Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Start Up and Hanging Shut Down


  • This topic is locked This topic is locked

#1
ccoandy

ccoandy

    New Member

  • Member
  • Pip
  • 6 posts
Hi,

This is my first time here. I'll describe what's going on, what I've done so far, and then let you guys do your magic.

There are two main things happening:
1. Whenever I start up my computer and log in, my computer is very slow to give me control. It seems like it takes forever to get through the initial start up procedures. During one point my entire screen will go black, and then come back, icon by icon. The entire process takes about five minutes. If I try to launch a program during that time, say firefox or outlook, the delay is even longer and the program I've requested usually gets hung up and I have to force it's termination.

2. When I go to hibernate, restart, or shut down my computer, it gets hung up. I will see "End Program" boxes for ccApp.exe and (less frequently) .NET Framework, but both of those usually resolve themselves quickly. However, every time I get a box that says, "End Program - Help". The indicator bar fills up and then it prompts me to "End Now" or "Cancel". If I cancel, my computer doesn't shut down and I get in the same situation when I try to shut it down again. If I choose to terminate the program, it will finish shutting down.

I went through all the newbie steps:
a. ran ATF cleaner
b. created a new system restore point and deleted all others
c. ran ad-aware se
d. ran avg anti-spyware in safe mode (report posted below)
e. ran panda activescan (report posted below)
f. checked for windows updates - only suggested update was an optional upgrade to IE 7. I declined since i use firefox
g. reboot test - same problems occured on shut down and ensuing start up
h. ran hijackthis (log, uninstall list) posted below

I am so glad there are folks like you out there to help wade through this stuff. Thanks in advance!

Andy

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:44:25 PM 11/20/2006

+ Scan result:



C:\WINDOWS\system32\KDP4a5d.dll -> Adware.SafeGuard : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sfg_086a.dll -> Adware.SafeGuard : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\yvycbsf4.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

----------------------------
Activescan report
----------------------------


Incident Status Location

Adware:adware/veevo Not disinfected Windows Registry
Adware:adware/comedy-planet Not disinfected Windows Registry
Adware:adware/popupdefence Not disinfected Windows Registry
Adware:adware/cws.searchmeup Not disinfected Windows Registry
Virus:W32/Sober.V.worm!CME-456 Disinfected Archive Folders\Deleted Items\FwD: mailing error\error-mail_info.zip[Winzipped-Text_Data.txt .exe]
Possible Virus. Not disinfected C:\GpDl\GpDl.exe
Virus:Trj/Deldir.A

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 7:49:09 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\CE\nmSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminator.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mvelopes....lopes/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {2312E3B2-D661-8687-BF09-A62785D25A3C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\kdpupd.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
O10 - Broken Internet access because of LSP provider 'cespy.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: downloads.emugp.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: qdvfipmqclqj (vjixegfi6) - Unknown owner - C:\WINDOWS\system32\qituegoy6.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

::Report end

-----------------------
Uninstall list generated by Hijackthis
-----------------------
Ad-Aware SE Personal
Adobe Reader 7.0.8
Adobe Reader 7.0.8
AOL Instant Messenger
AppCore
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AV
AVG Anti-Spyware 7.5
BCM Wireless Network Adapter
Bink and Smacker
ccCommon
Charting Companion for Family Tree Maker
Covenant Eyes
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Creative WebCam Live! Ultra User's Guide (English)
Dell AIO Printer A940
DivX
DivX Converter
DivX Player
DivX Web Player
EPSON Printer Software
e-Sword
Family Tree Maker 2006
Generic USB Card Reader Driver v2.2e
Google Earth
HijackThis 1.99.1
hp photosmart printer series (Remove only)
ImageMixer VCD/DVD2 for OLYMPUS
Internet Worm Protection
iPod for Windows 2006-01-10
iPodRip
iTunes
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment Standard Edition v1.3.1_02
Kaspersky Online Scanner
LiveUpdate 3.1 (Symantec Corporation)
Logitech MouseWare 9.76
Macromedia Shockwave Player
Messenger-Control plug-in for Ad-Aware SE
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional
Microsoft Outlook Personal Folders Backup
Microsoft Picture It! Photo Premium 9
Microsoft Works 7.0
Mozilla Firefox (1.5.0.8)
MSN
MSN Messenger 7.0
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
OLYMPUS Master
Panda ActiveScan
Picasa 2
PowerDVD
Project64 1.6
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Smart Link 56K Modem
Sony Sound Forge 7.0
SPBBC 32bit
Spyware Terminator
Symantec
Symantec Technical Support Web Controls
SymNet
Synaptics Pointing Device Driver
TntMPD
TntMPD
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Verizon Online
Verizon Online Support Center
VIA Rhine-Family Fast Ethernet Adapter
Windows Backup Utility
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver

::Report end

Edited by ccoandy, 20 November 2006 - 07:34 PM.

  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Apologies for your wait.

Do you still require assistance? If so, please post a fresh HJT log into this thread.

Thanks.
  • 0

#3
ccoandy

ccoandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
No problem. I figured response times might be down significantly during the holiday weekend. Here's a fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:31:31 AM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\CE\nmSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminator.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC04.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mvelopes....lopes/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {2312E3B2-D661-8687-BF09-A62785D25A3C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\kdpupd.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
O10 - Broken Internet access because of LSP provider 'cespy.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: downloads.emugp.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: qdvfipmqclqj (vjixegfi6) - Unknown owner - C:\WINDOWS\system32\qituegoy6.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Andy and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware and Trojans including two malicious DLL files altering your LSP chain which may cause a total loss of internet connectivity. Let’s see what we can do.

Firstly could you please disable SpywareTerminator from running during the fix, it may just hinder our attempts to change anything.

Please download LSPfix and save it to the Desktop and unzip it.

Run LSPfix and place a checkmark or tick against the I know what I am doing checkbox.

Highlight every instance of the following names and move them from the Keep to the Remove panel. Be sure to move nothing other than the files listed below!

nmnsp.dll
cespy.dll


When done, click on Finish to exit the programme; do not use the X in the top right-hand corner as nothing will happen!

Hopefully you can still access the internet.

Go to Start > Run and type or copy & paste this into the Run box:

sc delete vjixegfi6

Hit ENTER

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
AVG AntiSpyware
combofix.exe

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Please install, and update AVG Anti Spyware
  • Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close AVGas. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode
  • In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {2312E3B2-D661-8687-BF09-A62785D25A3C} - (no file)
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\kdpupd.dll (file missing)
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O15 - Trusted Zone: downloads.emugp.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O23 - Service: qdvfipmqclqj (vjixegfi6) - Unknown owner - C:\WINDOWS\system32\qituegoy6.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into normal mode.

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\System32\kdpupd.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck AVGas Anti-Spyware then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total).
  • 0

#5
ccoandy

ccoandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey,

Thanks for your quick diagnosis and suggestions. After downloading and running LSP-Fix, I noticed that the two DLL entries you would have me delete are associated with a program called Covenant Eyes. This is a program that I desire to have on my computer and I don't want to change or remove anything that will effect that program.

Would you mind modifying the instructions you gave me so that I don't cripple that program?

Much Thanks,

Andy
  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Andy

I can only advise you. If you look at your 010 entries in HJT, you will see both, although the latter is missing. If you're happy with them so be it; no problem. Please exclude the following from the fix.

Please download LSPfix and save it to the Desktop and unzip it.

Run LSPfix and place a checkmark or tick against the I know what I am doing checkbox.

Highlight every instance of the following names and move them from the Keep to the Remove panel. Be sure to move nothing other than the files listed below!

nmnsp.dll
cespy.dll

When done, click on Finish to exit the programme; do not use the X in the top right-hand corner as nothing will happen!


  • 0

#7
ccoandy

ccoandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi again,

I did everything you suggested and the three logs you requested are below. :whistling: A few notes first:

When I ran Killbot I received the following message:

PendingFileRenameOperations Registry Data has been Removed by External Process!

Also, and this is more of an FYI than anything else, it seems that CCleaner's interface has changed a bit from when you last updated your instructions. I was running version 1.35.424 and noticed that the tabs under in the cleaner are "Windows" (not system) and "Applications". Additionally, AVGas Anti-Spyware is listed under "Utilities" in the "Applications" tab. I was a bit confused and was looking for it under "Applications" in the "Applications" tab. I'm not trying to pick nits, but I thought that information might be helpful. :blink:

Here are the logs you requested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:20:28 PM 11/27/2006

+ Scan result:



C:\System Volume Information\_restore{C1811DDD-4447-407E-94BB-1862EAE864D1}\RP194\A0058184.dll -> Adware.SafeGuard : Cleaned.
C:\System Volume Information\_restore{C1811DDD-4447-407E-94BB-1862EAE864D1}\RP194\A0058185.dll -> Adware.SafeGuard : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.356:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.357:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l8hc781v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Owner - 06-11-27 20:48:29.75 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))


2006-11-27 20:45 <DIR> dr-h----- C:\Documents and Settings\Owner\Recent
2006-11-27 20:39 <DIR> d-------- C:\Program Files\CCleaner
2006-11-27 20:28 <DIR> d-------- C:\!KillBox
2006-11-27 12:24 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2006-11-20 14:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-20 12:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-20 12:08 <DIR> d-------- C:\Program Files\Grisoft
2006-11-20 03:06 <DIR> d-------- C:\89665522784694805ba7
2006-11-10 16:18 <DIR> d-------- C:\Program Files\RADVideo
2006-11-10 15:40 <DIR> d-------- C:\Program Files\iTunes
2006-11-10 15:35 <DIR> d-------- C:\Program Files\QuickTime
2006-11-10 15:34 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-10 14:34 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2006-11-10 14:33 <DIR> d-------- C:\Program Files\MSECACHE
2006-11-08 10:41 <DIR> d-------- C:\Program Files\Spyware Terminator
2006-11-08 10:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2006-11-08 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2006-11-08 09:19 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-06 20:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-06 20:57 <DIR> d-------- C:\Program Files\DIFX
2006-11-06 20:55 <DIR> d-------- C:\Binaries
2006-11-06 16:03 275,576 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-11-06 16:03 245,880 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-11-06 16:03 24,184 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-11-05 16:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2006-11-03 09:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Canon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-27 18:42 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-27 14:07 -------- d-------- C:\Documents and Settings\Owner\Application Data\CE
2006-11-27 12:24 -------- d-------- C:\Program Files\Common Files
2006-11-22 20:40 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-20 14:50 -------- d-------- C:\Program Files\Picasa2
2006-11-20 14:48 -------- d-------- C:\Program Files\Norton AntiVirus
2006-11-20 14:45 -------- d-------- C:\Program Files\Internet Explorer
2006-11-20 14:42 -------- d-------- C:\Program Files\CE
2006-11-17 16:51 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-17 16:51 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-17 16:51 -------- d-------- C:\Program Files\Symantec
2006-11-17 12:01 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-11-10 15:40 -------- d-------- C:\Program Files\iPod
2006-11-10 09:29 -------- d-------- C:\Program Files\aim
2006-11-08 12:22 -------- d-------- C:\Program Files\QUICKENW
2006-11-08 10:34 -------- d-------- C:\Program Files\Gabest
2006-11-08 10:31 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-08 10:30 4907 --a------ C:\Documents and Settings\Owner\Application Data\.googlewebacchosts
2006-11-08 10:28 -------- d-------- C:\Program Files\AviSynth 2.5
2006-11-08 10:26 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-08 10:26 -------- d-------- C:\Program Files\Adobe
2006-11-06 21:02 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-11-06 21:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2006-11-06 12:53 -------- d-------- C:\Program Files\SID
2006-10-13 08:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-13 08:30 -------- d-------- C:\Program Files\Pinnacle
2006-10-13 08:27 -------- d-------- C:\Program Files\Sony
2006-10-13 08:24 -------- d-------- C:\Program Files\PartyGaming
2006-10-13 08:10 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-13 08:09 -------- d-------- C:\Program Files\MasqueAIM
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 12:28 -------- d-------- C:\Program Files\HP
2006-10-12 11:29 -------- d-------- C:\Program Files\Avi2Dvd
2006-10-12 09:31 -------- d-------- C:\Program Files\Symantec Technical Support
2006-10-12 06:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2006-10-10 19:53 -------- d-------- C:\Program Files\e-Sword
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-08 12:15 95 --a------ C:\AUTOEXEC.BAT
2006-09-02 14:35 613056 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-09-02 14:35 239808 --a------ C:\WINDOWS\system32\SymRedir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Logitech Utility"="Logi_MwX.Exe"
"NMSVC"="C:\\Program Files\\CE\\nmSvc.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"VF0060 STISvc"="RunDLL32.exe V0060Pin.dll,RunDLL32EP 513"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e1,00,00,00,00,00,00,00,1f,04,00,00,01,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,02,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,40,01,00,00,35,00,00,00,1c,01,00,00,dc,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5b,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

Completion time: 06-11-27 20:49:38.25
C:\ComboFix.txt ... 06-11-27 20:49

Logfile of HijackThis v1.99.1
Scan saved at 8:50:43 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\CE\nmSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mvelopes....lopes/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - {2312E3B2-D661-8687-BF09-A62785D25A3C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nmnsp.dll
O10 - Broken Internet access because of LSP provider 'cespy.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

#8
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Andy

Thanks for the correction on Ccleaner; the author appears to update every couple of months and had changed a couple of things that I hadn't noticed.

The three logs look good. There are a couple of folders that need attention.

Please delete this one:

C:\Program Files\PartyGaming\

Please locate this one and report back on its content:

C:\89665522784694805ba7\

It looks a little like a Windows Update folder, but they normally start with a letter.

How's the PC running now?
  • 0

#9
ccoandy

ccoandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello again!

I deleted C:\Program Files\Party Gaming

The content of C:\89665522784694805ba7\ is a log titled "msxml4-KB927978-enu.log" There are no other hidden files or folders in that directory location. I copied the contents of the log and posted them below.

I unchecked some things like Quicktime, Olypmus, and other optional Applications from the Startup tab in MSCONFIG. I rebooted the computer just before this post and had no programs hang on shut down. When I logged in again. I was able to lauch a Firefox window after about one minute of lag from start up procedures.

Here are the contents of that log:

=== Verbose logging started: 11/20/2006 3:06:12 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI © (AC:6C) [03:06:12:859]: Resetting cached policy values
MSI © (AC:6C) [03:06:12:859]: Machine policy value 'Debug' is 0
MSI © (AC:6C) [03:06:12:859]: ******* RunEngine:
******* Product: c:\89665522784694805ba7\msxml.msi
******* Action:
******* CommandLine: **********
MSI © (AC:6C) [03:06:12:859]: Client-side and UI is none or basic: Running entire install on the server.
MSI © (AC:6C) [03:06:12:875]: Grabbed execution mutex.
MSI © (AC:6C) [03:06:12:984]: Cloaking enabled.
MSI © (AC:6C) [03:06:12:984]: Attempting to enable all disabled priveleges before calling Install on Server
MSI © (AC:6C) [03:06:12:984]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B4:BC) [03:06:13:093]: Grabbed execution mutex.
MSI (s) (B4:70) [03:06:13:093]: Resetting cached policy values
MSI (s) (B4:70) [03:06:13:093]: Machine policy value 'Debug' is 0
MSI (s) (B4:70) [03:06:13:093]: ******* RunEngine:
******* Product: c:\89665522784694805ba7\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (B4:70) [03:06:13:125]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B4:70) [03:06:13:125]: File will have security applied from OpCode.
MSI (s) (B4:70) [03:06:13:187]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\89665522784694805ba7\msxml.msi' against software restriction policy
MSI (s) (B4:70) [03:06:13:187]: SOFTWARE RESTRICTION POLICY: c:\89665522784694805ba7\msxml.msi has a digital signature
MSI (s) (B4:70) [03:06:14:859]: SOFTWARE RESTRICTION POLICY: c:\89665522784694805ba7\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (B4:70) [03:06:14:859]: End dialog not enabled
MSI (s) (B4:70) [03:06:14:859]: Original package ==> c:\89665522784694805ba7\msxml.msi
MSI (s) (B4:70) [03:06:14:859]: Package we're running from ==> c:\WINDOWS\Installer\42feb82.msi
MSI (s) (B4:70) [03:06:15:062]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (B4:70) [03:06:15:078]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (B4:70) [03:06:15:093]: MSCOREE not loaded loading copy from system32
MSI (s) (B4:70) [03:06:15:296]: Machine policy value 'TransformsSecure' is 0
MSI (s) (B4:70) [03:06:15:296]: User policy value 'TransformsAtSource' is 0
MSI (s) (B4:70) [03:06:15:296]: Machine policy value 'DisablePatch' is 0
MSI (s) (B4:70) [03:06:15:296]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (B4:70) [03:06:15:296]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (B4:70) [03:06:15:296]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (B4:70) [03:06:15:343]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (B4:70) [03:06:15:343]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (B4:70) [03:06:15:343]: Transforms are not secure.
MSI (s) (B4:70) [03:06:15:343]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\89665522784694805ba7 CLIENTUILEVEL=3 CLIENTPROCESSID=4012
MSI (s) (B4:70) [03:06:15:343]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (B4:70) [03:06:15:343]: Product Code passed to Engine.Initialize: ''
MSI (s) (B4:70) [03:06:15:343]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (B4:70) [03:06:15:343]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (B4:70) [03:06:15:343]: Product not registered: beginning first-time install
MSI (s) (B4:70) [03:06:15:343]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (B4:70) [03:06:15:343]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (B4:70) [03:06:15:343]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (B4:70) [03:06:15:343]: Adding new sources is allowed.
MSI (s) (B4:70) [03:06:15:343]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (B4:70) [03:06:15:343]: Package name extracted from package path: 'msxml.msi'
MSI (s) (B4:70) [03:06:15:343]: Package to be registered: 'msxml.msi'
MSI (s) (B4:70) [03:06:15:343]: Note: 1: 2729
MSI (s) (B4:70) [03:06:15:468]: Note: 1: 2729
MSI (s) (B4:70) [03:06:15:468]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (B4:70) [03:06:15:468]: Machine policy value 'DisableMsi' is 0
MSI (s) (B4:70) [03:06:15:468]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (B4:70) [03:06:15:468]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (B4:70) [03:06:15:468]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (B4:70) [03:06:15:468]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (B4:70) [03:06:15:468]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (B4:70) [03:06:15:468]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\89665522784694805ba7'.
MSI (s) (B4:70) [03:06:15:468]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (B4:70) [03:06:15:468]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4012'.
MSI (s) (B4:70) [03:06:15:468]: TRANSFORMS property is now:
MSI (s) (B4:70) [03:06:15:468]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (B4:70) [03:06:15:484]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (B4:70) [03:06:15:484]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (B4:70) [03:06:15:484]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (B4:70) [03:06:15:484]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (B4:70) [03:06:15:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (B4:70) [03:06:15:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (B4:70) [03:06:15:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (B4:70) [03:06:15:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (B4:70) [03:06:15:500]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (B4:70) [03:06:15:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (B4:70) [03:06:15:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (B4:70) [03:06:15:578]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (B4:70) [03:06:15:593]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (B4:70) [03:06:15:593]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (B4:70) [03:06:15:593]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (B4:70) [03:06:15:593]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (B4:70) [03:06:15:609]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools
MSI (s) (B4:70) [03:06:15:640]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (B4:70) [03:06:15:640]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (B4:70) [03:06:15:640]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (B4:70) [03:06:15:640]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (B4:70) [03:06:15:640]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (B4:70) [03:06:15:640]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (s) (B4:70) [03:06:15:640]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (B4:70) [03:06:15:640]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (B4:70) [03:06:15:640]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (B4:70) [03:06:15:640]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'owner'.
MSI (s) (B4:70) [03:06:15:640]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (B4:70) [03:06:15:640]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\42feb82.msi'.
MSI (s) (B4:70) [03:06:15:640]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\89665522784694805ba7\msxml.msi'.
MSI (s) (B4:70) [03:06:15:640]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (B4:70) [03:06:15:640]: Machine policy value 'DisableRollback' is 0
MSI (s) (B4:70) [03:06:15:640]: User policy value 'DisableRollback' is 0
MSI (s) (B4:70) [03:06:15:640]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 11/20/2006 3:06:15 ===
MSI (s) (B4:70) [03:06:15:640]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (B4:70) [03:06:15:640]: Doing action: INSTALL
MSI (s) (B4:70) [03:06:15:671]: Running ExecuteSequence
MSI (s) (B4:70) [03:06:15:671]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 3:06:15: INSTALL.
MSI (s) (B4:70) [03:06:15:671]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Desktop\'.
Action start 3:06:15: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (B4:70) [03:06:15:671]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 3:06:15: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (B4:70) [03:06:15:671]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'.
Action start 3:06:15: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (B4:70) [03:06:15:671]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 3:06:15: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (B4:70) [03:06:15:671]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 3:06:15: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (B4:70) [03:06:15:671]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 3:06:15: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:06:15: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (B4:70) [03:06:15:687]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 3:06:15: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 3:06:15: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (B4:70) [03:06:15:687]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 3:06:15: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:06:15: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (B4:70) [03:06:15:687]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 3:06:15: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 3:06:15: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (B4:70) [03:06:15:687]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 3:06:15: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:06:15: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (B4:70) [03:06:15:687]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB
Action ended 3:06:15: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:06:15: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
MSI (s) (B4:70) [03:06:15:687]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1
Action ended 3:06:15: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:06:15: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
MSI (s) (B4:70) [03:06:15:687]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7
Action ended 3:06:15: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.
MSI (s) (B4:70) [03:06:15:687]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:06:15: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
MSI (s) (B4:70) [03:06:15:687]: Doing action: LaunchConditions
Action ended 3:06:15: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.
Action start 3:06:15: LaunchConditions.
MSI (s) (B4:70) [03:06:15:687]: Doing action: FindRelatedProducts
Action ended 3:06:15: LaunchConditions. Return value 1.
Action start 3:06:15: FindRelatedProducts.
MSI (s) (B4:70) [03:06:15:687]: Doing action: AppSearch
Action ended 3:06:15: FindRelatedProducts. Return value 1.
Action start 3:06:15: AppSearch.
MSI (s) (B4:70) [03:06:15:687]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (B4:70) [03:06:15:718]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.
MSI (s) (B4:70) [03:06:15:718]: Skipping action: CCPSearch (condition is false)
MSI (s) (B4:70) [03:06:15:718]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (B4:70) [03:06:15:718]: Doing action: ValidateProductID
Action ended 3:06:15: AppSearch. Return value 1.
Action start 3:06:15: ValidateProductID.
MSI (s) (B4:70) [03:06:15:734]: Doing action: CostInitialize
Action ended 3:06:15: ValidateProductID. Return value 1.
MSI (s) (B4:70) [03:06:15:750]: Machine policy value 'MaxPatchCacheSize' is 10
Action start 3:06:15: CostInitialize.
MSI (s) (B4:70) [03:06:15:750]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.
MSI (s) (B4:70) [03:06:15:750]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (B4:70) [03:06:15:750]: Note: 1: 2205 2: 3: Patch
MSI (s) (B4:70) [03:06:15:750]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (B4:70) [03:06:15:750]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (B4:70) [03:06:15:750]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (B4:70) [03:06:15:750]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (B4:70) [03:06:15:750]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (B4:70) [03:06:15:750]: Doing action: FileCost
Action ended 3:06:15: CostInitialize. Return value 1.
MSI (s) (B4:70) [03:06:15:765]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 3:06:15: FileCost.
MSI (s) (B4:70) [03:06:15:765]: Doing action: CostFinalize
Action ended 3:06:15: FileCost. Return value 1.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (B4:70) [03:06:15:765]: Note: 1: 2205 2: 3: Patch
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Modifying CommonFilesFolder property. Its current value is 'C:\Program Files\Common Files\'. Its new value: 'c:\Program Files\Common Files\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\MSDN\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Modifying WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Modifying SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Modifying WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Modifying SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (B4:70) [03:06:15:765]: PROPERTY CHANGE: Adding WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying DesktopFolder property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files\'. Its new value: 'c:\Program Files\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding MSXML property. Its value is 'c:\Program Files\MSXML 4.0\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding INC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\inc\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding LIB.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\lib\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding DOC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\doc\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'. Its new value: 'c:\Documents and Settings\All Users\Start Menu\Programs\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Adding MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\'.
MSI (s) (B4:70) [03:06:15:796]: PROPERTY CHANGE: Modifying DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (B4:70) [03:06:15:796]: Target path resolution complete. Dumping Directory table...
MSI (s) (B4:70) [03:06:15:796]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: TARGETDIR , Object: c:\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WindowsFolder , Object: c:\WINDOWS\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: CommonFilesFolder , Object: c:\Program Files\Common Files\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\MSDN\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\WINDOWS\system32\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\WINDOWS\system32\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\WINDOWS\system32\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: DesktopFolder , Object: c:\Documents and Settings\All Users\Desktop\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: MSXML , Object: c:\Program Files\MSXML 4.0\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\inc\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\lib\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\doc\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\
MSI (s) (B4:70) [03:06:15:796]: Dir (target): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Desktop\
Action start 3:06:15: CostFinalize.
MSI (s) (B4:70) [03:06:16:031]: Doing action: SetODBCFolders
Action ended 3:06:16: CostFinalize. Return value 1.
MSI (s) (B4:70) [03:06:16:031]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (B4:70) [03:06:16:031]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCDriver`, `Component` WHERE `ODBCDriver`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
MSI (s) (B4:70) [03:06:16:031]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (B4:70) [03:06:16:031]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCTranslator`, `Component` WHERE `ODBCTranslator`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
Action start 3:06:16: SetODBCFolders.
MSI (s) (B4:70) [03:06:16:031]: Doing action: MigrateFeatureStates
Action ended 3:06:16: SetODBCFolders. Return value 0.
Action start 3:06:16: MigrateFeatureStates.
MSI (s) (B4:70) [03:06:16:031]: Doing action: InstallValidate
Action ended 3:06:16: MigrateFeatureStates. Return value 0.
MSI (s) (B4:70) [03:06:16:046]: Feature: MSXML; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Feature: MSXMLSYS; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Feature: MSXMLSUPP; Installed: Absent; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Feature: MSXMLSUPP2; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Feature: MSXMLSXS; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Feature: XMLSDK; Installed: Absent; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: RememberInstallFolder; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: QKBKEY; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: MSXML4_SystemRes.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: MSXML4_ANSI.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: WINHTTP50_COMPONENT.781A0624_31FF_4712_BFFD_31C829FFDBF1; Installed: Absent; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: PROXYCFG_COMPONENT.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB; Installed: Absent; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: XMLSDK_LIB.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: XMLSDK_INC.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC59; Installed: Absent; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: __uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: __uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: __uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: __QKBKEY65; Installed: Null; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: __MSXML4_System.246EB7AD_459A_4FA8_83D1_4165; Installed: Null; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: __downlevel_payload.7B2FCEFF_0F22_B7E1_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: __downlevel_manifest.7B2FCEFF_0F22_B7E1_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: __downlevel_payload.DA6654F6_456F_3658_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: __downlevel_manifest.DA6654F6_456F_3658_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: __downlevel_manifest.0E9F98FC_A692_A6DF_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (B4:70) [03:06:16:046]: Component: __CookDoc_dll.3FB7DAB3_19E7_40A0_8730_448265; Installed: Null; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Component: __XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596565; Installed: Null; Request: Null; Action: Null
MSI (s) (B4:70) [03:06:16:046]: Note: 1: 2205 2: 3: BindImage
MSI (s) (B4:70) [03:06:16:046]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (B4:70) [03:06:16:046]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:046]: Note: 1: 2205 2: 3: Font
Action start 3:06:16: InstallValidate.
MSI (s) (B4:70) [03:06:16:046]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2205 2: 3: BindImage
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2205 2: 3: Font
MSI (s) (B4:70) [03:06:16:140]: Note: 1: 2727 2:
MSI (s) (B4:70) [03:06:16:156]: Note: 1: 2727 2:
MSI (s) (B4:70) [03:06:16:156]: Doing action: InstallInitialize
Action ended 3:06:16: InstallValidate. Return value 1.
MSI (s) (B4:70) [03:06:16:156]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (B4:70) [03:06:16:156]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (B4:70) [03:06:16:156]: BeginTransaction: Locking Server
MSI (s) (B4:70) [03:06:16:156]: SRSetRestorePoint skipped for this transaction.
MSI (s) (B4:70) [03:06:16:156]: Server not locked: locking for product {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Action start 3:06:16: InstallInitialize.
MSI (s) (B4:70) [03:06:16:625]: Doing action: SxsInstallCA
Action ended 3:06:16: InstallInitialize. Return value 1.
MSI (s) (B4:FC) [03:06:16:656]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSICF.tmp, Entrypoint: CustomAction_SxsMsmInstall
MSI (s) (B4:0C) [03:06:16:656]: Generating random cookie.
MSI (s) (B4:0C) [03:06:16:656]: Created Custom Action Server with PID 3320 (0xCF8).
MSI (s) (B4:F8) [03:06:16:750]: Running as a service.
MSI (s) (B4:F8) [03:06:16:750]: Hello, I'm your 32bit Elevated custom action server.
Action start 3:06:16: SxsInstallCA.
1: sxsdelca 2: traceop 3: 1256 4: 0
1: sxsdelca 2: traceop 3: 1257 4: 0
1: sxsdelca 2: traceop 3: 1258 4: 0
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 1306 4: 0
1: sxsdelca 2: traceop 3: 1307 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 259
1: sxsdelca 2: SxsMsmInstall completed 3: 0 4: 0
MSI (s) (B4:70) [03:06:16:937]: Doing action: AllocateRegistrySpace
Action ended 3:06:16: SxsInstallCA. Return value 1.
Action start 3:06:16: AllocateRegistrySpace.
MSI (s) (B4:70) [03:06:16:937]: Doing action: ProcessComponents
Action ended 3:06:16: AllocateRegistrySpace. Return value 1.
MSI (s) (B4:70) [03:06:16:937]: Note: 1: 2205 2: 3: MsiPatchCertificate
MSI (s) (B4:70) [03:06:16:937]: LUA patching is disabled: missing MsiPatchCertificate table
MSI (s) (B4:70) [03:06:16:937]: Resolving source.
MSI (s) (B4:70) [03:06:16:937]: Resolving source to launched-from source.
MSI (s) (B4:70) [03:06:16:937]: Setting launched-from source as last-used.
MSI (s) (B4:70) [03:06:16:937]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\89665522784694805ba7\'.
MSI (s) (B4:70) [03:06:16:937]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\89665522784694805ba7\'.
MSI (s) (B4:70) [03:06:16:937]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (B4:70) [03:06:16:937]: SOURCEDIR ==> c:\89665522784694805ba7\
MSI (s) (B4:70) [03:06:16:937]: SOURCEDIR product ==> {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSI (s) (B4:70) [03:06:16:937]: Determining source type
MSI (s) (B4:70) [03:06:16:937]: Source type from package 'msxml.msi': 2
Action start 3:06:16: ProcessComponents.
MSI (s) (B4:70) [03:06:16:937]: Source path resolution complete. Dumping Directory table...
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: TARGETDIR , Object: c:\89665522784694805ba7\ , LongSubPath: , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WindowsFolder , Object: c:\89665522784694805ba7\ , LongSubPath: , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: CommonFilesFolder , Object: c:\89665522784694805ba7\ , LongSubPath: , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\89665522784694805ba7\ , LongSubPath: Microsoft Shared\ , ShortSubPath: MICROS~1\
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\89665522784694805ba7\ , LongSubPath: Microsoft Shared\MSDN\ , ShortSubPath: MICROS~1\MSDN\
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\k0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\h0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Policies\i0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\j0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\8n0mtfut.k85\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Policies\6n0mtfut.k85\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\5n0mtfut.k85\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\7n0mtfut.k85\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\wl34x2va.rt8\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Policies\ul34x2va.rt8\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\89665522784694805ba7\ , LongSubPath: Windows\winsxs\tl34x2va.rt8\ , ShortSubPath:
MSI (s) (B4:70) [03:06:16:937]: Dir (source): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\
  • 0

#10
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Andy

Thanks for the information.

You may safely delete this folder: C:\89665522784694805ba7\

Its content is a log of progress when installing a Windows Update and not needed.

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2006 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

Has that improved performance at all?
  • 0

#11
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP