The past couple of days I've been having problems with blank pop-ups on my computer. When I try to use task manager to close them (since right clicking on them won't let me), they keep popping right back up again. Also have had my windows, if I have two or three minimized, wanting to close on their own. I have ran Adaware and Spybot and let them fix what they found, and my AVG hasn't picked anything up at all. Any ideas or suggestions? Thanks! ~DeOnna
deonnanicole 5 Posting Whiz in Training
deonnanicole 5 Posting Whiz in Training
I also wanted to add that this has been coming up too:
Debug Assertion Failed
Program: C:\Program Files\Internet Explorer\iexplore.exe
File: dbgheap.C
Expression: _CrtIsValidHeapPointer(pUser Data)
Then it gives me the choices of abort, retry, or ignore.
gerbil 216 Industrious Poster
Blank popups combined with that error? Obviously the host malware is scripted poorly.
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-install it to a new folder alongside your program files and then... rename hijackthis .exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
deonnanicole 5 Posting Whiz in Training
Ok hopefully I will get done typing this before the window closes again. I thought everything was fine until I came here and the window keeps closing on its own. I will follow the instructions you gave me first thing in the morning and post again. Thanks so much! And sorry for the delay in responding. :)
deonnanicole 5 Posting Whiz in Training
Ok here are the logfiles.....CCleaner first:
=== Verbose logging started: 11/15/2006 22:08:21 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (FC:88) [22:08:21:046]: Resetting cached policy values
MSI (c) (FC:88) [22:08:21:046]: Machine policy value 'Debug' is 0
MSI (c) (FC:88) [22:08:21:046]: ******* RunEngine:
******* Product: c:\59eb719a0cb67cf60067\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (FC:88) [22:08:21:046]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (FC:88) [22:08:21:046]: Grabbed execution mutex.
MSI (c) (FC:88) [22:08:21:203]: Cloaking enabled.
MSI (c) (FC:88) [22:08:21:203]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (FC:88) [22:08:21:218]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (F0:C0) [22:08:21:234]: Grabbed execution mutex.
MSI (s) (F0:2C) [22:08:21:234]: Resetting cached policy values
MSI (s) (F0:2C) [22:08:21:234]: Machine policy value 'Debug' is 0
MSI (s) (F0:2C) [22:08:21:234]: ******* RunEngine:
******* Product: c:\59eb719a0cb67cf60067\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (F0:2C) [22:08:21:250]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (F0:2C) [22:08:21:281]: File will have security applied from OpCode.
MSI (s) (F0:2C) [22:08:21:359]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\59eb719a0cb67cf60067\msxml.msi' against software restriction policy
MSI (s) (F0:2C) [22:08:21:359]: SOFTWARE RESTRICTION POLICY: c:\59eb719a0cb67cf60067\msxml.msi has a digital signature
MSI (s) (F0:2C) [22:08:22:046]: SOFTWARE RESTRICTION POLICY: c:\59eb719a0cb67cf60067\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (F0:2C) [22:08:22:046]: End dialog not enabled
MSI (s) (F0:2C) [22:08:22:046]: Original package ==> c:\59eb719a0cb67cf60067\msxml.msi
MSI (s) (F0:2C) [22:08:22:046]: Package we're running from ==> c:\WINDOWS\Installer\1459a2f.msi
MSI (s) (F0:2C) [22:08:22:078]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F0:2C) [22:08:22:078]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F0:2C) [22:08:22:093]: MSCOREE not loaded loading copy from system32
MSI (s) (F0:2C) [22:08:22:109]: Machine policy value 'TransformsSecure' is 0
MSI (s) (F0:2C) [22:08:22:109]: User policy value 'TransformsAtSource' is 0
MSI (s) (F0:2C) [22:08:22:109]: Machine policy value 'DisablePatch' is 0
MSI (s) (F0:2C) [22:08:22:109]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (F0:2C) [22:08:22:109]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (F0:2C) [22:08:22:109]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (F0:2C) [22:08:22:109]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F0:2C) [22:08:22:109]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F0:2C) [22:08:22:109]: Transforms are not secure.
MSI (s) (F0:2C) [22:08:22:109]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\59eb719a0cb67cf60067 CLIENTUILEVEL=3 CLIENTPROCESSID=3324
MSI (s) (F0:2C) [22:08:22:109]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (F0:2C) [22:08:22:109]: Product Code passed to Engine.Initialize: ''
MSI (s) (F0:2C) [22:08:22:109]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (F0:2C) [22:08:22:109]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (F0:2C) [22:08:22:109]: Product not registered: beginning first-time install
MSI (s) (F0:2C) [22:08:22:109]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (F0:2C) [22:08:22:109]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (F0:2C) [22:08:22:109]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (F0:2C) [22:08:22:109]: Adding new sources is allowed.
MSI (s) (F0:2C) [22:08:22:109]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (F0:2C) [22:08:22:109]: Package name extracted from package path: 'msxml.msi'
MSI (s) (F0:2C) [22:08:22:109]: Package to be registered: 'msxml.msi'
MSI (s) (F0:2C) [22:08:22:109]: Note: 1: 2729
MSI (s) (F0:2C) [22:08:22:125]: Note: 1: 2729
MSI (s) (F0:2C) [22:08:22:125]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (F0:2C) [22:08:22:125]: Machine policy value 'DisableMsi' is 0
MSI (s) (F0:2C) [22:08:22:125]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:2C) [22:08:22:125]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:2C) [22:08:22:125]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (F0:2C) [22:08:22:125]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (F0:2C) [22:08:22:125]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (F0:2C) [22:08:22:125]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\59eb719a0cb67cf60067'.
MSI (s) (F0:2C) [22:08:22:125]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (F0:2C) [22:08:22:125]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '3324'.
MSI (s) (F0:2C) [22:08:22:125]: TRANSFORMS property is now:
MSI (s) (F0:2C) [22:08:22:125]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (F0:2C) [22:08:22:125]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (F0:2C) [22:08:22:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (F0:2C) [22:08:22:171]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (F0:2C) [22:08:22:171]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (F0:2C) [22:08:22:171]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (F0:2C) [22:08:22:171]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (F0:2C) [22:08:22:171]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (F0:2C) [22:08:22:171]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools
MSI (s) (F0:2C) [22:08:22:203]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (F0:2C) [22:08:22:203]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (F0:2C) [22:08:22:203]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (F0:2C) [22:08:22:203]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (F0:2C) [22:08:22:203]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (F0:2C) [22:08:22:203]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (s) (F0:2C) [22:08:22:218]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (F0:2C) [22:08:22:218]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (F0:2C) [22:08:22:218]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (F0:2C) [22:08:22:218]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'DEONNA WALKER'.
MSI (s) (F0:2C) [22:08:22:218]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (F0:2C) [22:08:22:218]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\1459a2f.msi'.
MSI (s) (F0:2C) [22:08:22:218]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\59eb719a0cb67cf60067\msxml.msi'.
MSI (s) (F0:2C) [22:08:22:218]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (F0:2C) [22:08:22:218]: Machine policy value 'DisableRollback' is 0
MSI (s) (F0:2C) [22:08:22:218]: User policy value 'DisableRollback' is 0
MSI (s) (F0:2C) [22:08:22:218]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 11/15/2006 22:08:22 ===
MSI (s) (F0:2C) [22:08:22:218]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (F0:2C) [22:08:22:218]: Doing action: INSTALL
MSI (s) (F0:2C) [22:08:22:218]: Running ExecuteSequence
MSI (s) (F0:2C) [22:08:22:218]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 22:08:22: INSTALL.
MSI (s) (F0:2C) [22:08:22:234]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Desktop\'.
Action start 22:08:22: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (F0:2C) [22:08:22:234]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 22:08:22: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (F0:2C) [22:08:22:234]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'.
Action start 22:08:22: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (F0:2C) [22:08:22:234]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 22:08:22: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (F0:2C) [22:08:22:234]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 22:08:22: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (F0:2C) [22:08:22:234]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 22:08:22: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F0:2C) [22:08:22:234]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 22:08:22: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (F0:2C) [22:08:22:234]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 22:08:22: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F0:2C) [22:08:22:234]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 22:08:22: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (F0:2C) [22:08:22:250]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 22:08:22: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F0:2C) [22:08:22:250]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 22:08:22: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (F0:2C) [22:08:22:250]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 22:08:22: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F0:2C) [22:08:22:250]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 22:08:22: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (F0:2C) [22:08:22:250]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 22:08:22: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F0:2C) [22:08:22:250]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 22:08:22: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (F0:2C) [22:08:22:250]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB
Action ended 22:08:22: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F0:2C) [22:08:22:250]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\WINDOWS\system32\'.
Action start 22:08:22: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
MSI (s) (F0:2C) [22:08:22:250]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1
Action ended 22:08:22: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.
MSI (s) (F0:2C) [22:08:22:265]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\WINDOWS\system32\'.
Action start 22:08:22: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
MSI (s) (F0:2C) [22:08:22:265]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7
Action ended 22:08:22: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.
MSI (s) (F0:2C) [22:08:22:265]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\WINDOWS\system32\'.
Action start 22:08:22: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
MSI (s) (F0:2C) [22:08:22:265]: Doing action: LaunchConditions
Action ended 22:08:22: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.
Action start 22:08:22: LaunchConditions.
MSI (s) (F0:2C) [22:08:22:265]: Doing action: FindRelatedProducts
Action ended 22:08:22: LaunchConditions. Return value 1.
Action start 22:08:22: FindRelatedProducts.
MSI (s) (F0:2C) [22:08:22:265]: Doing action: AppSearch
Action ended 22:08:22: FindRelatedProducts. Return value 1.
Action start 22:08:22: AppSearch.
MSI (s) (F0:2C) [22:08:22:265]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (F0:2C) [22:08:22:265]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.
MSI (s) (F0:2C) [22:08:22:265]: Skipping action: CCPSearch (condition is false)
MSI (s) (F0:2C) [22:08:22:265]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (F0:2C) [22:08:22:265]: Doing action: ValidateProductID
Action ended 22:08:22: AppSearch. Return value 1.
Action start 22:08:22: ValidateProductID.
MSI (s) (F0:2C) [22:08:22:281]: Doing action: CostInitialize
Action ended 22:08:22: ValidateProductID. Return value 1.
MSI (s) (F0:2C) [22:08:22:281]: Machine policy value 'MaxPatchCacheSize' is 10
Action start 22:08:22: CostInitialize.
MSI (s) (F0:2C) [22:08:22:296]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.
MSI (s) (F0:2C) [22:08:22:296]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2205 2: 3: Patch
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (F0:2C) [22:08:22:296]: Doing action: FileCost
Action ended 22:08:22: CostInitialize. Return value 1.
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 22:08:22: FileCost.
MSI (s) (F0:2C) [22:08:22:296]: Doing action: CostFinalize
Action ended 22:08:22: FileCost. Return value 1.
MSI (s) (F0:2C) [22:08:22:296]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (F0:2C) [22:08:22:296]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (F0:2C) [22:08:22:296]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (F0:2C) [22:08:22:296]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (F0:2C) [22:08:22:296]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (F0:2C) [22:08:22:296]: Note: 1: 2205 2: 3: Patch
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying CommonFilesFolder property. Its current value is 'C:\Program Files\Common Files\'. Its new value: 'c:\Program Files\Common Files\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\MSDN\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying DesktopFolder property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files\'. Its new value: 'c:\Program Files\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding MSXML property. Its value is 'c:\Program Files\MSXML 4.0\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding INC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\inc\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding LIB.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\lib\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding DOC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\doc\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'. Its new value: 'c:\Documents and Settings\All Users\Start Menu\Programs\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Adding MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\'.
MSI (s) (F0:2C) [22:08:22:312]: PROPERTY CHANGE: Modifying DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (F0:2C) [22:08:22:312]: Target path resolution complete. Dumping Directory table...
MSI (s) (F0:2C) [22:08:22:312]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: TARGETDIR , Object: c:\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WindowsFolder , Object: c:\WINDOWS\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: CommonFilesFolder , Object: c:\Program Files\Common Files\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\MSDN\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\WINDOWS\system32\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\WINDOWS\system32\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\WINDOWS\system32\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: DesktopFolder , Object: c:\Documents and Settings\All Users\Desktop\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: MSXML , Object: c:\Program Files\MSXML 4.0\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\inc\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\lib\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\doc\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\
MSI (s) (F0:2C) [22:08:22:312]: Dir (target): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Desktop\
Action start 22:08:22: CostFinalize.
MSI (s) (F0:2C) [22:08:22:328]: Doing action: SetODBCFolders
Action ended 22:08:22: CostFinalize. Return value 1.
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCDriver`, `Component` WHERE `ODBCDriver`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCTranslator`, `Component` WHERE `ODBCTranslator`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
Action start 22:08:22: SetODBCFolders.
MSI (s) (F0:2C) [22:08:22:328]: Doing action: MigrateFeatureStates
Action ended 22:08:22: SetODBCFolders. Return value 0.
Action start 22:08:22: MigrateFeatureStates.
MSI (s) (F0:2C) [22:08:22:328]: Doing action: InstallValidate
Action ended 22:08:22: MigrateFeatureStates. Return value 0.
MSI (s) (F0:2C) [22:08:22:328]: Feature: MSXML; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Feature: MSXMLSYS; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Feature: MSXMLSUPP; Installed: Absent; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Feature: MSXMLSUPP2; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Feature: MSXMLSXS; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Feature: XMLSDK; Installed: Absent; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: RememberInstallFolder; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: QKBKEY; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: MSXML4_SystemRes.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: MSXML4_ANSI.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: WINHTTP50_COMPONENT.781A0624_31FF_4712_BFFD_31C829FFDBF1; Installed: Absent; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: PROXYCFG_COMPONENT.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB; Installed: Absent; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: XMLSDK_LIB.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: XMLSDK_INC.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC59; Installed: Absent; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: __uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: __uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: __uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: __QKBKEY65; Installed: Null; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: __MSXML4_System.246EB7AD_459A_4FA8_83D1_4165; Installed: Null; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: __downlevel_payload.7B2FCEFF_0F22_B7E1_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: __downlevel_manifest.7B2FCEFF_0F22_B7E1_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: __downlevel_payload.DA6654F6_456F_3658_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: __downlevel_manifest.DA6654F6_456F_3658_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: __downlevel_manifest.0E9F98FC_A692_A6DF_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (F0:2C) [22:08:22:328]: Component: __CookDoc_dll.3FB7DAB3_19E7_40A0_8730_448265; Installed: Null; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Component: __XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596565; Installed: Null; Request: Null; Action: Null
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2205 2: 3: BindImage
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2205 2: 3: Font
Action start 22:08:22: InstallValidate.
MSI (s) (F0:2C) [22:08:22:328]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2205 2: 3: BindImage
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2205 2: 3: Font
MSI (s) (F0:2C) [22:08:22:453]: Note: 1: 2727 2:
MSI (s) (F0:2C) [22:08:22:468]: Note: 1: 2727 2:
MSI (s) (F0:2C) [22:08:22:468]: Doing action: InstallInitialize
Action ended 22:08:22: InstallValidate. Return value 1.
MSI (s) (F0:2C) [22:08:22:468]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:2C) [22:08:22:468]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:2C) [22:08:22:468]: BeginTransaction: Locking Server
MSI (s) (F0:2C) [22:08:22:468]: SRSetRestorePoint skipped for this transaction.
MSI (s) (F0:2C) [22:08:22:468]: Server not locked: locking for product {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Action start 22:08:22: InstallInitialize.
MSI (s) (F0:2C) [22:08:23:062]: Doing action: SxsInstallCA
Action ended 22:08:23: InstallInitialize. Return value 1.
MSI (s) (F0:54) [22:08:23:078]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI1B2.tmp, Entrypoint: CustomAction_SxsMsmInstall
MSI (s) (F0:60) [22:08:23:078]: Generating random cookie.
MSI (s) (F0:60) [22:08:23:093]: Created Custom Action Server with PID 1244 (0x4DC).
MSI (s) (F0:94) [22:08:23:218]: Running as a service.
MSI (s) (F0:74) [22:08:23:218]: Hello, I'm your 32bit Elevated custom action server.
Action start 22:08:23: SxsInstallCA.
1: sxsdelca 2: traceop 3: 1256 4: 0
1: sxsdelca 2: traceop 3: 1257 4: 0
1: sxsdelca 2: traceop 3: 1258 4: 0
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 1306 4: 0
1: sxsdelca 2: traceop 3: 1307 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 259
1: sxsdelca 2: SxsMsmInstall completed 3: 0 4: 0
MSI (s) (F0:2C) [22:08:23:671]: Doing action: AllocateRegistrySpace
Action ended 22:08:23: SxsInstallCA. Return value 1.
Action start 22:08:23: AllocateRegistrySpace.
MSI (s) (F0:2C) [22:08:23:671]: Doing action: ProcessComponents
Action ended 22:08:23: AllocateRegistrySpace. Return value 1.
MSI (s) (F0:2C) [22:08:23:687]: Note: 1: 2205 2: 3: MsiPatchCertificate
MSI (s) (F0:2C) [22:08:23:687]: LUA patching is disabled: missing MsiPatchCertificate table
MSI (s) (F0:2C) [22:08:23:687]: Resolving source.
MSI (s) (F0:2C) [22:08:23:687]: Resolving source to launched-from source.
MSI (s) (F0:2C) [22:08:23:687]: Setting launched-from source as last-used.
MSI (s) (F0:2C) [22:08:23:687]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\59eb719a0cb67cf60067\'.
MSI (s) (F0:2C) [22:08:23:687]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\59eb719a0cb67cf60067\'.
MSI (s) (F0:2C) [22:08:23:687]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F0:2C) [22:08:23:687]: SOURCEDIR ==> c:\59eb719a0cb67cf60067\
MSI (s) (F0:2C) [22:08:23:687]: SOURCEDIR product ==> {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSI (s) (F0:2C) [22:08:23:687]: Determining source type
MSI (s) (F0:2C) [22:08:23:687]: Source type from package 'msxml.msi': 2
Action start 22:08:23: ProcessComponents.
MSI (s) (F0:2C) [22:08:23:687]: Source path resolution complete. Dumping Directory table...
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: TARGETDIR , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WindowsFolder , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: CommonFilesFolder , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Microsoft Shared\ , ShortSubPath: MICROS~1\
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Microsoft Shared\MSDN\ , ShortSubPath: MICROS~1\MSDN\
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\k0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\h0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Policies\i0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\j0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\8n0mtfut.k85\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Policies\6n0mtfut.k85\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\5n0mtfut.k85\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\7n0mtfut.k85\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\wl34x2va.rt8\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Policies\ul34x2va.rt8\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\tl34x2va.rt8\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: Windows\winsxs\vl34x2va.rt8\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: System\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: DesktopFolder , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: ProgramFilesFolder , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: MSXML , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: redist\inc\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: redist\lib\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: redist\doc\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: redist\MSXML 4.0\ , ShortSubPath: redist\MSXML4\
MSI (s) (F0:2C) [22:08:23:687]: Dir (source): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\59eb719a0cb67cf60067\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (F0:2C) [22:08:23:703]: Doing action: UnpublishComponents
Action ended 22:08:23: ProcessComponents. Return value 1.
MSI (s) (F0:2C) [22:08:23:703]: Note: 1: 2262 2: PublishComponent 3: -2147287038
Action start 22:08:23: UnpublishComponents.
MSI (s) (F0:2C) [22:08:23:703]: Doing action: MsiUnpublishAssemblies
Action ended 22:08:23: UnpublishComponents. Return value 1.
Action start 22:08:23: MsiUnpublishAssemblies.
MSI (s) (F0:2C) [22:08:23:703]: Doing action: UnpublishFeatures
Action ended 22:08:23: MsiUnpublishAssemblies. Return value 1.
Action start 22:08:23: UnpublishFeatures.
MSI (s) (F0:2C) [22:08:23:703]: Doing action: StopServices
Action ended 22:08:23: UnpublishFeatures. Return value 1.
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 22:08:23: StopServices.
MSI (s) (F0:2C) [22:08:23:718]: Doing action: DeleteServices
Action ended 22:08:23: StopServices. Return value 1.
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 22:08:23: DeleteServices.
MSI (s) (F0:2C) [22:08:23:718]: Doing action: UnregisterComPlus
Action ended 22:08:23: DeleteServices. Return value 1.
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: Complus
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND `Action` = 0
Action start 22:08:23: UnregisterComPlus.
MSI (s) (F0:2C) [22:08:23:718]: Doing action: SelfUnregModules
Action ended 22:08:23: UnregisterComPlus. Return value 0.
Action start 22:08:23: SelfUnregModules.
MSI (s) (F0:2C) [22:08:23:718]: Doing action: UnregisterTypeLibraries
Action ended 22:08:23: SelfUnregModules. Return value 1.
Action start 22:08:23: UnregisterTypeLibraries.
MSI (s) (F0:2C) [22:08:23:718]: Doing action: RemoveODBC
Action ended 22:08:23: UnregisterTypeLibraries. Return value 1.
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2711 2: ODBCDriverManager
Action start 22:08:23: RemoveODBC.
MSI (s) (F0:2C) [22:08:23:718]: Note: 1: 2711 2: ODBCDriverManager64
MSI (s) (F0:2C) [22:08:23:718]: Doing action: UnregisterFonts
Action ended 22:08:23: RemoveODBC. Return value 1.
MSI (s) (F0:2C) [22:08:23:734]: Note: 1: 2205 2: 3: Font
MSI (s) (F0:2C) [22:08:23:734]: Note: 1: 2228 2: 3: Font 4: SELECT `FontTitle`, `FileName`, `Directory_`, `Installed`From `Font`, `FileAction` Where `Font`.`File_` = `FileAction`.`File` And `FileAction`.`Action` = 0 ORDER BY `FileAction`.`Directory_`
Action start 22:08:23: UnregisterFonts.
MSI (s) (F0:2C) [22:08:23:734]: Doing action: RemoveRegistryValues
Action ended 22:08:23: UnregisterFonts. Return value 1.
Action start 22:08:23: RemoveRegistryValues.
MSI (s) (F0:2C) [22:08:23:734]: Doing action: UnregisterClassInfo
Action ended 22:08:23: RemoveRegistryValues. Return value 1.
Action start 22:08:23: UnregisterClassInfo.
MSI (s) (F0:2C) [22:08:23:734]: Doing action: UnregisterExtensionInfo
Action ended 22:08:23: UnregisterClassInfo. Return value 1.
MSI (s) (F0:2C) [22:08:23:734]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 22:08:23: UnregisterExtensionInfo.
MSI (s) (F0:2C) [22:08:23:734]: Doing action: UnregisterProgIdInfo
Action ended 22:08:23: UnregisterExtensionInfo. Return value 1.
MSI (s) (F0:2C) [22:08:23:734]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 22:08:23: UnregisterProgIdInfo.
MSI (s) (F0:2C) [22:08:23:734]: Doing action: UnregisterMIMEInfo
Action ended 22:08:23: UnregisterProgIdInfo. Return value 1.
MSI (s) (F0:2C) [22:08:23:734]: Note: 1: 2262 2: MIME 3: -2147287038
MSI (s) (F0:2C) [22:08:23:734]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 22:08:23: UnregisterMIMEInfo.
MSI (s) (F0:2C) [22:08:23:734]: Doing action: RemoveIniValues
Action ended 22:08:23: UnregisterMIMEInfo. Return value 1.
MSI (s) (F0:2C) [22:08:23:750]: Note: 1: 2205 2: 3: IniFile
MSI (s) (F0:2C) [22:08:23:750]: Note: 1: 2228 2: 3: IniFile 4: SELEC
Edited by happygeek because: fixed formatting
gerbil 216 Industrious Poster
Aw, heck.. :o
Crunchie, give deonnanicole an elephant stamp for posting the first installer log... and then delete it, maybe?
Deonna, there is no CCleaner log that I am interested in, you just run it to clean [if you use FF be sure to visit Applications tab and ensure Mozilla cookies box is checked]..... but I would have liked to see the AVG AS log.....
If you have not already run it, please run it now.
You have a trojan downloader that has replaced many of your system files with infected copies, so next...
==Please dl this file from http://noahdfear.geekstogo.com/FindAWF.exe -to your desktop, perhaps.
-option 1: dclick the .exe to start the program, select option 1 to start the process. Please post the contents of the notepad that opens.
deonnanicole 5 Posting Whiz in Training
So sorry...lol. For some reason I thought it was the AVG anti-spyware that I had posted. Oops. :S Off to follow the last of your instructions and I will post that log here when done. Thanks again.
DeOnna
deonnanicole 5 Posting Whiz in Training
Here you go...
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Thu 10/25/2007
The current time is: 8:31:59.84
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
27660 Oct 3 2007 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
27660 Oct 3 2007 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
27660 Oct 3 2007 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
27660 Oct 3 2007 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
27660 Oct 3 2007 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
27660 Oct 3 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
27660 Oct 3 2007 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
27660 Oct 3 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
27660 Oct 3 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
27660 Oct 3 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
27660 Oct 3 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
27660 Oct 3 2007 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
gerbil 216 Industrious Poster
Okay, deonna... you have no AVG AS log for me?
Firstly I want you to go to CP, add/remove pgms and uninstall all old versions of java [keep only 1.6.0.2], then go to C:\Program Files and delete all these folders and their contents if they exist:
C:\Program Files\Java\jre1.5.0_06
C:\Program Files\Java\jre1.5.0_10
C:\Program Files\Java\jre1.5.0_09
C:\Program Files\Java\jre1.5.0_11
C:\Program Files\Java\jre1.6.0_01
Okay, next:
-option 2, FindAWF: dclick the .exe to start the program, select to restore files, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
deonnanicole 5 Posting Whiz in Training
First, the AVG log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:51:06 AM 10/25/2007
+ Scan result:
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP408\A0042404.exe -> Hijacker.Small : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
::Report end
Here is the other logfile you wanted:
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Thu 10/25/2007
The current time is: 11:00:17.53
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
I followed your other instructions also about deleting the folders and programs.
~DeOnna
Edited by happygeek because: fixed formatting
gerbil 216 Industrious Poster
DeOnna, for some reason [not your fault, it's the trojan...] that operation did not fully work, so please repeat option2 with the same block of entries [repeated below]
[We are trying to copy the original files back into their proper locations, overwriting the affected files.]
So:
-option 2, FindAWF: dclick the .exe to start the program, select to restore files, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
deonnanicole commented: Great help, with easy to read instructions...thanks so much!! :) +4
deonnanicole 5 Posting Whiz in Training
Here you go.....
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 8:43:31.29
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
gerbil 216 Industrious Poster
DeOnna, try option 2 again with just these two:
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
deonnanicole 5 Posting Whiz in Training
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 9:37:44.73
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
gerbil 216 Industrious Poster
Nope, it is failing on those two again. So we'll try it the brute force way.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixawf.bat, as type "all files", to your desktop; dclick it to run.
__________________________________________________________
if exist "C:\WINDOWS\ehome\ehtray.exe" del /q "C:\WINDOWS\ehome\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\ehome"
if exist "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe" del /q "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\$NtUninstallKB908246$"
del /q "C:\WINDOWS\ehome\bak\ehtray.exe"
if exist "C:\Program Files\Picasa2\PicasaMediaDetector.exe" del /q "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
copy "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe" "C:\Program Files\Picasa2"
del /q "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
__________________________________________________________
Finally run option 1 again so that I may check the replacements.
gerbil 216 Industrious Poster
Grinning here... that't the final edit. Run it.
And it's bedtime for me now.
deonnanicole 5 Posting Whiz in Training
Ok, when I do that and double click on it, it opens for just a second and then closes again.....am I doing something wrong? Thanks again!
DeOnna
deonnanicole 5 Posting Whiz in Training
Here is what I got after doing that, and running option one again.
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Fri 10/26/2007
The current time is: 10:40:34.32
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
gerbil 216 Industrious Poster
Sorry, DeOnna, I should have mentioned that, yes, all you would see is a brief flick of a black window. It did its job [if you did, trying it more than once would not have hurt].
So now all the good files are copied back into their original directories, replacing the infected copies. This next step deletes the copy folders:
-option 3, FindAWF: start the program again, select to remove bak folders, into the text file that opens paste all the text between the lines:
_____________________________________________________________
C:\Program Files\HP DigitalMedia Archive\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
Then, if and only if these two sections of the report are empty...:
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
...go ahead and run option 4 next -this will reset your restricted and trusted sites in IE, tools, internet options, security. If you have added trusted sites you will have to re-enter them afterward [for an extra level of security I keep the https box checked here]. That is up to your judgement.
If you use SpywareBlaster, IE-SpyAd, Spybot etc you will need to re-enable their restrictions afterwards.
Say how things are and post a fresh hijackthis log.
Cheers.
deonnanicole 5 Posting Whiz in Training
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Fri 10/26/2007
The current time is: 21:48:04.53
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
As you can see, no files found. I am going to run the last option now, and post a hijackthis log either tonight or tomorrow morning if I have time before family from out of town gets here. If not, I will post it tomorrow night. Thanks!
deonnanicole 5 Posting Whiz in Training
Here is the hijackthis log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:43 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\avgantispy\hijackthis\imabunny.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176386419203
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 12711 bytes
gerbil 216 Industrious Poster
That looks like a clean log, DeOnna. To tidy up you could fix this entry with hijackthis:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
You can simply delete these folders manually [ I filled in where the replacement chars were]:
C:\PROGRAm files\MSNMESsenger\BAK
C:\PROGRAm files\PICASA2\BAK
C:\WINDOWS\EHOME\BAK
C:\PROGRAm files\YAHOO!\MESSENger\BAK
And that should be it. Is the sys working well now?
[feed em well, they expect it]
deonnanicole 5 Posting Whiz in Training
So far the little bit that I've been on the computer today, it's worked fine. The only thing I couldn't do in your past post was delete this: C:\WINDOWS\EHOME\BAK I couldn't find it. Everything else I did. I'll see how things go over the next day or two, and if all is well we can mark this as solved. Thanks so much for the help! :)
gerbil 216 Industrious Poster
C:\WINDOWS\EHOME\BAK -yep, I was surprised that that one showed up in the last FindAWF list....
Now go play with your visitors.
Cheers.
deonnanicole 5 Posting Whiz in Training
Ok I haven't been in and deleted that last thing, but last night when I was logging off, that debug error came up again. :( I'm not having anymore popups, but still that error. Any ideas?
gerbil 216 Industrious Poster
DeOnna, we deleted that Ehome bak folder with that lil batch file I sent you - that's why I was surprised that FindAWF put it up again.....it is why you could not find it.
Next problem: this entry can be fixed with hijackthis :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
I would consider uninstalling all that Yahoo stuff - you have heaps of it, it adds on to IE and sometimes those addons cause problems. If it solves your error, fine, if not, feel free to reload it.
Uninstall from Add/Remove pgms, then check your hijackthis log for yahoo entries and fix all that remain[easy way to scan is wordsearch the notepad log].
Then if you still have the problem remove thse two:
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
-they are not intrinsically bad, but you may go better without them.... or not.
Finally, or firstly, go Start, run and paste in:
sfc /scannow ..and OK. You will likely need your installation CD.
deonnanicole 5 Posting Whiz in Training
Ok, I did as you suggested in the last post, with the exception of the sfc/scannow thing. I have been bad and never created my recovery discs like I was supposed to. One of those things where I kept saying I was going to and never did. :( Creating them now would be useless, correct, since I am having PC problems?
gerbil 216 Industrious Poster
Possibly.... :)
Try to borrow someone's XP installation disk... ud need an SP2 one. You could burn a copy too.
deonnanicole 5 Posting Whiz in Training
Hmmm....ok. At the moment I don't really know of anyone who has one I can easily get my hands on, but I'll see what I can do. It's strange how that debug error only comes up on certain sites, like Daniweb.
gerbil 216 Industrious Poster
You could try this, it won't break anything:
Go to Start > Run and then cutnpaste the following 2 lines, one then the other; you need to press OK after each DLL file is re-registered.
---- LINE 1
regsvr32 urlmon.dll mshtml.dll shdocvw.dll browseui.dll jscript.dll vbscript.dll scrrun.dll msxml.dll actxprxy.dll softpub.dll wintrust.dll dssenh.dll
---- LINE 2
regsvr32 rsaenh.dll gpkcsp.dll sccbase.dll slbcsp.dll cryptdlg.dll oleaut32.dll ole32.dll shell32.dll msjava.dll hlink.dll Schannel.dll Rsabase.dll initpki.dll
Do not worry if some of these do not run or are not found. It simply means that particular dll does not apply to your version or system configuration.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.