:937]: Running ExecuteSequence
MSI (s) (84:20) [06:48:34:953]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 06:48:34: INSTALL.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Desktop\'.
Action start 06:48:34: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (84:20) [06:48:34:953]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 06:48:34: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'.
Action start 06:48:34: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (84:20) [06:48:34:953]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 06:48:34: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 06:48:34: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (84:20) [06:48:34:953]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 06:48:34: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 06:48:34: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (84:20) [06:48:34:953]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 06:48:34: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 06:48:34: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (84:20) [06:48:34:953]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 06:48:34: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 06:48:34: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (84:20) [06:48:34:953]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 06:48:34: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 06:48:34: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (84:20) [06:48:34:953]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 06:48:34: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 06:48:34: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (84:20) [06:48:34:953]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB
Action ended 06:48:34: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (84:20) [06:48:34:953]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\WINDOWS\system32\'.
Action start 06:48:34: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
MSI (s) (84:20) [06:48:34:953]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1
Action ended 06:48:34: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.
MSI (s) (84:20) [06:48:34:968]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\WINDOWS\system32\'.
Action start 06:48:34: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
MSI (s) (84:20) [06:48:34:968]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7
Action ended 06:48:34: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.
MSI (s) (84:20) [06:48:34:968]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\WINDOWS\system32\'.
Action start 06:48:34: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
MSI (s) (84:20) [06:48:34:968]: Doing action: LaunchConditions
Action ended 06:48:34: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.
Action start 06:48:34: LaunchConditions.
MSI (s) (84:20) [06:48:34:968]: Doing action: FindRelatedProducts
Action ended 06:48:34: LaunchConditions. Return value 1.
Action start 06:48:34: FindRelatedProducts.
MSI (s) (84:20) [06:48:34:968]: Doing action: AppSearch
Action ended 06:48:34: FindRelatedProducts. Return value 1.
Action start 06:48:34: AppSearch.
MSI (s) (84:20) [06:48:34:984]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (84:20) [06:48:35:078]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.
MSI (s) (84:20) [06:48:35:078]: Skipping action: CCPSearch (condition is false)
MSI (s) (84:20) [06:48:35:078]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (84:20) [06:48:35:078]: Doing action: ValidateProductID
Action ended 06:48:35: AppSearch. Return value 1.
Action start 06:48:35: ValidateProductID.
MSI (s) (84:20) [06:48:35:078]: Doing action: CostInitialize
Action ended 06:48:35: ValidateProductID. Return value 1.
MSI (s) (84:20) [06:48:35:078]: Machine policy value 'MaxPatchCacheSize' is 10
Action start 06:48:35: CostInitialize.
MSI (s) (84:20) [06:48:35:171]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.
MSI (s) (84:20) [06:48:35:171]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (84:20) [06:48:35:171]: Note: 1: 2205 2: 3: Patch
MSI (s) (84:20) [06:48:35:171]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (84:20) [06:48:35:171]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (84:20) [06:48:35:171]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (84:20) [06:48:35:171]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (84:20) [06:48:35:171]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (84:20) [06:48:35:171]: Doing action: FileCost
Action ended 06:48:35: CostInitialize. Return value 1.
MSI (s) (84:20) [06:48:35:203]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 06:48:35: FileCost.
MSI (s) (84:20) [06:48:35:203]: Doing action: CostFinalize
Action ended 06:48:35: FileCost. Return value 1.
MSI (s) (84:20) [06:48:35:203]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (84:20) [06:48:35:203]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (84:20) [06:48:35:203]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (84:20) [06:48:35:203]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (84:20) [06:48:35:203]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (84:20) [06:48:35:203]: Note: 1: 2205 2: 3: Patch
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying CommonFilesFolder property. Its current value is 'C:\Program Files\Common Files\'. Its new value: 'c:\Program Files\Common Files\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\MSDN\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying DesktopFolder property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files\'. Its new value: 'c:\Program Files\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding MSXML property. Its value is 'c:\Program Files\MSXML 4.0\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding INC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\inc\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding LIB.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\lib\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding DOC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\doc\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'. Its new value: 'c:\Documents and Settings\All Users\Start Menu\Programs\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Adding MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\'.
MSI (s) (84:20) [06:48:35:250]: PROPERTY CHANGE: Modifying DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (84:20) [06:48:35:250]: Target path resolution complete. Dumping Directory table...
MSI (s) (84:20) [06:48:35:250]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: TARGETDIR , Object: c:\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WindowsFolder , Object: c:\WINDOWS\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: CommonFilesFolder , Object: c:\Program Files\Common Files\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\MSDN\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\WINDOWS\system32\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\WINDOWS\system32\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\WINDOWS\system32\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: DesktopFolder , Object: c:\Documents and Settings\All Users\Desktop\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: MSXML , Object: c:\Program Files\MSXML 4.0\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\inc\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\lib\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\doc\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\
MSI (s) (84:20) [06:48:35:250]: Dir (target): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Desktop\
Action start 06:48:35: CostFinalize.
MSI (s) (84:20) [06:48:36:093]: Doing action: SetODBCFolders
Action ended 06:48:36: CostFinalize. Return value 1.
MSI (s) (84:20) [06:48:36:093]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (84:20) [06:48:36:093]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCDriver`, `Component` WHERE `ODBCDriver`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
MSI (s) (84:20) [06:48:36:093]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (84:20) [06:48:36:093]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCTranslator`, `Component` WHERE `ODBCTranslator`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
Action start 06:48:36: SetODBCFolders.
MSI (s) (84:20) [06:48:36:093]: Doing action: MigrateFeatureStates
Action ended 06:48:36: SetODBCFolders. Return value 0.
Action start 06:48:36: MigrateFeatureStates.
MSI (s) (84:20) [06:48:36:093]: Doing action: InstallValidate
Action ended 06:48:36: MigrateFeatureStates. Return value 0.
MSI (s) (84:20) [06:48:36:109]: Feature: MSXML; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Feature: MSXMLSYS; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Feature: MSXMLSUPP; Installed: Absent; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:109]: Feature: MSXMLSUPP2; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Feature: MSXMLSXS; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Feature: XMLSDK; Installed: Absent; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: RememberInstallFolder; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: QKBKEY; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: MSXML4_SystemRes.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: MSXML4_ANSI.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: WINHTTP50_COMPONENT.781A0624_31FF_4712_BFFD_31C829FFDBF1; Installed: Absent; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: PROXYCFG_COMPONENT.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB; Installed: Absent; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:109]: Component: XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: XMLSDK_LIB.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: XMLSDK_INC.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC59; Installed: Absent; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: __uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:109]: Component: __uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:125]: Component: __uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (84:20) [06:48:36:125]: Component: __QKBKEY65; Installed: Null; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:125]: Component: __MSXML4_System.246EB7AD_459A_4FA8_83D1_4165; Installed: Null; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:125]: Component: __downlevel_payload.7B2FCEFF_0F22_B7E1_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:125]: Component: __downlevel_manifest.7B2FCEFF_0F22_B7E1_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:125]: Component: __downlevel_payload.DA6654F6_456F_3658_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:125]: Component: __downlevel_manifest.DA6654F6_456F_3658_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:125]: Component: __downlevel_manifest.0E9F98FC_A692_A6DF_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (84:20) [06:48:36:125]: Component: __CookDoc_dll.3FB7DAB3_19E7_40A0_8730_448265; Installed: Null; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:125]: Component: __XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596565; Installed: Null; Request: Null; Action: Null
MSI (s) (84:20) [06:48:36:125]: Note: 1: 2205 2: 3: BindImage
MSI (s) (84:20) [06:48:36:125]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (84:20) [06:48:36:125]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:125]: Note: 1: 2205 2: 3: Font
Action start 06:48:36: InstallValidate.
MSI (s) (84:20) [06:48:36:140]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2205 2: 3: BindImage
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2205 2: 3: Font
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2727 2:
MSI (s) (84:20) [06:48:36:156]: Note: 1: 2727 2:
MSI (s) (84:20) [06:48:36:156]: Doing action: InstallInitialize
Action ended 06:48:36: InstallValidate. Return value 1.
MSI (s) (84:20) [06:48:36:156]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (84:20) [06:48:36:156]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (84:20) [06:48:36:156]: BeginTransaction: Locking Server
MSI (s) (84:20) [06:48:36:171]: SRSetRestorePoint skipped for this transaction.
MSI (s) (84:20) [06:48:36:171]: Server not locked: locking for product {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Action start 06:48:36: InstallInitialize.
MSI (s) (84:20) [06:48:38:421]: Doing action: SxsInstallCA
Action ended 06:48:38: InstallInitialize. Return value 1.
MSI (s) (84:AC) [06:48:38:484]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI4F.tmp, Entrypoint: CustomAction_SxsMsmInstall
MSI (s) (84:44) [06:48:38:671]: Generating random cookie.
MSI (s) (84:44) [06:48:38:734]: Created Custom Action Server with PID 2004 (0x7D4).
MSI (s) (84:5C) [06:48:38:781]: Running as a service.
MSI (s) (84:5C) [06:48:38:781]: Hello, I'm your 32bit Elevated custom action server.
Action start 06:48:38: SxsInstallCA.
1: sxsdelca 2: traceop 3: 1256 4: 0
1: sxsdelca 2: traceop 3: 1257 4: 0
1: sxsdelca 2: traceop 3: 1258 4: 0
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 1306 4: 0
1: sxsdelca 2: traceop 3: 1307 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 259
1: sxsdelca 2: SxsMsmInstall completed 3: 0 4: 0
MSI (s) (84:20) [06:48:39:203]: Doing action: AllocateRegistrySpace
Action ended 06:48:39: SxsInstallCA. Return value 1.
Action start 06:48:39: AllocateRegistrySpace.
MSI (s) (84:20) [06:48:39:234]: Doing action: ProcessComponents
Action ended 06:48:39: AllocateRegistrySpace. Return value 1.
MSI (s) (84:20) [06:48:39:265]: Note: 1: 2205 2: 3: MsiPatchCertificate
MSI (s) (84:20) [06:48:39:265]: LUA patching is disabled: missing MsiPatchCertificate table
MSI (s) (84:20) [06:48:39:265]: Resolving source.
MSI (s) (84:20) [06:48:39:265]: Resolving source to launched-from source.
MSI (s) (84:20) [06:48:39:265]: Setting launched-from source as last-used.
MSI (s) (84:20) [06:48:39:265]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\a9fbea324ee3931108bc\'.
MSI (s) (84:20) [06:48:39:265]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\a9fbea324ee3931108bc\'.
MSI (s) (84:20) [06:48:39:265]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (84:20) [06:48:39:265]: SOURCEDIR ==> c:\a9fbea324ee3931108bc\
MSI (s) (84:20) [06:48:39:265]: SOURCEDIR product ==> {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSI (s) (84:20) [06:48:39:265]: Determining source type
MSI (s) (84:20) [06:48:39:265]: Source type from package 'msxml.msi': 2
Action start 06:48:39: ProcessComponents.
MSI (s) (84:20) [06:48:39:265]: Source path resolution complete. Dumping Directory table...
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: TARGETDIR , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WindowsFolder , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: CommonFilesFolder , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Microsoft Shared\ , ShortSubPath: MICROS~1\
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Microsoft Shared\MSDN\ , ShortSubPath: MICROS~1\MSDN\
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\k0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\h0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Policies\i0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\j0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\8n0mtfut.k85\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Policies\6n0mtfut.k85\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\5n0mtfut.k85\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\7n0mtfut.k85\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\wl34x2va.rt8\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Policies\ul34x2va.rt8\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\tl34x2va.rt8\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: Windows\winsxs\vl34x2va.rt8\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: System\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: DesktopFolder , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: ProgramFilesFolder , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: MSXML , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: redist\inc\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: redist\lib\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: redist\doc\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: redist\MSXML 4.0\ , ShortSubPath: redist\MSXML4\
MSI (s) (84:20) [06:48:39:265]: Dir (source): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\a9fbea324ee3931108bc\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (84:20) [06:48:39:281]: Doing action: UnpublishComponents
Action ended 06:48:39: ProcessComponents. Return value 1.
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2262 2: PublishComponent 3: -2147287038
Action start 06:48:39: UnpublishComponents.
MSI (s) (84:20) [06:48:39:281]: Doing action: MsiUnpublishAssemblies
Action ended 06:48:39: UnpublishComponents. Return value 1.
Action start 06:48:39: MsiUnpublishAssemblies.
MSI (s) (84:20) [06:48:39:281]: Doing action: UnpublishFeatures
Action ended 06:48:39: MsiUnpublishAssemblies. Return value 1.
Action start 06:48:39: UnpublishFeatures.
MSI (s) (84:20) [06:48:39:281]: Doing action: StopServices
Action ended 06:48:39: UnpublishFeatures. Return value 1.
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 06:48:39: StopServices.
MSI (s) (84:20) [06:48:39:281]: Doing action: DeleteServices
Action ended 06:48:39: StopServices. Return value 1.
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 06:48:39: DeleteServices.
MSI (s) (84:20) [06:48:39:281]: Doing action: UnregisterComPlus
Action ended 06:48:39: DeleteServices. Return value 1.
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: Complus
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND `Action` = 0
Action start 06:48:39: UnregisterComPlus.
MSI (s) (84:20) [06:48:39:281]: Doing action: SelfUnregModules
Action ended 06:48:39: UnregisterComPlus. Return value 0.
Action start 06:48:39: SelfUnregModules.
MSI (s) (84:20) [06:48:39:281]: Doing action: UnregisterTypeLibraries
Action ended 06:48:39: SelfUnregModules. Return value 1.
Action start 06:48:39: UnregisterTypeLibraries.
MSI (s) (84:20) [06:48:39:281]: Doing action: RemoveODBC
Action ended 06:48:39: UnregisterTypeLibraries. Return value 1.
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2711 2: ODBCDriverManager
Action start 06:48:39: RemoveODBC.
MSI (s) (84:20) [06:48:39:281]: Note: 1: 2711 2: ODBCDriverManager64
MSI (s) (84:20) [06:48:39:281]: Doing action: UnregisterFonts
Action ended 06:48:39: RemoveODBC. Return value 1.
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2205 2: 3: Font
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2228 2: 3: Font 4: SELECT `FontTitle`, `FileName`, `Directory_`, `Installed`From `Font`, `FileAction` Where `Font`.`File_` = `FileAction`.`File` And `FileAction`.`Action` = 0 ORDER BY `FileAction`.`Directory_`
Action start 06:48:39: UnregisterFonts.
MSI (s) (84:20) [06:48:39:296]: Doing action: RemoveRegistryValues
Action ended 06:48:39: UnregisterFonts. Return value 1.
Action start 06:48:39: RemoveRegistryValues.
MSI (s) (84:20) [06:48:39:296]: Doing action: UnregisterClassInfo
Action ended 06:48:39: RemoveRegistryValues. Return value 1.
Action start 06:48:39: UnregisterClassInfo.
MSI (s) (84:20) [06:48:39:296]: Doing action: UnregisterExtensionInfo
Action ended 06:48:39: UnregisterClassInfo. Return value 1.
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 06:48:39: UnregisterExtensionInfo.
MSI (s) (84:20) [06:48:39:296]: Doing action: UnregisterProgIdInfo
Action ended 06:48:39: UnregisterExtensionInfo. Return value 1.
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 06:48:39: UnregisterProgIdInfo.
MSI (s) (84:20) [06:48:39:296]: Doing action: UnregisterMIMEInfo
Action ended 06:48:39: UnregisterProgIdInfo. Return value 1.
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2262 2: MIME 3: -2147287038
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 06:48:39: UnregisterMIMEInfo.
MSI (s) (84:20) [06:48:39:296]: Doing action: RemoveIniValues
Action ended 06:48:39: UnregisterMIMEInfo. Return value 1.
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2205 2: 3: IniFile
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2228 2: 3: IniFile 4: SELECT `FileName`,`IniFile`.`DirProperty`,`Section`,`IniFile`.`Key`,`IniFile`.`Value`,`IniFile`.`Action` FROM `IniFile`, `Component` WHERE `Component`=`Component_` AND `Component`.`Action`=0 ORDER BY `FileName`,`Section`
Action start 06:48:39: RemoveIniValues.
MSI (s) (84:20) [06:48:39:296]: Doing action: RemoveShortcuts
Action ended 06:48:39: RemoveIniValues. Return value 1.
Action start 06:48:39: RemoveShortcuts.
MSI (s) (84:20) [06:48:39:296]: Doing action: RemoveEnvironmentStrings
Action ended 06:48:39: RemoveShortcuts. Return value 1.
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2205 2: 3: Environment
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2228 2: 3: Environment 4: SELECT `Name`,`Value` FROM `Environment`,`Component` WHERE `Component_`=`Component` AND (`Component`.`Action` = 0)
Action start 06:48:39: RemoveEnvironmentStrings.
MSI (s) (84:20) [06:48:39:296]: Doing action: RemoveDuplicateFiles
Action ended 06:48:39: RemoveEnvironmentStrings. Return value 1.
Action start 06:48:39: RemoveDuplicateFiles.
MSI (s) (84:20) [06:48:39:296]: Doing action: RemoveFiles
Action ended 06:48:39: RemoveDuplicateFiles. Return value 1.
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2205 2: 3: RemoveFile
MSI (s) (84:20) [06:48:39:296]: Note: 1: 2205 2: 3: RemoveFile
Action start 06:48:39: RemoveFiles.
MSI (s) (84:20) [06:48:39:296]: Doing action: RemoveFolders
Action ended 06:48:39: RemoveFiles. Return value 0.
Action start 06:48:39: RemoveFolders.
MSI (s) (84:20) [06:48:39:296]: Doing action: CreateFolders
Action ended 06:48:39: RemoveFolders. Return value 1.
Action start 06:48:39: CreateFolders.
MSI (s) (84:20) [06:48:39:296]: Doing action: MoveFiles
Action ended 06:48:39: CreateFolders. Return value 1.
Action start 06:48:39: MoveFiles.
MSI (s) (84:20) [06:48:39:296]: Doing action: InstallFiles
Action ended 06:48:39: MoveFiles. Return value 1.
Action start 06:48:39: InstallFiles.
MSI (s) (84:20) [06:48:39:312]: Note: 1: 2205 2: 3: Patch
MSI (s) (84:20) [06:48:39:312]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? AND `Patch`.`#_MsiActive`=? ORDER BY `Patch`.`Sequence`
MSI (s) (84:20) [06:48:39:312]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (84:20) [06:48:39:312]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ?
MSI (s) (84:20) [06:48:39:312]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (84:20) [06:48:39:312]: Doing action: PatchFiles
Action ended 06:48:39: InstallFiles. Return value 1.
MSI (s) (84:20) [06:48:39:312]: Note: 1: 2205 2: 3: Patch
MSI (s) (84:20) [06:48:39:312]: Note: 1: 2228 2: 3: Patch 4: SELECT `File`,`FileName`,`FileSize`,`Directory_`,`PatchSize`,`File`.`Attributes`,`Patch`.`Attributes`,`Patch`.`Sequence`,`Component`.`Component`,`Component`.`ComponentId` FROM `File`,`Component`,`Patch` WHERE `Patch`.`#_MsiActive`=? AND `File`=`File_` AND `Component`=`Component_` ORDER BY `Patch`.`Sequence`
Action start 06:48:39: PatchFiles.
MSI (s) (84:20) [06:48:39:312]: Doing action: DuplicateFiles
Action ended 06:48:39: PatchFiles. Return value 0.
Action start 06:48:39: DuplicateFiles.
MSI (s) (84:20) [06:48:39:328]: Doing action: BindImage
Action ended 06:48:39: DuplicateFiles. Return value 1.
Action start 06:48:39: BindImage.
MSI (s) (84:20) [06:48:39:328]: Doing action: CreateShortcuts
Action ended 06:48:39: BindImage. Return value 1.
Action start 06:48:39: CreateShortcuts.
MSI (s) (84:20) [06:48:39:328]: Doing action: RegisterClassInfo
Action ended 06:48:39: CreateShortcuts. Return value 1.
Action start 06:48:39: RegisterClassInfo.
MSI (s) (84:20) [06:48:39:343]: Doing action: RegisterExtensionInfo
Action ended 06:48:39: RegisterClassInfo. Return value 1.
MSI (s) (84:20) [06:48:39:343]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 06:48:39: RegisterExtensionInfo.
MSI (s) (84:20) [06:48:39:343]: Doing action: RegisterProgIdInfo
Action ended 06:48:39: RegisterExtensionInfo. Return value 1.
MSI (s) (84:20) [06:48:39:343]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 06:48:39: RegisterProgIdInfo.
MSI (s) (84:20) [06:48:39:343]: Doing action: RegisterMIMEInfo
Action ended 06:48:39: RegisterProgIdInfo. Return value 1.
MSI (s) (84:20) [06:48:39:343]: Note: 1: 2262 2: MIME 3: -2147287038
MSI (s) (84:20) [06:48:39:343]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 06:48:39: RegisterMIMEInfo.
MSI (s) (84:20) [06:48:39:343]: Doing action: WriteRegistryValues
Action ended 06:48:39: RegisterMIMEInfo. Return value 1.
Action start 06:48:39: WriteRegistryValues.
MSI (s) (84:20) [06:48:39:359]: Doing action: WriteIniValues
Action ended 06:48:39: WriteRegistryValues. Return value 1.
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: IniFile
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: IniFile 4: SELECT `FileName`,`IniFile`.`DirProperty`,`Section`,`IniFile`.`Key`,`IniFile`.`Value`,`IniFile`.`Action` FROM `IniFile`, `Component` WHERE `Component`=`Component_` AND (`Component`.`Action`=1 OR `Component`.`Action`=2) ORDER BY `FileName`,`Section`
Action start 06:48:39: WriteIniValues.
MSI (s) (84:20) [06:48:39:375]: Doing action: WriteEnvironmentStrings
Action ended 06:48:39: WriteIniValues. Return value 1.
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: Environment
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: Environment 4: SELECT `Name`,`Value` FROM `Environment`,`Component` WHERE `Component_`=`Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2)
Action start 06:48:39: WriteEnvironmentStrings.
MSI (s) (84:20) [06:48:39:375]: Doing action: RegisterFonts
Action ended 06:48:39: WriteEnvironmentStrings. Return value 1.
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: Font
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: Font 4: SELECT `FontTitle`, `FileName`, `Directory_`, `Action` From `Font`, `FileAction` Where `Font`.`File_` = `FileAction`.`File` And (`FileAction`.`Action` = 1 Or `FileAction`.`Action` = 2) ORDER BY `FileAction`.`Directory_`
Action start 06:48:39: RegisterFonts.
MSI (s) (84:20) [06:48:39:375]: Doing action: InstallODBC
Action ended 06:48:39: RegisterFonts. Return value 1.
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2711 2: ODBCDriverManager
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2711 2: ODBCDriverManager64
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCDriver`, `File`, `Component` WHERE `File_` = `File` AND `ODBCDriver`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCDriver`, `File`, `Component` WHERE `File_` = `File` AND `ODBCDriver`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCTranslator`, `File`, `Component` WHERE `File_` = `File` AND `ODBCTranslator`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCTranslator`, `File`, `Component` WHERE `File_` = `File` AND `ODBCTranslator`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2) AND `BinaryType` = ?
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2) AND `BinaryType` = ?
Action start 06:48:39: InstallODBC.
MSI (s) (84:20) [06:48:39:375]: Doing action: RegisterTypeLibraries
Action ended 06:48:39: InstallODBC. Return value 0.
Action start 06:48:39: RegisterTypeLibraries.
MSI (s) (84:20) [06:48:39:375]: Doing action: SelfRegModules
Action ended 06:48:39: RegisterTypeLibraries. Return value 1.
Action start 06:48:39: SelfRegModules.
MSI (s) (84:20) [06:48:39:375]: Doing action: RegisterComPlus
Action ended 06:48:39: SelfRegModules. Return value 1.
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: Complus
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND (`Action` = 1 OR `Action` = 2)
Action start 06:48:39: RegisterComPlus.
MSI (s) (84:20) [06:48:39:375]: Doing action: InstallServices
Action ended 06:48:39: RegisterComPlus. Return value 0.
MSI (s) (84:20) [06:48:39:375]: Detected older ServiceInstall table schema
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ServiceInstall
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ServiceInstall 4: SELECT `Name`,`DisplayName`,`ServiceType`,`StartType`,`ErrorControl`,`LoadOrderGroup`,`Dependencies`,`StartName`,`Password`,`ComponentId`,`Directory_`,`FileName`,`Arguments` FROM `ServiceInstall`, `Component`, `File` WHERE `ServiceInstall`.`Component_` = `Component`.`Component` AND (`Component`.`KeyPath` = `File`.`File`) AND (`Action` = 1 OR `Action` = 2)
Action start 06:48:39: InstallServices.
MSI (s) (84:20) [06:48:39:375]: Doing action: StartServices
Action ended 06:48:39: InstallServices. Return value 1.
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 06:48:39: StartServices.
MSI (s) (84:20) [06:48:39:375]: Doing action: RegisterUser
Action ended 06:48:39: StartServices. Return value 1.
Action start 06:48:39: RegisterUser.
MSI (s) (84:20) [06:48:39:375]: Doing action: RegisterProduct
Action ended 06:48:39: RegisterUser. Return value 1.
Action start 06:48:39: RegisterProduct.
MSI (s) (84:20) [06:48:39:375]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (s) (84:20) [06:48:39:375]: Doing action: PublishComponents
Action ended 06:48:39: RegisterProduct. Return value 1.
MSI (s) (84:20) [06:48:39:375]: Note: 1: 2262 2: PublishComponent 3: -2147287038
Action start 06:48:39: PublishComponents.
MSI (s) (84:20) [06:48:39:375]: Doing action: MsiPublishAssemblies
Action ended 06:48:39: PublishComponents. Return value 1.
Action start 06:48:39: MsiPublishAssemblies.
MSI (s) (84:20) [06:48:39:390]: Doing action: PublishFeatures
Action ended 06:48:39: MsiPublishAssemblies. Return value 1.
Action start 06:48:39: PublishFeatures.
MSI (s) (84:20) [06:48:39:390]: Doing action: PublishProduct
Action ended 06:48:39: PublishFeatures. Return value 1.
Action start 06:48:39: PublishProduct.
MSI (s) (84:20) [06:48:39:421]: Doing action: InstallFinalize
Action ended 06:48:39: PublishProduct. Return value 1.
MSI (s) (84:20) [06:48:39:421]: Running Script: C:\WINDOWS\Installer\MSI50.tmp
MSI (s) (84:20) [06:48:39:421]: PROPERTY CHANGE: Adding UpdateStarted property. Its value is '1'.
MSI (s) (84:20) [06:48:39:468]: Machine policy value 'DisableRollback' is 0
MSI (s) (84:20) [06:48:39:468]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (84:20) [06:48:39:500]: Executing op: Header(Signature=1397708873,Version=301,Timestamp=897070612,LangId=1033,Platform=0,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
Action start 06:48:39: InstallFinalize.
MSI (s) (84:20) [06:48:39:500]: Executing op: ProductInfo(ProductKey={37477865-A3F1-4772-AD43-AAFC6BCFF99F},ProductName=MSXML 4.0 SP2 (KB927978),PackageName=msxml.msi,Language=1033,Version=68429425,Assignment=1,ObsoleteArg=0,,,PackageCode={2B27DCD9-53FA-4885-B6CD-698623819F4C},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0)
MSI (s) (84:20) [06:48:39:562]: Executing op: DialogInfo(Type=0,Argument=1033)
MSI (s) (84:20) [06:48:39:562]: Executing op: DialogInfo(Type=1,Argument=MSXML 4.0 SP2 (KB927978))
MSI (s) (84:20) [06:48:39:562]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
MSI (s) (84:20) [06:48:39:562]: Executing op: SetBaseline(Baseline=0,)
MSI (s) (84:20) [06:48:39:562]: Executing op: SetBaseline(Baseline=1,)
MSI (s) (84:20) [06:48:39:562]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,)
MSI (s) (84:20) [06:48:39:562]: Executing op: ProgressTotal(Total=5,Type=1,ByteEquivalent=24000)
MSI (s) (84:20) [06:48:39:562]: Executing op: ComponentUnregister(ComponentId={E9BC82F6-AC0E-407C-8666-619D6D60DF2B},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (84:20) [06:48:39:562]: Note: 1: 1402 2: UNKNOWN\Components\6F28CB9EE0CAC704686616D9D606FDB2 3: 2
MSI (s) (84:20) [06:48:39:562]: Note: 1: 1402 2: UNKNOWN\Components\6F28CB9EE0CAC704686616D9D606FDB2 3: 2
MSI (s) (84:20) [06:48:39:562]: Executing op: ComponentUnregister(ComponentId={81754FFD-DA2B-49C6-9447-E1C1E1733BB6},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (84:20) [06:48:39:562]: Note: 1: 1402 2: UNKNOWN\Components\DFF45718B2AD6C9449741E1C1E37B36B 3: 2
MSI (s) (84:20) [06:48:39:562]: Note: 1: 1402 2: UNKNOWN\Components\DFF45718B2AD6C9449741E1C1E37B36B 3: 2
MSI (s) (84:20) [06:48:39:562]: Executing op: ComponentUnregister(ComponentId={5E6714E1-EA46-4B0F-B479-06D87058DC74},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (84:20) [06:48:39:640]: Note: 1: 1402 2: UNKNOWN\Components\1E4176E564AEF0B44B97608D0785CD47 3: 2
MSI (s) (84:20) [06:48:39:640]: Note: 1: 1402 2: UNKNOWN\Components\1E4176E564AEF0B44B97608D0785CD47 3: 2
MSI (s) (84:20) [06:48:39:640]: Executing op: ComponentUnregister(ComponentId={57E0F99D-E884-4BD0-B8CB-803CF9EA2066},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (84:20) [06:48:39:640]: Note: 1: 1402 2: UNKNOWN\Components\D99F0E75488E0DB48BBC08C39FAE0266 3: 2
MSI (s) (84:20) [06:48:39:640]: Note: 1: 1402 2: UNKNOWN\Components\D99F0E75488E0DB48BBC08C39FAE0266 3: 2
MSI (s) (84:20) [06:48:39:640]: Executing op: ComponentUnregister(ComponentId={C763CD13-6E1E-4166-8C78-D274B266E9B6},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (84:20) [06:48:39:640]: Note: 1: 1402 2: UNKNOWN\Components\31DC367CE1E66614C8872D472B669E6B 3: 2
MSI (s) (84:20) [06:48:39:640]: Note: 1: 1402 2: UNKNOWN\Components\31DC367CE1E66614C8872D472B669E6B 3: 2
MSI (s) (84:20) [06:48:39:640]: Executing op: ProgressTotal(Total=14,Type=1,ByteEquivalent=24000)
MSI (s) (84:20) [06:48:39:640]: Executing op: ComponentRegister(ComponentId={4075CDF6-D88F-4F57-AF1A-29A124755695},KeyPath=c:\Program Files\MSXML 4.0\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:39:750]: Executing op: ComponentRegister(ComponentId={D21D9CCD-C3FA-4D72-982F-C29A2DE361EC},KeyPath=02:\Software\Microsoft\Updates\MSXML4SP2\Q927978\Description,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:39:781]: Executing op: ComponentRegister(ComponentId={4B1F71A7-50C6-44B7-A3AD-B6C3574BB896},KeyPath=c:\WINDOWS\system32\msxml4.dll,State=3,,Disk=1,SharedDllRefCount=3,BinaryType=0)
MSI (s) (84:20) [06:48:40:093]: Executing op: ComponentRegister(ComponentId={62846705-2671-4547-AB45-854DCC93B3C7},KeyPath=c:\WINDOWS\system32\msxml4r.dll,State=3,,Disk=1,SharedDllRefCount=3,BinaryType=0)
MSI (s) (84:20) [06:48:40:093]: Executing op: ComponentRegister(ComponentId={3AAE95CD-F592-46E7-89A1-9B56717C4413},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:109]: Executing op: ComponentRegister(ComponentId={CCF8B6EF-5FB9-4DE1-A276-683008BA3485},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:109]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-A06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:109]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_manifest\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:109]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_payload\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:109]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-A06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:125]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-C06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_manifest\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:125]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-B06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_payload\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:156]: Executing op: ComponentRegister(ComponentId={0E9F98FC-A692-A6DF-A06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:171]: Executing op: ComponentRegister(ComponentId={0E9F98FC-A692-A6DF-C06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\downlevel_manifest\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (84:20) [06:48:40:171]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200)
MSI (s) (84:20) [06:48:40:171]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs,,BinaryType=0)
MSI (s) (84:20) [06:48:40:171]: Executing op: ProgressTick()
MSI (s) (84:20) [06:48:40:171]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200)
MSI (s) (84:20) [06:48:40:171]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs,,BinaryType=0)
MSI (s) (84:20) [06:48:40:171]: Executing op: ProgressTick()
MSI (s) (84:20) [06:48:40:171]: Executing op: ActionStart(Name=RemoveODBC,Description=Removing ODBC components,)
MSI (s) (84:20) [06:48:40:171]: Executing op: ODBCDriverManager(,BinaryType=0)
MSI (s) (84:20) [06:48:40:171]: Executing op: ODBCDriverManager(,BinaryType=1)
MSI (s) (84:20) [06:48:40:171]: Executing op: ActionStart(Name=CreateFolders,Description=Creating folders,Template=Folder: [1])
MSI (s) (84:20) [06:48:40:171]: Executing op: FolderCreate(Folder=c:\Program Files\MSXML 4.0\,Foreign=0,)
MSI (s) (84:20) [06:48:40:234]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1], Directory: [9], Size: [6])
MSI (s) (84:20) [06:48:40:234]: Executing op: ProgressTotal(Total=2604004,Type=0,ByteEquivalent=1)
MSI (s) (84:20) [06:48:40:250]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\system32\)
MSI (s) (84:20) [06:48:40:250]: Executing op: SetSourceFolder(Folder=1\System\)
MSI (s) (84:20) [06:48:40:250]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_Core.cab,BytesPerTick=32768,CopierType=2,ModuleFileName=c:\WINDOWS\Installer\3a8a36b.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (84:20) [06:48:40:250]: Executing op: FileCopy(SourceName=msxml4.dll,SourceCabKey=msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7,DestName=msxml4.dll,Attributes=512,FileSize=1245696,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.20.9841.0,Language=0,InstallMode=58982400,,,,,,,)
MSI (s) (84:20) [06:48:40:312]: File: c:\WINDOWS\system32\msxml4.dll; Overwrite; Won't patch; Existing file is a lower version
MSI (s) (84:20) [06:48:40:312]: Source for file 'msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7' is compressed
MSI (s) (84:20) [06:48:40:328]: Re-applying security from existing file.
MSI (s) (84:20) [06:48:40:328]: Verifying accessibility of file: msxml4.dll
MSI (s) (84:20) [06:48:40:328]: SOFTWARE RESTRICTION POLICY: Verifying object --> 'c:\WINDOWS\Installer\3a8a36b.msi' against software restriction policy
MSI (s) (84:20) [06:48:40:328]: SOFTWARE RESTRICTION POLICY: c:\WINDOWS\Installer\3a8a36b.msi has a digital signature
MSI (s) (84:20) [06:48:40:421]: SOFTWARE RESTRICTION POLICY: c:\WINDOWS\Installer\3a8a36b.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2318 2: c:\WINDOWS\system32\msxml4.dll
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:468]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:484]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:484]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:484]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:484]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:484]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:500]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:515]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:593]: Executing op: FileCopy(SourceName=msxml4r.dll,SourceCabKey=msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7,DestName=msxml4r.dll,Attributes=512,FileSize=82432,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.10.9404.0,Language=1033,InstallMode=58982400,,,,,,,)
MSI (s) (84:20) [06:48:40:671]: File: c:\WINDOWS\system32\msxml4r.dll; Won't Overwrite; Won't patch; Existing file is of an equal version
MSI (s) (84:20) [06:48:40:671]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\Manifests\)
MSI (s) (84:20) [06:48:40:671]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\manifest\|Windows\winsxs\Manifests\)
MSI (s) (84:20) [06:48:40:671]: Executing op: FileCopy(SourceName=xl34x2va.rt8|x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest,SourceCabKey=manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,DestName=x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest,,FileSize=3973,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-85909274,HashPart2=-393638470,HashPart3=495071453,HashPart4=945762879,,)
MSI (s) (84:20) [06:48:40:671]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:40:671]: Source for file 'manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:40:671]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest
MSI (s) (84:20) [06:48:40:718]: Executing op: FileCopy(SourceName=yl34x2va.rt8|x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat,SourceCabKey=catalog.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,DestName=x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat,,FileSize=8347,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1679697816,HashPart2=1808584787,HashPart3=1425912084,HashPart4=629236904,,)
MSI (s) (84:20) [06:48:40:718]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:40:718]: Source for file 'catalog.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:40:718]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat
MSI (s) (84:20) [06:48:40:718]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\)
MSI (s) (84:20) [06:48:40:718]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\tl34x2va.rt8\)
MSI (s) (84:20) [06:48:40:718]: Executing op: FileCopy(SourceName=1m34x2va.rt8|msxml4.dll,SourceCabKey=msxml4.dll.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,DestName=msxml4.dll,,FileSize=1245696,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,Version=4.20.9841.0,Language=0,InstallMode=58982400,,,,,,,)
MSI (s) (84:20) [06:48:40:718]: File: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:40:718]: Source for file 'msxml4.dll.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:40:734]: Note: 1: 2318 2: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
MSI (s) (84:20) [06:48:40:750]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:750]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:750]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:750]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:750]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:750]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:750]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:765]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:781]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:796]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:812]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:812]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:812]: Note: 1: 2360
MSI (s) (84:20) [06:48:40:875]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\Manifests\)
MSI (s) (84:20) [06:48:40:875]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\manifest\|Windows\winsxs\Manifests\)
MSI (s) (84:20) [06:48:40:875]: Executing op: FileCopy(SourceName=9n0mtfut.k85|x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest,SourceCabKey=manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537,DestName=x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest,,FileSize=500,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-707213148,HashPart2=1938794768,HashPart3=-933075776,HashPart4=-843550219,,)
MSI (s) (84:20) [06:48:40:875]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:40:875]: Source for file 'manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:40:875]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest
MSI (s) (84:20) [06:48:41:031]: Executing op: FileCopy(SourceName=an0mtfut.k85|x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat,SourceCabKey=catalog.DA6654F6_456F_3658_FF6B_D6B9ABF34537,DestName=x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat,,FileSize=8349,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1336197992,HashPart2=-627824155,HashPart3=82633343,HashPart4=1105156543,,)
MSI (s) (84:20) [06:48:41:031]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:41:031]: Source for file 'catalog.DA6654F6_456F_3658_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:41:031]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat
MSI (s) (84:20) [06:48:41:046]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\)
MSI (s) (84:20) [06:48:41:046]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\5n0mtfut.k85\)
MSI (s) (84:20) [06:48:41:046]: Executing op: FileCopy(SourceName=dn0mtfut.k85|msxml4r.dll,SourceCabKey=msxml4r.dll.DA6654F6_456F_3658_FF6B_D6B9ABF34537,DestName=msxml4r.dll,,FileSize=82432,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,Version=4.10.9404.0,Language=1033,InstallMode=58982400,,,,,,,)
MSI (s) (84:20) [06:48:41:046]: File: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:41:046]: Source for file 'msxml4r.dll.DA6654F6_456F_3658_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:41:109]: Note: 1: 2318 2: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
MSI (s) (84:20) [06:48:41:109]: Note: 1: 2360
MSI (s) (84:20) [06:48:41:125]: Note: 1: 2360
MSI (s) (84:20) [06:48:41:125]: Note: 1: 2360
MSI (s) (84:20) [06:48:41:125]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\)
MSI (s) (84:20) [06:48:41:125]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\Policies\i0r1wg7y.dqe\)
MSI (s) (84:20) [06:48:41:125]: Executing op: FileCopy(SourceName=l0r1wg7y.dqe|4.20.9841.0.policy,SourceCabKey=manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537,DestName=4.20.9841.0.policy,,FileSize=652,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=49613189,HashPart2=1139053242,HashPart3=-1699064514,HashPart4=-854272932,,)
MSI (s) (84:20) [06:48:41:125]: File: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.policy; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:41:125]: Source for file 'manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:41:125]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.policy
MSI (s) (84:20) [06:48:41:140]: Executing op: FileCopy(SourceName=m0r1wg7y.dqe|4.20.9841.0.cat,SourceCabKey=catalog.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537,DestName=4.20.9841.0.cat,,FileSize=8359,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-861819424,HashPart2=1423527147,HashPart3=-1146259424,HashPart4=2040409349,,)
MSI (s) (84:20) [06:48:41:140]: File: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.cat; To be installed; Won't patch; No existing file
MSI (s) (84:20) [06:48:41:140]: Source for file 'catalog.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537' is compressed
MSI (s) (84:20) [06:48:41:140]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.cat
MSI (s) (84:20) [06:48:41:140]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_SDK.cab,BytesPerTick=32768,CopierType=2,ModuleFileName=c:\WINDOWS\Installer\3a8a36b.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (84:20) [06:48:41:140]: Executing op: CacheSizeFlush(,)
MSI (s) (84:20) [06:48:41:140]: Executing op: InstallProtectedFiles(AllowUI=0)
MSI (s) (84:20) [06:48:41:140]: Executing op: ActionStart(Name=WriteRegistryValues,Description=Writing system registry values,Template=Key: [1], Name: [2], Value: [3])
MSI (s) (84:20) [06:48:41:140]: Executing op: ProgressTotal(Total=112,Type=1,ByteEquivalent=13200)
MSI (s) (84:20) [06:48:41:140]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:140]: Executing op: RegAddValue(,Value=XML DOM Document 4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=Msxml2.DOMDocument.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=XML DOM Document 4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=Msxml2.DOMDocument.4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=Msxml2.DOMDocument.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value={88D969C0-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=Free Threaded XML DOM Document 4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=Msxml2.FreeThreadedDOMDocument.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=Free Threaded XML DOM Document 4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=Msxml2.FreeThreadedDOMDocument.4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=Msxml2.FreeThreadedDOMDocument.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value={88D969C1-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:187]: Executing op: RegAddValue(,Value=XML Data Source Object 4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=Msxml2.DSOControl.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=XML Data Source Object 4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=Msxml2.DSOControl.4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=Msxml2.DSOControl.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value={88D969C4-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=XML HTTP 4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=Msxml2.XMLHTTP.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=XML HTTP 4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=Msxml2.XMLHTTP.4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=Msxml2.XMLHTTP.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value={88D969C5-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=Server XML HTTP 4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=Msxml2.ServerXMLHTTP.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=Server XML HTTP 4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=Msxml2.ServerXMLHTTP.4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=Msxml2.ServerXMLHTTP.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value={88D969C6-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=XML Schema Cache 4.0,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegOpenKey(,Key=Msxml2.XMLSchemaCache.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:203]: Executing op: RegAddValue(,Value=XML Schema Cache 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=Msxml2.XMLSchemaCache.4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=Msxml2.XMLSchemaCache.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value={88D969C2-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=XSL Template 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=Msxml2.XSLTemplate.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=XSL Template 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=Msxml2.XSLTemplate.4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=Msxml2.XSLTemplate.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value={88D969C3-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F},,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=SAX XML Reader 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=Msxml2.SAXXMLReader.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=SAX XML Reader 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=Msxml2.SAXXMLReader.4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=Msxml2.SAXXMLReader.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value={7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F},)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136},,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=MX XML Reader 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=MXXMLWriter 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=Msxml2.MXXMLWriter.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=MXXMLWriter 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=Msxml2.MXXMLWriter.4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=Msxml2.MXXMLWriter.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value={88D969C8-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=MXHTMLWriter 4.0,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:218]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=Msxml2.MXHTMLWriter.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=MXHTMLWriter 4.0,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=Msxml2.MXHTMLWriter.4.0,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=Msxml2.MXHTMLWriter.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value={88D969C9-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=SAXAttributes 4.0,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=Msxml2.SAXAttributes.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=SAXAttributes 4.0,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=Msxml2.SAXAttributes.4.0,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegOpenKey(,Key=Msxml2.SAXAttributes.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:234]: Executing op: RegAddValue(,Value={88D969CA-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:250]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5},,BinaryType=0)
MSI (s) (84:20) [06:48:41:250]: Executing op: RegAddValue(,Value=MXNamespaceManager 4.0,)
MSI (s) (84:20) [06:48:41:250]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:250]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:250]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (84:20) [06:48:41:250]: Executing op: RegOpenKey(,Key=Msxml2.MXNamespaceManager.4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:250]: Executing op: RegAddValue(,Value=MXNamespaceManager 4.0,)
MSI (s) (84:20) [06:48:41:296]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:296]: Executing op: RegAddValue(,Value=Msxml2.MXNamespaceManager.4.0,)
MSI (s) (84:20) [06:48:41:296]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)
MSI (s) (84:20) [06:48:41:296]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (84:20) [06:48:41:296]: Executing op: RegOpenKey(,Key=Msxml2.MXNamespaceManager.4.0\CLSID,,BinaryType=0)
MSI (s) (84:20) [06:48:41:296]: Executing op: RegAddValue(,Value={88D969D6-F192-11D4-A65F-0040963251E5},)
MSI (s) (84:20) [06:48:41:359]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Microsoft\Updates\MSXML4SP2\Q927978,,BinaryType=0)
MSI (s) (84:20) [06:48:41:359]: Executing op: RegAddValue(Name=Description,Value=FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2,)
MSI (s) (84:20) [06:48:41:390]: Executing op: RegAddValue(Name=InstalledDate,Value=24/11/2006,)
MSI (s) (84:20) [06:48:41:390]: Executing op: RegAddValue(Name=InstalledBy,Value=lump,)
MSI (s) (84:20) [06:48:41:390]: Executing op: RegAddValue(Name=IsInstalled,Value=#1,)
MSI (s) (84:20) [06:48:41:390]: Executing op: RegAddValue(Name=ServicePack,Value=#1,)
MSI (s) (84:20) [06:48:41:390]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:390]: Executing op: RegAddValue(,Value=Microsoft XML, v4.0,)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\0,,BinaryType=0)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegAddValue(,,)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\0\win32,,BinaryType=0)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\FLAGS,,BinaryType=0)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegAddValue(,Value=0,)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\HELPDIR,,BinaryType=0)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegAddValue(,,)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_payload,,BinaryType=0)
MSI (s) (84:20) [06:48:41:421]: Executing op: RegAddValue(,,)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_manifest,,BinaryType=0)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegAddValue(,,)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_payload,,BinaryType=0)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegAddValue(,,)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_manifest,,BinaryType=0)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegAddValue(,,)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\downlevel_manifest,,BinaryType=0)
MSI (s) (84:20) [06:48:41:437]: Executing op: RegAddValue(,,)
MSI (s) (84:20) [06:48:41:453]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents,,BinaryType=0)
MSI (s) (84:20) [06:48:41:453]: Executing op: RegAddValue(Name={7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest[~]{7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat[~]{7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\[~]{7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537},)
MSI (s) (84:20) [06:48:41:453]: Executing op: RegAddValue(Name={7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\\msxml4.dll[~]{7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\[~]{7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537},)
MSI (s) (84:20) [06:48:41:468]: Executing op: RegAddValue(Name={DA6654F6-456F-3658-C06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest[~]{DA6654F6-456F-3658-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat[~]{DA6654F6-456F-3658-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\[~]{DA6654F6-456F-3658-C06B-D6B9ABF34537},)
MSI (s) (84:20) [06:48:41:468]: Executing op: RegAddValue(Name={DA6654F6-456F-3658-B06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\\msxml4r.dll[~]{DA6654F6-456F-3658-B06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\[~]{DA6654F6-456F-3658-B06B-D6B9ABF34537},)
MSI (s) (84:20) [06:48:41:468]: Executing op: RegAddValue(Name={0E9F98FC-A692-A6DF-C06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\\4.20.9841.0.policy[~]{0E9F98FC-A692-A6DF-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\\4.20.9841.0.cat[~]{0E9F98FC-A692-A6DF-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\[~]{0E9F98FC-A692-A6DF-C06B-D6B9ABF34537},)
MSI (s) (84:20) [06:48:41:468]: Executing op: ActionStart(Name=RegisterTypeLibraries,Description=Registering type libraries,Template=LibID: [1])
MSI (s) (84:20) [06:48:41:468]: Executing op: TypeLibraryRegister(,,FilePath=c:\WINDOWS\system32\msxml4.dll,LibID={F5078F18-C551-11D3-89B9-0000F81FE221},Version=1024,,Language=0,,BinaryType=0,IgnoreRegistrationFailure=0)
MSI (s) (84:20) [06:48:41:656]: QueryPathOfRegTypeLib returned 0 in local context. Path is 'c:\WINDOWS\system32\msxml4.dll'
MSI (s) (84:20) [06:48:41:656]: Note: 1: 1402 2: UNKNOWN\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\400.0\0\win32 3: 2
MSI (s) (84:20) [06:48:41:656]: CMsiServices::ProcessTypeLibrary runs in local context, not impersonated.
MSI (s) (84:20) [06:48:41:828]: ProcessTypeLibraryCore returns: 0. (0 means OK)
MSI (s) (84:20) [06:48:41:828]: CMsiServices::ProcessTypeLibrary runs in local context, not impersonated.
MSI (s) (84:20) [06:48:42:281]: ProcessTypeLibraryCore returns: 0. (0 means OK)
MSI (s) (84:20) [06:48:42:281]: Executing op: ActionStart(Name=RegisterUser,Description=Registering user,Template=[1])
MSI (s) (84:20) [06:48:42:281]: Executing op: UserRegister(Owner=lump,,ProductId=none)
MSI (s) (84:20) [06:48:42:281]: Executing op: ActionStart(Name=RegisterProduct,Description=Registering product,Template=[1])
MSI (s) (84:20) [06:48:42:281]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_Core.cab,BytesPerTick=0,CopierType=2,ModuleFileName=c:\WINDOWS\Installer\3a8a36b.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (84:20) [06:48:42:281]: Executing op: DatabaseCopy(DatabasePath=c:\WINDOWS\Installer\3a8a36b.msi,ProductCode={37477865-A3F1-4772-AD43-AAFC6BCFF99F},CabinetStreams=XML_Core.cab;XML_SDK.cab,,)
MSI (s) (84:20) [06:48:42:468]: Executing op: ProductRegister(UpgradeCode={7CE723E3-E56B-432C-9F24-78C0606045A5},VersionString=4.20.9841.0,HelpLink=http://support.microsoft.com/kb/927978,,,InstallSource=c:\a9fbea324ee3931108bc\,Publisher=Microsoft Corporation,,,,,,,,,,,,EstimatedSize=2625)
MSI (s) (84:20) [06:48:42:500]: Executing op: ProductCPDisplayInfoRegister()
MSI (s) (84:20) [06:48:42:515]: Executing op: ActionStart(Name=PublishFeatures,Description=Publishing Product Features,Template=Feature: [1])
MSI (s) (84:20) [06:48:42:515]: Executing op: FeaturePublish(Feature=MSXML,,Absent=2,Component=MF}e835XRAhvfl[X%h~W(s-UlQ2mt@MgogY-xd{t)
MSI (s) (84:20) [06:48:42:515]: Executing op: FeaturePublish(Feature=MSXMLSYS,Parent=MSXML,Absent=2,Component=V2?0@7$9*=IdbugpYRMX}GHaGLdZ==A&kv@Y~]3iui-r60O)l=Em%pCn7G4))
MSI (s) (84:20) [06:48:42:515]: Executing op: FeaturePublish(Feature=MSXMLSUPP2,Parent=MSXML,Absent=2,Component=?`ZsjqO[%A*`NW3OG&nR)
MSI (s) (84:20) [06:48:42:531]: Executing op: FeaturePublish(Feature=MSXMLSXS,Parent=MSXML,Absent=2,Component=LdCZOHqG+dpWsfdDE!j5LdCZOHqG+d6XsfdDE!j5LdCZOHqG+d%XsfdDE!j5`DM4olJ_O5pWsfdDE!j5`DM4olJ_O56XsfdDE!j5`DM4olJ_O5%XsfdDE!j5l0Rd'9?m^^pWsfdDE!j5l0Rd'9?m^^6XsfdDE!j5)
MSI (s) (84:20) [06:48:42:531]: Executing op: FeaturePublish(Feature=XMLSDK,,Absent=3,Component=mk`[Q=PRe?RvYBgpXHXc5~{DF_B]-@1_XLnB~RWMMvh8D]u5G@j^sM7=J&oH0G,*i]!a$9uKNVM3Kykc)
MSI (s) (84:20) [06:48:42:531]: Executing op: ActionStart(Name=PublishProduct,Description=Publishing product information,)
MSI (s) (84:20) [06:48:42:531]: Executing op: IconCreate(Icon=icon.exe,Data=BinaryData)
MSI (s) (84:20) [06:48:42:703]: Executing op: CleanupConfigData()
MSI (s) (84:20) [06:48:42:703]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\568774731F3A2774DA34AACFB6FC9FF9\Patches 3: 2
MSI (s) (84:20) [06:48:42:703]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0)
MSI (s) (84:20) [06:48:42:703]: Note: 1: 1402 2: UNKNOWN\Products\568774731F3A2774DA34AACFB6FC9FF9\Patches 3: 2
MSI (s) (84:20) [06:48:42:718]: Executing op: ProductPublish(PackageKey={2B27DCD9-53FA-4885-B6CD-698623819F4C})
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (84:20) [06:48:42:765]: Executing op: UpgradeCodePublish(UpgradeCode={7CE723E3-E56B-432C-9F24-78C0606045A5})
MSI (s) (84:20) [06:48:42:765]: Executing op: SourceListPublish(,,,,NumberOfDisks=2)
MSI (s) (84:20) [06:48:42:765]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9\SourceList 3: 2
MSI (s) (84:20) [06:48:42:781]: Executing op: ProductPublishClient(,,)
MSI (s) (84:20) [06:48:42:781]: Executing op: SourceListRegisterLastUsed(SourceProduct={37477865-A3F1-4772-AD43-AAFC6BCFF99F},LastUsedSource=c:\a9fbea324ee3931108bc\)
MSI (s) (84:20) [06:48:42:781]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (84:20) [06:48:42:781]: Specifed source is already in a list.
MSI (s) (84:20) [06:48:42:781]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (84:20) [06:48:42:781]: Machine policy value 'DisableBrowse' is 0
MSI (s) (84:20) [06:48:42:781]: Machine policy value 'AllowLockdownBrowse' is 0
MSI (s) (84:20) [06:48:42:781]: Adding new sources is allowed.
MSI (s) (84:20) [06:48:42:781]: Set LastUsedSource to: c:\a9fbea324ee3931108bc\.
MSI (s) (84:20) [06:48:42:781]: Set LastUsedType to: n.
MSI (s) (84:20) [06:48:42:781]: Set LastUsedIndex to: 1.
MSI (s) (84:20) [06:48:42:781]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=4564804)
MSI (s) (84:20) [06:48:42:796]: User policy value 'DisableRollback' is 0
MSI (s) (84:20) [06:48:42:796]: Machine policy value 'DisableRollback' is 0
MSI (s) (84:20) [06:48:42:937]: No System Restore sequence number for this installation.
MSI (s) (84:20) [06:48:42:937]: Unlocking Server
MSI (s) (84:20) [06:48:42:937]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
MSI (s) (84:20) [06:48:43:062]: Skipping action: SxsUninstallCA (condition is false)
MSI (s) (84:20) [06:48:43:062]: Doing action: RemoveExistingProducts
Action ended 06:48:42: InstallFinalize. Return value 1.
Action start 06:48:43: RemoveExistingProducts.
Action ended 06:48:43: RemoveExistingProducts. Return value 1.
Action ended 06:48:43: INSTALL. Return value 1.
Property(S): ProductName = MSXML 4.0 SP2 (KB927978)
Property(S): ProductCode = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductVersion = 4.20.9841.0
Property(S): ProductLanguage = 1033
Property(S): BannerBitmap = bannrbmp
Property(S): IAgree = No
Property(S): ProductID = none
Property(S): ARPHELPLINK = http://support.microsoft.com/kb/927978
Property(S): ButtonText_Back = < &Back
Property(S): ButtonText_Browse = Br&owse
Property(S): ButtonText_Cancel = Cancel
Property(S): ButtonText_Exit = &Exit
Property(S): ButtonText_Finish = &Finish
Property(S): ButtonText_Ignore = &Ignore
Property(S): ButtonText_Install = &Install
Property(S): ButtonText_InstallNow = &Install Now
Property(S): ButtonText_Next = &Next >
Property(S): ButtonText_No = &No
Property(S): ButtonText_OK = OK
Property(S): ButtonText_Remove = &Remove
Property(S): ButtonText_Reset = &Reset
Property(S): ButtonText_Resume = &Resume
Property(S): ButtonText_Retry = &Retry
Property(S): ButtonText_Return = &Return
Property(S): ButtonText_Yes = &Yes
Property(S): CompleteSetupIcon = completi
Property(S): CustomSetupIcon = custicon
Property(S): DialogBitmap = dlgbmp
Property(S): DlgTitleFont = {&DlgFontBold8}
Property(S): ExclamationIcon = exclamic
Property(S): InfoIcon = info
Property(S): InstallerIcon = insticon
Property(S): INSTALLLEVEL = 3
Property(S): InstallModeTxt_1 = Custom
Property(S): InstallModeVal = InstallModeTxt_1
Property(S): InstallModeTxt_2 = Complete
Property(S): InstallModeTxt_3 = Server Image
Property(S): InstallModeTxt_4 = Change
Property(S): InstallModeTxt_5 = Repair
Property(S): InstallModeTxt_6 = Remove
Property(S): PIDTemplate = 12345<###-%%%%%%%>@@@@@
Property(S): Progress1Txt_1 = Installing
Property(S): Progress1 = Progress1Txt_1
Property(S): Progress2Txt_1 = installs
Property(S): Progress2 = Progress2Txt_1
Property(S): Progress1Txt_2 = Changing
Property(S): Progress2Txt_2 = changes
Property(S): Progress1Txt_3 = Repairing
Property(S): Progress2Txt_3 = repairs
Property(S): Progress1Txt_4 = Removing
Property(S): Progress2Txt_4 = removes
Property(S): PROMPTROLLBACKCOST = P
Property(S): RemoveIcon = removico
Property(S): RepairIcon = repairic
Property(S): Setup = Setup
Property(S): Wizard = Setup Wizard
Property(S): DefaultUIFont = DlgFont8
Property(S): ErrorDialog = ErrorDlg
Property(S): TARGETDIR = c:\
Property(S): USERNAME = lump
Property(S): APPS_TEST = 1
Property(S): VersionNT = 501
Property(S): SecureCustomProperties = MSXML4SP2
Property(S): UpgradeCode = {7CE723E3-E56B-432C-9F24-78C0606045A5}
Property(S): ALLUSERS = 1
Property(S): WINHTTP_51 = WinHttpRequest Component version 5.1
Property(S): MSXML = c:\Program Files\MSXML 4.0\
Property(S): SourceDir = c:\a9fbea324ee3931108bc\
Property(S): DesktopFolder = c:\Documents and Settings\All Users\Desktop\
Property(S): ProgramFilesFolder = c:\Program Files\
Property(S): ProductState = -1
Property(S): PackageCode = {2B27DCD9-53FA-4885-B6CD-698623819F4C}
Property(S): SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 = c:\WINDOWS\system32\
Property(S): SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 = c:\WINDOWS\system32\
Property(S): SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB = c:\WINDOWS\system32\
Property(S): WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\
Property(S): payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
Property(S): payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
Property(S): WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Manifests\
Property(S): WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\
Property(S): SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\system32\
Property(S): WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\
Property(S): policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
Property(S): policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
Property(S): WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\
Property(S): payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
Property(S): payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
Property(S): WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Manifests\
Property(S): WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\
Property(S): SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\system32\
Property(S): WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\
Property(S): policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
Property(S): policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
Property(S): WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\
Property(S): payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
Property(S): WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\
Property(S): policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
Property(S): WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\
Property(S): SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\system32\
Property(S): WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Manifests\
Property(S): payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
Property(S): policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
Property(S): DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Documents and Settings\All Users\Desktop\
Property(S): ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Documents and Settings\All Users\Start Menu\Programs\
Property(S): MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\
Property(S): DOC.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Program Files\MSXML 4.0\doc\
Property(S): LIB.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Program Files\MSXML 4.0\lib\
Property(S): INC.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Program Files\MSXML 4.0\inc\
Property(S): CommonFilesFolder = c:\Program Files\Common Files\
Property(S): MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 = c:\Program Files\Common Files\Microsoft Shared\
Property(S): MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 = c:\Program Files\Common Files\Microsoft Shared\MSDN\
Property(S): Date = 24/11/2006
Property(S): PackagecodeChanging = 1
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = c:\a9fbea324ee3931108bc
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 1096
Property(S): VersionDatabase = 200
Property(S): VersionMsi = 3.01
Property(S): WindowsBuild = 2600
Property(S): ServicePackLevel = 2
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): MsiNTSuitePersonal = 1
Property(S): WindowsFolder = c:\WINDOWS\
Property(S): WindowsVolume = c:\
Property(S): SystemFolder = C:\WINDOWS\system32\
Property(S): System16Folder = C:\WINDOWS\system\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\WINDOWS\TEMP\
Property(S): AppDataFolder = C:\WINDOWS\system32\config\systemprofile\Application Data\
Property(S): FavoritesFolder = C:\WINDOWS\system32\config\systemprofile\Favorites\
Property(S): NetHoodFolder = C:\WINDOWS\system32\config\systemprofile\NetHood\
Property(S): PersonalFolder = C:\WINDOWS\system32\config\systemprofile\My Documents\
Property(S): PrintHoodFolder = C:\WINDOWS\system32\config\systemprofile\PrintHood\
Property(S): RecentFolder = C:\WINDOWS\system32\config\systemprofile\Recent\
Property(S): SendToFolder = C:\WINDOWS\system32\config\systemprofile\SendTo\
Property(S): TemplateFolder = C:\Documents and Settings\All Users\Templates\
Property(S): CommonAppDataFolder = C:\Documents and Settings\All Users\Application Data\
Property(S): LocalAppDataFolder = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\
Property(S): MyPicturesFolder = C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\
Property(S): AdminToolsFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\Documents and Settings\All Users\Start Menu\Programs\
Property(S): StartMenuFolder = C:\Documents and Settings\All Users\Start Menu\
Property(S): FontsFolder = C:\WINDOWS\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): Intel = 6
Property(S): PhysicalMemory = 448
Property(S): VirtualMemory = 859
Property(S): AdminUser = 1
Property(S): LogonUser = SYSTEM
Property(S): UserSID = S-1-5-18
Property(S): UserLanguageID = 2057
Property(S): ComputerName = LUMPLAPTOP
Property(S): SystemLanguageID = 2057
Property(S): ScreenX = 1280
Property(S): ScreenY = 800
Property(S): CaptionHeight = 26
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 06:48:43
Property(S): MsiNetAssemblySupport = 1.1.4322.2032
Property(S): MsiWin32AssemblySupport = 5.1.2600.2180
Property(S): RedirectedDllSupport = 2
Property(S): Privileged = 1
Property(S): DATABASE = c:\WINDOWS\Installer\3a8a36b.msi
Property(S): OriginalDatabase = c:\a9fbea324ee3931108bc\msxml.msi
Property(S): UILevel = 2
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = c:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = c:\a9fbea324ee3931108bc\
Property(S): SourcedirProduct = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Property(S): ProductToBeRegistered = 1
MSI (s) (84:20) [06:48:43:578]: Note: 1: 1707
MSI (s) (84:20) [06:48:43:578]: Product: MSXML 4.0 SP2 (KB927978) -- Installation completed successfully.

MSI (s) (84:20) [06:48:43:734]: Cleaning up uninstalled install packages, if any exist
MSI (s) (84:20) [06:48:43:734]: MainEngineThread is returning 0
MSI (s) (84:00) [06:48:43:937]: Destroying RemoteAPI object.
MSI (s) (84:44) [06:48:43:937]: Custom Action Manager thread ending.
=== Logging stopped: 24/11/2006 06:48:43 ===
MSI (c) (48:38) [06:48:43:937]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (48:38) [06:48:43:937]: MainEngineThread is returning 0
=== Verbose logging stopped: 24/11/2006 06:48:43 ===





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:57, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

--
End of file - 4166 bytes
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am

Re: brouser hijacked

Unread postby MikeSwim07 » January 13th, 2009, 8:59 pm

No, that is not the right log,

Please look in your C directory (C:\) for a folder named _OTMoveIt, then go to MovedFiles folder, the log should be in there.

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: brouser hijacked

Unread postby Lump » January 14th, 2009, 3:07 am

seriously no folder with that name, there is one, but it just opens with other folders inside ?
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am

Re: brouser hijacked

Unread postby MikeSwim07 » January 14th, 2009, 7:44 pm

Can you tell me all of the folders that are in this folder,

C:\_OTMoveIt\MovedFiles
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: brouser hijacked

Unread postby Lump » January 15th, 2009, 3:04 am

-01132009-071407
-lump
-application data
-antispyware
malewareremovalbot
-programge files
+azureus
+soulseek
-windows
task
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am

Re: brouser hijacked

Unread postby MikeSwim07 » January 15th, 2009, 8:13 am

Can you look in this folder for the log,

01132009-071407
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: brouser hijacked

Unread postby Lump » January 15th, 2009, 12:25 pm

ok think this maybe it ? there are two so will post them both up

Microsoft Windows XP Home Edition Service Pack 3
5.01 build 2600 Service Pack 3
Username: lump
In groups: LOCAL Administrators Everyone Users None INTERACTIVE Authenticated Users
2009/01/12 07:09:28:515: Application Version: 1.9.3163.891
2009/01/12 07:09:28:531: Module Version: 1.0.3163.888
2009/01/12 07:09:28:531: Service Version: 1.9.3163.891
2009/01/12 07:09:28:531: ===============================================================
2009/01/12 07:09:28:531: Switching to PIEInProc.
2009/01/12 07:09:28:531: Checking for bad run key.
2009/01/12 07:09:28:546: Windows directory: C:\WINDOWS
2009/01/12 07:09:28:609: System directory: C:\WINDOWS\system32
2009/01/12 07:09:28:609: Program Files directory: C:\Program Files
2009/01/12 07:09:28:609: Application Data: C:\Documents and Settings\lump\Application Data
2009/01/12 07:09:28:609: User Profile: C:\Documents and Settings\lump
2009/01/12 07:09:28:609: User Temp: C:\DOCUME~1\lump\LOCALS~1\Temp\
2009/01/12 07:09:28:609: Start Menu: C:\Documents and Settings\lump\Start Menu
2009/01/12 07:09:28:609: User Desktop: C:\Documents and Settings\lump\Desktop
2009/01/12 07:09:28:609: Common Desktop: C:\Documents and Settings\All Users\Desktop
2009/01/12 07:09:28:609: Common Profile: C:\Documents and Settings\All Users
2009/01/12 07:09:28:609: SID set to: S-1-5-21-753015545-4000744803-4058338510-1006
2009/01/12 07:09:32:843: version was called, but is not defined in this dll version.
2009/01/12 07:09:32:843: Database Version:
2009/01/12 07:09:32:843: version was called, but is not defined in this dll version.
2009/01/12 07:09:32:843: Database Version:
2009/01/12 07:09:34:968: Parsing command line:
2009/01/12 07:09:34:968: boot
2009/01/12 07:09:34:968: launch
2009/01/12 07:09:34:968: hide
2009/01/12 07:09:34:968: OnitDialog...
2009/01/12 07:09:34:968: Skipping splash screen.
2009/01/12 07:09:36:187: Checking for database update...
2009/01/12 07:09:41:375: Database Version: 11.1.6 1231448215
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Microsoft Windows XP Home Edition Service Pack 3
5.01 build 2600 Service Pack 3
Username: lump
In groups: LOCAL Administrators Everyone Users None INTERACTIVE Authenticated Users
2009/01/12 16:42:09:093: Application Version: 1.9.3163.891
2009/01/12 16:42:09:093: Module Version: 1.0.3163.888
2009/01/12 16:42:09:156: Service Version: 1.9.3163.891
2009/01/12 16:42:09:171: ===============================================================
2009/01/12 16:42:09:171: Switching to PIEInProc.
2009/01/12 16:42:09:171: Checking for bad run key.
2009/01/12 16:42:09:187: Windows directory: C:\WINDOWS
2009/01/12 16:42:09:187: System directory: C:\WINDOWS\system32
2009/01/12 16:42:09:187: Program Files directory: C:\Program Files
2009/01/12 16:42:09:187: Application Data: C:\Documents and Settings\lump\Application Data
2009/01/12 16:42:09:187: User Profile: C:\Documents and Settings\lump
2009/01/12 16:42:09:187: User Temp: C:\DOCUME~1\lump\LOCALS~1\Temp\
2009/01/12 16:42:09:187: Start Menu: C:\Documents and Settings\lump\Start Menu
2009/01/12 16:42:09:187: User Desktop: C:\Documents and Settings\lump\Desktop
2009/01/12 16:42:09:187: Common Desktop: C:\Documents and Settings\All Users\Desktop
2009/01/12 16:42:09:187: Common Profile: C:\Documents and Settings\All Users
2009/01/12 16:42:09:187: SID set to: S-1-5-21-753015545-4000744803-4058338510-1006
2009/01/12 16:42:12:906: version was called, but is not defined in this dll version.
2009/01/12 16:42:12:906: Database Version:
2009/01/12 16:42:12:906: version was called, but is not defined in this dll version.
2009/01/12 16:42:12:906: Database Version:
2009/01/12 16:42:15:281: Parsing command line:
2009/01/12 16:42:15:281: boot
2009/01/12 16:42:15:312: launch
2009/01/12 16:42:15:312: hide
2009/01/12 16:42:15:312: OnitDialog...
2009/01/12 16:42:15:312: Skipping splash screen.
2009/01/12 16:42:16:890: Checking for database update...
2009/01/12 16:42:18:109: Database Version: 11.1.6 1231448215
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am

Re: brouser hijacked

Unread postby MikeSwim07 » January 16th, 2009, 8:38 am

Please re-run RSIT by double clicking the .exe. When the program has finished, it will produce one log. Please post the log it makes (log.txt).

How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: brouser hijacked

Unread postby Lump » January 16th, 2009, 8:51 am

running much better, but unsure of how safe it is, so have changed passwords for every thing,

Logfile of random's system information tool 1.05 (written by random/random)
Run by lump at 2009-01-16 12:49:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 29 GB (57%) free of 51 GB
Total RAM: 447 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:04, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lump\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\lump.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

--
End of file - 4209 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-03-10 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-03-10 688218]
"STDSB"=C:\WINDOWS\system32\drivers\STDSB.exe [2003-12-17 28672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2400 Series\ezprint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure\Common\FSM32.EXE /splash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Icon]
C:\WINDOWS\system32\drivers\Icon.exe [2005-08-23 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
C:\PC-Checkup\PCCheckUp.exe -mini []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe -MINI []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-29 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA"
"C:\APPS\Powercinema\PowerCinema.exe"="C:\APPS\Powercinema\PowerCinema.exe:*:Disabled:PowerCinema"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Disabled:ActiveSync Connection Manager"
"C:\APPS\skype\phone\Skype.exe"="C:\APPS\skype\phone\Skype.exe:*:Disabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Defcon\defcon.exe"="C:\Program Files\Defcon\defcon.exe:*:Enabled:Defcon"
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Serif\PP80\Program\PagePlus.exe"="C:\Program Files\Serif\PP80\Program\PagePlus.exe:*:Disabled:Serif PagePlus 8"
"C:\Documents and Settings\lump\Local Settings\Temp\Rar$EX00.953\StadeoTV.exe"="C:\Documents and Settings\lump\Local Settings\Temp\Rar$EX00.953\StadeoTV.exe:*:Disabled:StadeoTV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-01-14 18:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 07:14:07 ----D---- C:\_OTMoveIt
2009-01-12 16:51:07 ----SHD---- C:\Config.Msi
2009-01-12 06:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-12 06:46:45 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-12 06:46:45 ----D---- C:\Documents and Settings\lump\Application Data\SUPERAntiSpyware.com
2009-01-12 06:46:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-11 18:34:47 ----A---- C:\WINDOWS\system32\tmp.txt
2009-01-11 18:34:06 ----A---- C:\rapport.txt
2009-01-10 21:02:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-01-10 16:57:36 ----D---- C:\Documents and Settings\lump\Application Data\F-Secure
2009-01-10 16:47:33 ----D---- C:\Program Files\F-Secure Internet Security
2009-01-10 16:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\f-secure
2009-01-04 20:34:32 ----D---- C:\rsit
2009-01-04 20:28:41 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-04 20:28:41 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-04 20:28:41 ----A---- C:\WINDOWS\system32\java.exe
2009-01-04 20:27:50 ----A---- C:\WINDOWS\system32\RENB.tmp
2009-01-04 20:27:50 ----A---- C:\WINDOWS\system32\RENA.tmp
2009-01-04 18:47:01 ----A---- C:\WINDOWS\wininit.ini
2009-01-04 13:49:40 ----A---- C:\WINDOWS\system32\RENDC.tmp
2009-01-04 13:49:40 ----A---- C:\WINDOWS\system32\RENDB.tmp
2009-01-04 13:19:41 ----D---- C:\Documents and Settings\lump\Application Data\TeamViewer
2009-01-04 13:19:36 ----D---- C:\Program Files\TeamViewer
2009-01-04 12:44:11 ----D---- C:\Program Files\Trend Micro
2009-01-04 12:32:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-03 22:28:44 ----D---- C:\Program Files\Common Files\Scanner
2009-01-03 18:44:33 ----A---- C:\WINDOWS\system32\msqpdxxsmnswqq.dll
2008-12-22 20:12:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-22 05:48:20 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-22 05:48:19 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-22 05:48:19 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-21 20:19:06 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-21 20:18:35 ----D---- C:\Program Files\Windows Live
2008-12-21 20:18:00 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-20 16:37:42 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-01-16 12:08:12 ----D---- C:\Program Files\Mozilla Firefox
2009-01-16 11:57:34 ----D---- C:\Program Files\Mozilla Thunderbird
2009-01-16 11:55:07 ----D---- C:\WINDOWS\Temp
2009-01-16 11:54:57 ----A---- C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt
2009-01-15 22:01:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 18:45:04 ----D---- C:\WINDOWS
2009-01-14 18:20:46 ----HD---- C:\WINDOWS\inf
2009-01-14 18:20:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-14 18:20:41 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 18:20:40 ----D---- C:\WINDOWS\system32
2009-01-14 18:19:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 18:19:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-14 18:19:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 07:14:08 ----RD---- C:\Program Files
2009-01-13 07:14:07 ----SD---- C:\WINDOWS\Tasks
2009-01-12 16:51:13 ----SHD---- C:\WINDOWS\Installer
2009-01-12 06:46:25 ----D---- C:\Program Files\Common Files
2009-01-11 18:35:32 ----D---- C:\WINDOWS\Prefetch
2009-01-10 18:59:57 ----D---- C:\WINDOWS\occache
2009-01-10 18:51:33 ----D---- C:\Temp
2009-01-10 18:34:17 ----D---- C:\WINDOWS\WinSxS
2009-01-10 18:34:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-10 18:33:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-10 18:32:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-10 18:27:22 ----SHD---- C:\RECYCLER
2009-01-10 18:27:22 ----D---- C:\Documents and Settings
2009-01-10 18:09:22 ----RASH---- C:\BOOT.INI
2009-01-10 18:09:22 ----A---- C:\WINDOWS\win.ini
2009-01-10 18:09:22 ----A---- C:\WINDOWS\system.ini
2009-01-10 17:44:26 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-10 16:50:21 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-10 16:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-04 21:12:43 ----D---- C:\Documents and Settings\lump\Application Data\Mozilla
2009-01-04 13:48:26 ----D---- C:\Program Files\Microsoft Office
2009-01-04 13:48:21 ----RSD---- C:\WINDOWS\Fonts
2009-01-04 13:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-04 13:38:42 ----D---- C:\Program Files\RegistryRepair
2009-01-04 10:31:30 ----D---- C:\WINDOWS\Debug
2009-01-04 10:31:28 ----D---- C:\WINDOWS\Minidump
2009-01-03 21:54:13 ----D---- C:\Program Files\Java
2009-01-03 21:17:24 ----D---- C:\Program Files\Lavasoft
2009-01-03 21:17:24 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-02 17:53:47 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-22 20:11:05 ----RSD---- C:\WINDOWS\assembly
2008-12-21 20:21:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 MTC0007_STDSB;Scroll Bar Driver; C:\WINDOWS\system32\drivers\STDSB.sys [2005-08-25 11279]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-28 449344]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-08-08 43008]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys [2005-05-10 237616]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys [2005-05-10 698848]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys [2005-05-10 13248]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-03-10 189408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-02-24 172416]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 STDSB;STDSB; C:\WINDOWS\System32\DRIVERS\STDSB.sys [2005-08-25 11279]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys [2005-06-21 1464912]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-02-23 228992]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys [2005-05-10 101328]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slmdmsr.exe [2005-05-10 61440]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
Lump
Active Member
 
Posts: 13
Joined: January 4th, 2009, 8:56 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 337 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware