Smitfraud Trojan [Archive] - Safer-Networking Forums

cunxray

2008-07-11, 05:25

Here is my HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:07 PM, on 7/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Users\Ken\AppData\Local\Temp\NetClient\NetDirect.exe
C:\Users\Ken\AppData\Local\Temp\NetClient\netwatch.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ken\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA715] command /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7581] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [NetDirectWiper] C:\Users\Ken\AppData\Local\Temp\\NetClient\NetDirectWiper.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7692] command /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD82] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=e26fff4e2ac37364ba85f16cde31bff0&url=http%3A%2F%2Fd.64.69.12.43.downloads.estara.com.%2Fas%2FOneCCDM.php&template=1178&sessionid=951626904_64.69.12.43_47023&=&req=1210299706470OneCC.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://209.149.177.89/nortel_cacheable/NetDirect.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://209.149.177.89/nortel_cacheable/iewiper.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9978 bytes

Thanks in advance for your help.

pskelley

2008-07-12, 21:28

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Please do not start multiple topic, stay with the first one you open. I will remove this one:
http://forums.spybot.info/showthread.php?t=30812

Ken, you are infected, start first with the position of HJT:
C:\Users\Ken\Desktop\HiJackThis.exe <<< delete this copy completely, directions will follow.

1) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

2) Directions for HJT:
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

Thanks

cunxray

2008-07-13, 03:16

here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:43 PM, on 7/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=e26fff4e2ac37364ba85f16cde31bff0&url=http%3A%2F%2Fd.64.69.12.43.downloads.estara.com.%2Fas%2FOneCCDM.php&template=1178&sessionid=951626904_64.69.12.43_47023&=&req=1210299706470OneCC.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://209.149.177.89/nortel_cacheable/NetDirect.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://209.149.177.89/nortel_cacheable/iewiper.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9587 bytes

Now for the Malware log:

Malwarebytes' Anti-Malware 1.20
Database version: 943
Windows 6.0.6001 Service Pack 1

7:02:12 PM 7/12/2008
mbam-log-7-12-2008 (19-01-45).txt

Scan type: Full Scan (C:\|D:\|E:\|K:\|)
Objects scanned: 188872
Time elapsed: 1 hour(s), 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb7692 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd82 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga715 (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\bfsvc.exe (Trojan.Agent) -> No action taken.
C:\Ctregrun.exe (Trojan.Agent) -> No action taken.
C:\DLA.EXE (Trojan.Agent) -> No action taken.
C:\explorer.exe (Trojan.Agent) -> No action taken.
C:\fveupdate.exe (Trojan.Agent) -> No action taken.
C:\HelpPane.exe (Trojan.Agent) -> No action taken.
C:\hh.exe (Trojan.Agent) -> No action taken.
C:\HideWin.exe (Trojan.Agent) -> No action taken.
C:\HPCPCUninstaller-6.3.2.139-6811507.exe (Trojan.Agent) -> No action taken.
C:\IsUninst.exe (Trojan.Agent) -> No action taken.
C:\notepad.exe (Trojan.Agent) -> No action taken.
C:\regedit.exe (Trojan.Agent) -> No action taken.
C:\RtHDVCpl.exe (Trojan.Agent) -> No action taken.
C:\RTKAUDIOSERVICE.EXE (Trojan.Agent) -> No action taken.
C:\RtlUpd.exe (Trojan.Agent) -> No action taken.
C:\twunk_16.exe (Trojan.Agent) -> No action taken.
C:\twunk_32.exe (Trojan.Agent) -> No action taken.
C:\winhelp.exe (Trojan.Agent) -> No action taken.
C:\winhlp32.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\core.cache.dsk (Malware.Trace) -> No action taken.

I am still getting some pop-ups on startup.
Thanks

pskelley

2008-07-13, 14:25

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

2) Would you read the directions for MBAM:
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.

You have chosen: No action taken ???

Run the scan again, then post a new MBAM scan report and a new HJT log.

Could you tell me if you know why this is set like this:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain

Is this you?
http://whois.domaintools.com/69.1.30.11
Is this a company computer?

Thanks

cunxray

2008-07-13, 19:45

I have no idea why that setting is like that. That is not my company. This is my personal computer. The only thing I access away from home is my company's SSL connection. I work for a hospital and I need to access their network. Thanks.
I'm running the scan again with TT disabled. I will post the logs soon. Thanks

cunxray

2008-07-13, 21:22

Here is the Malware log:
Malwarebytes' Anti-Malware 1.20
Database version: 943
Windows 6.0.6001 Service Pack 1

12:51:15 PM 7/13/2008
mbam-log-7-13-2008 (12-51-15).txt

Scan type: Full Scan (C:\|D:\|E:\|K:\|)
Objects scanned: 186123
Time elapsed: 1 hour(s), 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\bfsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Ctregrun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\DLA.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\fveupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\HelpPane.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\hh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\HideWin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\HPCPCUninstaller-6.3.2.139-6811507.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\IsUninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\notepad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RtHDVCpl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RTKAUDIOSERVICE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RtlUpd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\twunk_16.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\twunk_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\winhelp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\winhlp32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.

Here is the HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:57 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=e26fff4e2ac37364ba85f16cde31bff0&url=http%3A%2F%2Fd.64.69.12.43.downloads.estara.com.%2Fas%2FOneCCDM.php&template=1178&sessionid=951626904_64.69.12.43_47023&=&req=1210299706470OneCC.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://209.149.177.89/nortel_cacheable/NetDirect.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://209.149.177.89/nortel_cacheable/iewiper.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9393 bytes

I ran the scan just like you instructed, I'm still getting pop ups.

cunxray

2008-07-13, 21:28

Could you take a look and tell me what this is. I found it on the E drive. I will have to submit it in two or three parts.

=== Verbose logging started: 2/20/2007 23:06:34 Build type: SHIP UNICODE 4.00.6000.00 Calling process: C:\Windows\system32\msiexec.exe ===
MSI (c) (AC:B0) [23:06:34:685]: Resetting cached policy values
MSI (c) (AC:B0) [23:06:34:685]: Machine policy value 'Debug' is 0
MSI (c) (AC:B0) [23:06:34:685]: ******* RunEngine:
******* Product: e:\60a829cc4c3112e114\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (AC:B0) [23:06:34:686]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (AC:B0) [23:06:34:686]: Grabbed execution mutex.
MSI (c) (AC:B0) [23:06:34:794]: Cloaking enabled.
MSI (c) (AC:B0) [23:06:34:794]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (AC:B0) [23:06:34:806]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (90:2C) [23:06:34:828]: Grabbed execution mutex.
MSI (s) (90:90) [23:06:34:829]: Resetting cached policy values
MSI (s) (90:90) [23:06:34:829]: Machine policy value 'Debug' is 0
MSI (s) (90:90) [23:06:34:830]: ******* RunEngine:
******* Product: e:\60a829cc4c3112e114\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (90:90) [23:06:34:830]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (90:90) [23:06:34:852]: SRSetRestorePoint skipped for this transaction.
MSI (s) (90:90) [23:06:34:854]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2
MSI (s) (90:90) [23:06:34:885]: File will have security applied from OpCode.
MSI (s) (90:90) [23:06:34:907]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'e:\60a829cc4c3112e114\msxml.msi' against software restriction policy
MSI (s) (90:90) [23:06:34:907]: SOFTWARE RESTRICTION POLICY: e:\60a829cc4c3112e114\msxml.msi has a digital signature
MSI (s) (90:90) [23:06:35:522]: SOFTWARE RESTRICTION POLICY: e:\60a829cc4c3112e114\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (90:90) [23:06:35:522]: End dialog not enabled
MSI (s) (90:90) [23:06:35:540]: Original package ==> e:\60a829cc4c3112e114\msxml.msi
MSI (s) (90:90) [23:06:35:540]: Package we're running from ==> C:\Windows\Installer\653ddc.msi
MSI (s) (90:90) [23:06:35:544]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (90:90) [23:06:35:544]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (90:90) [23:06:35:559]: MSCOREE not loaded loading copy from system32
MSI (s) (90:90) [23:06:35:579]: Machine policy value 'TransformsSecure' is 0
MSI (s) (90:90) [23:06:35:579]: User policy value 'TransformsAtSource' is 0
MSI (s) (90:90) [23:06:35:589]: Machine policy value 'DisablePatch' is 0
MSI (s) (90:90) [23:06:35:589]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (90:90) [23:06:35:589]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (90:90) [23:06:35:589]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (90:90) [23:06:35:590]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (90:90) [23:06:35:590]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (90:90) [23:06:35:590]: Transforms are not secure.
MSI (s) (90:90) [23:06:35:591]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'e:\60a829cc4c3112e114\msxml4-KB927978-enu.log'.
MSI (s) (90:90) [23:06:35:591]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=e:\60a829cc4c3112e114 CLIENTUILEVEL=3 CLIENTPROCESSID=1964
MSI (s) (90:90) [23:06:35:591]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (90:90) [23:06:35:591]: Product Code passed to Engine.Initialize: ''
MSI (s) (90:90) [23:06:35:591]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (90:90) [23:06:35:591]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (90:90) [23:06:35:591]: Product not registered: beginning first-time install
MSI (s) (90:90) [23:06:35:591]: Product {37477865-A3F1-4772-AD43-AAFC6BCFF99F} is not managed.
MSI (s) (90:90) [23:06:35:592]: MSI_LUA: Credential prompt not required, user is an admin
MSI (s) (90:90) [23:06:35:592]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (90:90) [23:06:35:596]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (90:90) [23:06:35:596]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (90:90) [23:06:35:596]: Adding new sources is allowed.
MSI (s) (90:90) [23:06:35:596]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (90:90) [23:06:35:596]: Package name extracted from package path: 'msxml.msi'
MSI (s) (90:90) [23:06:35:597]: Package to be registered: 'msxml.msi'
MSI (s) (90:90) [23:06:35:598]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (90:90) [23:06:35:598]: Machine policy value 'DisableMsi' is 0
MSI (s) (90:90) [23:06:35:598]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (90:90) [23:06:35:598]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (90:90) [23:06:35:598]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (90:90) [23:06:35:599]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (90:90) [23:06:35:599]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (90:90) [23:06:35:599]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'e:\60a829cc4c3112e114'.
MSI (s) (90:90) [23:06:35:599]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (90:90) [23:06:35:599]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '1964'.
MSI (s) (90:90) [23:06:35:599]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (90:90) [23:06:35:629]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '21744372e721994a9817a4e88a9e8306'.
MSI (s) (90:90) [23:06:35:629]: RESTART MANAGER: Session opened.
MSI (s) (90:90) [23:06:35:629]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (s) (90:90) [23:06:35:629]: TRANSFORMS property is now:
MSI (s) (90:90) [23:06:35:629]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (90:90) [23:06:35:632]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming
MSI (s) (90:90) [23:06:35:634]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\Favorites
MSI (s) (90:90) [23:06:35:636]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (90:90) [23:06:35:638]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\Documents
MSI (s) (90:90) [23:06:35:641]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (90:90) [23:06:35:643]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (90:90) [23:06:35:645]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (90:90) [23:06:35:647]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (90:90) [23:06:35:647]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (90:90) [23:06:35:650]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Local
MSI (s) (90:90) [23:06:35:652]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\Pictures
MSI (s) (90:90) [23:06:35:656]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (90:90) [23:06:35:658]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (90:90) [23:06:35:660]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (90:90) [23:06:35:662]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (90:90) [23:06:35:665]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (90:90) [23:06:35:669]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (90:90) [23:06:35:671]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (90:90) [23:06:35:673]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (90:90) [23:06:35:676]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (90:90) [23:06:35:678]: SHELL32::SHGetFolderPath returned: C:\Users\Ken\Desktop
MSI (s) (90:90) [23:06:35:682]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (90:90) [23:06:35:682]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (s) (90:90) [23:06:35:683]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (90:90) [23:06:35:694]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (90:90) [23:06:35:694]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (90:90) [23:06:35:694]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (90:90) [23:06:35:694]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (90:90) [23:06:35:695]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Ken'.
MSI (s) (90:90) [23:06:35:695]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (90:90) [23:06:35:695]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Hewlett-Packard Company'.
MSI (s) (90:90) [23:06:35:695]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\653ddc.msi'.
MSI (s) (90:90) [23:06:35:695]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'e:\60a829cc4c3112e114\msxml.msi'.
MSI (s) (90:90) [23:06:35:695]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (90:90) [23:06:35:695]: Machine policy value 'DisableRollback' is 0
MSI (s) (90:90) [23:06:35:695]: User policy value 'DisableRollback' is 0
MSI (s) (90:90) [23:06:35:696]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 2/20/2007 23:06:35 ===
MSI (s) (90:90) [23:06:35:697]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (90:90) [23:06:35:697]: Doing action: INSTALL
MSI (s) (90:90) [23:06:35:700]: Running ExecuteSequence
MSI (s) (90:90) [23:06:35:700]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 23:06:35: INSTALL.
MSI (s) (90:90) [23:06:35:702]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Users\Public\Desktop\'.
Action start 23:06:35: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (90:90) [23:06:35:703]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 23:06:35: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (90:90) [23:06:35:705]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\'.
Action start 23:06:35: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (90:90) [23:06:35:706]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 23:06:35: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (90:90) [23:06:35:708]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\'.
Action start 23:06:35: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (90:90) [23:06:35:708]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 23:06:35: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (90:90) [23:06:35:711]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\system32\'.
Action start 23:06:35: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (90:90) [23:06:35:712]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 23:06:35: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (90:90) [23:06:35:714]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\'.
Action start 23:06:35: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (90:90) [23:06:35:715]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 23:06:35: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (90:90) [23:06:35:717]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\system32\'.
Action start 23:06:35: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (90:90) [23:06:35:718]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 23:06:35: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (90:90) [23:06:35:720]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\'.
Action start 23:06:35: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (90:90) [23:06:35:720]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 23:06:35: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (90:90) [23:06:35:723]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\system32\'.
Action start 23:06:35: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (90:90) [23:06:35:723]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB
Action ended 23:06:35: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (90:90) [23:06:35:726]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\Windows\system32\'.
Action start 23:06:35: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
MSI (s) (90:90) [23:06:35:726]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1
Action ended 23:06:35: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.
MSI (s) (90:90) [23:06:35:728]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\Windows\system32\'.
Action start 23:06:35: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
MSI (s) (90:90) [23:06:35:729]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7
Action ended 23:06:35: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.
MSI (s) (90:90) [23:06:35:731]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\Windows\system32\'.
Action start 23:06:35: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
MSI (s) (90:90) [23:06:35:732]: Doing action: LaunchConditions
Action ended 23:06:35: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.
Action start 23:06:35: LaunchConditions.
MSI (s) (90:90) [23:06:35:733]: Doing action: FindRelatedProducts
Action ended 23:06:35: LaunchConditions. Return value 1.
Action start 23:06:35: FindRelatedProducts.
MSI (s) (90:90) [23:06:35:735]: Doing action: AppSearch
Action ended 23:06:35: FindRelatedProducts. Return value 1.
Action start 23:06:35: AppSearch.
MSI (s) (90:90) [23:06:35:736]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (90:90) [23:06:35:737]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.
MSI (s) (90:90) [23:06:35:737]: Skipping action: CCPSearch (condition is false)
MSI (s) (90:90) [23:06:35:737]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (90:90) [23:06:35:737]: Doing action: ValidateProductID
Action ended 23:06:35: AppSearch. Return value 1.
Action start 23:06:35: ValidateProductID.
MSI (s) (90:90) [23:06:35:740]: Doing action: CostInitialize
Action ended 23:06:35: ValidateProductID. Return value 1.
MSI (s) (90:90) [23:06:35:741]: Machine policy value 'MaxPatchCacheSize' is 10
Action start 23:06:35: CostInitialize.
MSI (s) (90:90) [23:06:35:837]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'e:\'.
MSI (s) (90:90) [23:06:35:837]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (90:90) [23:06:35:838]: Note: 1: 2205 2: 3: Patch
MSI (s) (90:90) [23:06:35:838]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (90:90) [23:06:35:838]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (90:90) [23:06:35:838]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (90:90) [23:06:35:838]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (90:90) [23:06:35:838]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (90:90) [23:06:35:839]: Doing action: FileCost
Action ended 23:06:35: CostInitialize. Return value 1.
MSI (s) (90:90) [23:06:35:841]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 23:06:35: FileCost.
MSI (s) (90:90) [23:06:35:842]: Doing action: CostFinalize
Action ended 23:06:35: FileCost. Return value 1.
MSI (s) (90:90) [23:06:35:843]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (90:90) [23:06:35:843]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (90:90) [23:06:35:843]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (90:90) [23:06:35:843]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (90:90) [23:06:35:843]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (90:90) [23:06:35:843]: Note: 1: 2205 2: 3: Patch
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'e:\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'C:\Program Files\Common Files\Microsoft Shared\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'C:\Program Files\Common Files\Microsoft Shared\MSDN\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Manifests\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Policies\'.
MSI (s) (90:90) [23:06:35:844]: PROPERTY CHANGE: Adding policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Policies\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Manifests\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Policies\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\Manifests\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (90:90) [23:06:35:845]: PROPERTY CHANGE: Adding payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\'.
MSI (s) (90:90) [23:06:35:846]: PROPERTY CHANGE: Adding MSXML property. Its value is 'C:\Program Files\MSXML 4.0\'.
MSI (s) (90:90) [23:06:35:846]: PROPERTY CHANGE: Adding INC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Program Files\MSXML 4.0\inc\'.
MSI (s) (90:90) [23:06:35:846]: PROPERTY CHANGE: Adding LIB.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Program Files\MSXML 4.0\lib\'.
MSI (s) (90:90) [23:06:35:846]: PROPERTY CHANGE: Adding DOC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Program Files\MSXML 4.0\doc\'.
MSI (s) (90:90) [23:06:35:846]: PROPERTY CHANGE: Adding MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSXML 4.0\'.
MSI (s) (90:90) [23:06:35:846]: Target path resolution complete. Dumping Directory table...
MSI (s) (90:90) [23:06:35:846]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: TARGETDIR , Object: e:\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WindowsFolder , Object: C:\Windows\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: CommonFilesFolder , Object: C:\Program Files\Common Files\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: C:\Program Files\Common Files\Microsoft Shared\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: C:\Program Files\Common Files\Microsoft Shared\MSDN\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\system32\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Manifests\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Policies\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\system32\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Policies\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Manifests\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\system32\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (90:90) [23:06:35:846]: Dir (target): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Policies\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\Manifests\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: C:\Windows\system32\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: C:\Windows\system32\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: C:\Windows\system32\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: DesktopFolder , Object: C:\Users\Public\Desktop\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: ProgramFilesFolder , Object: C:\Program Files\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: MSXML , Object: C:\Program Files\MSXML 4.0\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: C:\Program Files\MSXML 4.0\inc\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: C:\Program Files\MSXML 4.0\lib\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: C:\Program Files\MSXML 4.0\doc\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSXML 4.0\
MSI (s) (90:90) [23:06:35:847]: Dir (target): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: C:\Users\Public\Desktop\
MSI (s) (90:90) [23:06:35:849]: skipping installation of assembly component: {DA6654F6-456F-3658-A06B-D6B9ABF34537} since the assembly already exists
Action start 23:06:35: CostFinalize.
MSI (s) (90:90) [23:06:35:855]: Doing action: SetODBCFolders
Action ended 23:06:35: CostFinalize. Return value 1.
MSI (s) (90:90) [23:06:35:856]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (90:90) [23:06:35:856]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCDriver`, `Component` WHERE `ODBCDriver`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
MSI (s) (90:90) [23:06:35:856]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (90:90) [23:06:35:856]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCTranslator`, `Component` WHERE `ODBCTranslator`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
Action start 23:06:35: SetODBCFolders.
MSI (s) (90:90) [23:06:35:857]: Doing action: MigrateFeatureStates
Action ended 23:06:35: SetODBCFolders. Return value 0.
Action start 23:06:35: MigrateFeatureStates.
MSI (s) (90:90) [23:06:35:858]: Doing action: InstallValidate
Action ended 23:06:35: MigrateFeatureStates. Return value 0.
MSI (s) (90:90) [23:06:35:858]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is '21744372e721994a9817a4e88a9e8306'.
MSI (s) (90:90) [23:06:35:858]: Feature: MSXML; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Feature: MSXMLSYS; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Feature: MSXMLSUPP; Installed: Absent; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:858]: Feature: MSXMLSUPP2; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Feature: MSXMLSXS; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Feature: XMLSDK; Installed: Absent; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:858]: Component: RememberInstallFolder; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Component: QKBKEY; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Component: MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Component: MSXML4_SystemRes.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:858]: Component: MSXML4_ANSI.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:858]: Component: WINHTTP50_COMPONENT.781A0624_31FF_4712_BFFD_31C829FFDBF1; Installed: Absent; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: PROXYCFG_COMPONENT.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:859]: Component: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:859]: Component: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: XMLSDK_LIB.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: XMLSDK_INC.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC59; Installed: Absent; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:859]: Component: __uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:859]: Component: __QKBKEY65; Installed: Null; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:859]: Component: __MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B765; Installed: Null; Request: Local; Action: Local
MSI (s) (90:90) [23:06:35:859]: Component: __downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF3453765; Installed: Null; Request: Local; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC5965; Installed: Null; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:859]: Component: __XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_59652376190165; Installed: Null; Request: Null; Action: Null
MSI (s) (90:90) [23:06:35:859]: Note: 1: 2205 2: 3: BindImage
MSI (s) (90:90) [23:06:35:859]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (90:90) [23:06:35:859]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (90:90) [23:06:35:859]: Note: 1: 2205 2: 3: Font
Action start 23:06:35: InstallValidate.
MSI (s) (90:90) [23:06:35:860]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (90:90) [23:06:35:869]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (90:90) [23:06:35:870]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (90:90) [23:06:35:871]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (90:90) [23:06:35:872]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (90:90) [23:06:35:873]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (90:90) [23:06:35:874]: Note: 1: 2205 2: 3: BindImage
MSI (s) (90:90) [23:06:35:874]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (90:90) [23:06:35:874]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (90:90) [23:06:35:874]: Note: 1: 2205 2: 3: Font
MSI (s) (90:90) [23:06:35:874]: Note: 1: 2727 2:
MSI (s) (90:90) [23:06:35:887]: Note: 1: 2727 2:
MSI (s) (90:90) [23:06:35:888]: Doing action: InstallInitialize
Action ended 23:06:35: InstallValidate. Return value 1.
MSI (s) (90:90) [23:06:35:889]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (90:90) [23:06:35:889]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (90:90) [23:06:35:889]: BeginTransaction: Locking Server
MSI (s) (90:90) [23:06:35:890]: SRSetRestorePoint skipped for this transaction.
MSI (s) (90:90) [23:06:35:890]: Server not locked: locking for product {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Action start 23:06:35: InstallInitialize.
MSI (s) (90:90) [23:06:36:307]: Skipping action: SxsInstallCA (condition is false)
MSI (s) (90:90) [23:06:36:307]: Doing action: AllocateRegistrySpace
Action ended 23:06:36: InstallInitialize. Return value 1.
Action start 23:06:36: AllocateRegistrySpace.
MSI (s) (90:90) [23:06:36:308]: Doing action: ProcessComponents
Action ended 23:06:36: AllocateRegistrySpace. Return value 1.
MSI (s) (90:90) [23:06:36:309]: Note: 1: 2205 2: 3: MsiPatchCertificate
MSI (s) (90:90) [23:06:36:309]: LUA patching is disabled: missing MsiPatchCertificate table
MSI (s) (90:90) [23:06:36:309]: Resolving source.
MSI (s) (90:90) [23:06:36:309]: Resolving source to launched-from source.
MSI (s) (90:90) [23:06:36:309]: Setting launched-from source as last-used.
MSI (s) (90:90) [23:06:36:310]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'e:\60a829cc4c3112e114\'.
MSI (s) (90:90) [23:06:36:310]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'e:\60a829cc4c3112e114\'.
MSI (s) (90:90) [23:06:36:310]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (90:90) [23:06:36:310]: SOURCEDIR ==> e:\60a829cc4c3112e114\
MSI (s) (90:90) [23:06:36:310]: SOURCEDIR product ==> {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSI (s) (90:90) [23:06:36:310]: Determining source type
MSI (s) (90:90) [23:06:36:310]: Source type from package 'msxml.msi': 2
Action start 23:06:36: ProcessComponents.
MSI (s) (90:90) [23:06:36:311]: Source path resolution complete. Dumping Directory table...
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: TARGETDIR , Object: e:\60a829cc4c3112e114\ , LongSubPath: , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WindowsFolder , Object: e:\60a829cc4c3112e114\ , LongSubPath: , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: CommonFilesFolder , Object: e:\60a829cc4c3112e114\ , LongSubPath: , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Microsoft Shared\ , ShortSubPath: MICROS~1\
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Microsoft Shared\MSDN\ , ShortSubPath: MICROS~1\MSDN\
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\k0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\h0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Policies\i0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\j0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\8n0mtfut.k85\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Policies\6n0mtfut.k85\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (90:90) [23:06:36:311]: Dir (source): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\5n0mtfut.k85\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\7n0mtfut.k85\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\wl34x2va.rt8\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Policies\ul34x2va.rt8\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\tl34x2va.rt8\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: e:\60a829cc4c3112e114\ , LongSubPath: Windows\winsxs\vl34x2va.rt8\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: e:\60a829cc4c3112e114\ , LongSubPath: , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: e:\60a829cc4c3112e114\ , LongSubPath: , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: e:\60a829cc4c3112e114\ , LongSubPath: System\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:312]: Dir (source): Key: DesktopFolder , Object: e:\60a829cc4c3112e114\ , LongSubPath: , ShortSubPath:
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: ProgramFilesFolder , Object: e:\60a829cc4c3112e114\ , LongSubPath: , ShortSubPath:
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: MSXML , Object: e:\60a829cc4c3112e114\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: e:\60a829cc4c3112e114\ , LongSubPath: redist\inc\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: e:\60a829cc4c3112e114\ , LongSubPath: redist\lib\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: e:\60a829cc4c3112e114\ , LongSubPath: redist\doc\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: e:\60a829cc4c3112e114\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: e:\60a829cc4c3112e114\ , LongSubPath: redist\MSXML 4.0\ , ShortSubPath: redist\MSXML4\
MSI (s) (90:90) [23:06:36:313]: Dir (source): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: e:\60a829cc4c3112e114\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (90:90) [23:06:36:348]: Doing action: UnpublishComponents
Action ended 23:06:36: ProcessComponents. Return value 1.
MSI (s) (90:90) [23:06:36:380]: Note: 1: 2262 2: PublishComponent 3: -2147287038
Action start 23:06:36: UnpublishComponents.
MSI (s) (90:90) [23:06:36:382]: Doing action: MsiUnpublishAssemblies
Action ended 23:06:36: UnpublishComponents. Return value 1.
Action start 23:06:36: MsiUnpublishAssemblies.
MSI (s) (90:90) [23:06:36:385]: Doing action: UnpublishFeatures
Action ended 23:06:36: MsiUnpublishAssemblies. Return value 1.
Action start 23:06:36: UnpublishFeatures.
MSI (s) (90:90) [23:06:36:387]: Doing action: StopServices
Action ended 23:06:36: UnpublishFeatures. Return value 1.
MSI (s) (90:90) [23:06:36:388]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (90:90) [23:06:36:388]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 23:06:36: StopServices.
MSI (s) (90:90) [23:06:36:389]: Doing action: DeleteServices
Action ended 23:06:36: StopServices. Return value 1.
MSI (s) (90:90) [23:06:36:390]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (90:90) [23:06:36:390]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 23:06:36: DeleteServices.
MSI (s) (90:90) [23:06:36:391]: Doing action: UnregisterComPlus
Action ended 23:06:36: DeleteServices. Return value 1.
MSI (s) (90:90) [23:06:36:391]: Note: 1: 2205 2: 3: Complus
MSI (s) (90:90) [23:06:36:391]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND `Action` = 0
Action start 23:06:36: UnregisterComPlus.
MSI (s) (90:90) [23:06:36:392]: Doing action: SelfUnregModules
Action ended 23:06:36: UnregisterComPlus. Return value 0.
Action start 23:06:36: SelfUnregModules.
MSI (s) (90:90) [23:06:36:394]: Doing action: UnregisterTypeLibraries
Action ended 23:06:36: SelfUnregModules. Return value 1.
Action start 23:06:36: UnregisterTypeLibraries.
MSI (s) (90:90) [23:06:36:540]: Doing action: RemoveODBC
Action ended 23:06:36: UnregisterTypeLibraries. Return value 1.
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (90:90) [23:06:36:540]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:541]: Note: 1: 2711 2: ODBCDriverManager
Action start 23:06:36: RemoveODBC.
MSI (s) (90:90) [23:06:36:541]: Note: 1: 2711 2: ODBCDriverManager64
MSI (s) (90:90) [23:06:36:542]: Doing action: UnregisterFonts
Action ended 23:06:36: RemoveODBC. Return value 1.
MSI (s) (90:90) [23:06:36:542]: Note: 1: 2205 2: 3: Font
MSI (s) (90:90) [23:06:36:542]: Note: 1: 2228 2: 3: Font 4: SELECT `FontTitle`, `FileName`, `Directory_`, `Installed`From `Font`, `FileAction` Where `Font`.`File_` = `FileAction`.`File` And `FileAction`.`Action` = 0 ORDER BY `FileAction`.`Directory_`
Action start 23:06:36: UnregisterFonts.
MSI (s) (90:90) [23:06:36:543]: Doing action: RemoveRegistryValues
Action ended 23:06:36: UnregisterFonts. Return value 1.
Action start 23:06:36: RemoveRegistryValues.
MSI (s) (90:90) [23:06:36:544]: Doing action: UnregisterClassInfo
Action ended 23:06:36: RemoveRegistryValues. Return value 1.
Action start 23:06:36: UnregisterClassInfo.
MSI (s) (90:90) [23:06:36:545]: Doing action: UnregisterExtensionInfo
Action ended 23:06:36: UnregisterClassInfo. Return value 1.
MSI (s) (90:90) [23:06:36:546]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 23:06:36: UnregisterExtensionInfo.
MSI (s) (90:90) [23:06:36:547]: Doing action: UnregisterProgIdInfo
Action ended 23:06:36: UnregisterExtensionInfo. Return value 1.
MSI (s) (90:90) [23:06:36:548]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 23:06:36: UnregisterProgIdInfo.
MSI (s) (90:90) [23:06:36:548]: Doing action: UnregisterMIMEInfo
Action ended 23:06:36: UnregisterProgIdInfo. Return value 1.
MSI (s) (90:90) [23:06:36:549]: Note: 1: 2262 2: MIME 3: -2147287038
MSI (s) (90:90) [23:06:36:549]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 23:06:36: UnregisterMIMEInfo.
MSI (s) (90:90) [23:06:36:549]: Doing action: RemoveIniValues
Action ended 23:06:36: UnregisterMIMEInfo. Return value 1.
MSI (s) (90:90) [23:06:36:550]: Note: 1: 2205 2: 3: IniFile
MSI (s) (90:90) [23:06:36:550]: Note: 1: 2228 2: 3: IniFile 4: SELECT `FileName`,`IniFile`.`DirProperty`,`Section`,`IniFile`.`Key`,`IniFile`.`Value`,`IniFile`.`Action` FROM `IniFile`, `Component` WHERE `Component`=`Component_` AND `Component`.`Action`=0 ORDER BY `FileName`,`Section`
Action start 23:06:36: RemoveIniValues.
MSI (s) (90:90) [23:06:36:550]: Doing action: RemoveShortcuts
Action ended 23:06:36: RemoveIniValues. Return value 1.
Action start 23:06:36: RemoveShortcuts.
MSI (s) (90:90) [23:06:36:552]: Doing action: RemoveEnvironmentStrings
Action ended 23:06:36: RemoveShortcuts. Return value 1.
MSI (s) (90:90) [23:06:36:552]: Note: 1: 2205 2: 3: Environment
MSI (s) (90:90) [23:06:36:552]: Note: 1: 2228 2: 3: Environment 4: SELECT `Name`,`Value` FROM `Environment`,`Component` WHERE `Component_`=`Component` AND (`Component`.`Action` = 0)
Action start 23:06:36: RemoveEnvironmentStrings.
MSI (s) (90:90) [23:06:36:553]: Doing action: RemoveDuplicateFiles
Action ended 23:06:36: RemoveEnvironmentStrings. Return value 1.
Action start 23:06:36: RemoveDuplicateFiles.
MSI (s) (90:90) [23:06:36:553]: Doing action: RemoveFiles
Action ended 23:06:36: RemoveDuplicateFiles. Return value 1.
MSI (s) (90:90) [23:06:36:554]: Note: 1: 2205 2: 3: RemoveFile
MSI (s) (90:90) [23:06:36:554]: Note: 1: 2205 2: 3: RemoveFile
Action start 23:06:36: RemoveFiles.
MSI (s) (90:90) [23:06:36:554]: Doing action: RemoveFolders
Action ended 23:06:36: RemoveFiles. Return value 0.
Action start 23:06:36: RemoveFolders.
MSI (s) (90:90) [23:06:36:555]: Doing action: CreateFolders
Action ended 23:06:36: RemoveFolders. Return value 1.
Action start 23:06:36: CreateFolders.
MSI (s) (90:90) [23:06:36:556]: Doing action: MoveFiles
Action ended 23:06:36: CreateFolders. Return value 1.
Action start 23:06:36: MoveFiles.
MSI (s) (90:90) [23:06:36:558]: Doing action: InstallFiles
Action ended 23:06:36: MoveFiles. Return value 1.
Action start 23:06:36: InstallFiles.
MSI (s) (90:90) [23:06:36:561]: Note: 1: 2205 2: 3: Patch
MSI (s) (90:90) [23:06:36:561]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? AND `Patch`.`#_MsiActive`=? ORDER BY `Patch`.`Sequence`
MSI (s) (90:90) [23:06:36:561]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (90:90) [23:06:36:561]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ?
MSI (s) (90:90) [23:06:36:562]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (90:90) [23:06:36:564]: Doing action: PatchFiles
Action ended 23:06:36: InstallFiles. Return value 1.
MSI (s) (90:90) [23:06:36:564]: Note: 1: 2205 2: 3: Patch
MSI (s) (90:90) [23:06:36:564]: Note: 1: 2228 2: 3: Patch 4: SELECT `File`,`FileName`,`FileSize`,`Directory_`,`PatchSize`,`File`.`Attributes`,`Patch`.`Attributes`,`Patch`.`Sequence`,`Component`.`Component`,`Component`.`ComponentId` FROM `File`,`Component`,`Patch` WHERE `Patch`.`#_MsiActive`=? AND `File`=`File_` AND `Component`=`Component_` ORDER BY `Patch`.`Sequence`
Action start 23:06:36: PatchFiles.
MSI (s) (90:90) [23:06:36:565]: Doing action: DuplicateFiles
Action ended 23:06:36: PatchFiles. Return value 0.
Action start 23:06:36: DuplicateFiles.
MSI (s) (90:90) [23:06:36:566]: Doing action: BindImage
Action ended 23:06:36: DuplicateFiles. Return value 1.
Action start 23:06:36: BindImage.
MSI (s) (90:90) [23:06:36:566]: Doing action: CreateShortcuts
Action ended 23:06:36: BindImage. Return value 1.
MSI (s) (90:90) [23:06:36:567]: Note: 1: 2235 2: 3: DisplayResourceDLL 4: SELECT `Name`, `FileName`, `Component`.`Directory_`, `Arguments`, `WkDir`, `Icon_`, `IconIndex`, `Hotkey`, `ShowCmd`, `Shortcut`.`Description`, `Shortcut`.`Directory_`, `Component`.`RuntimeFlags`, `Component`.`Action`, `Target`, `ComponentId`, `Feature`.`Action`, `Component`.`Installed`, `DisplayResourceDLL`, `DisplayResourceId`, `DescriptionResourceDLL`, `DescriptionResourceId` From `Shortcut`, `Feature`, `Component`, `File` WHERE `Target` = `Feature` AND `Shortcut`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND ((`Feature`.`Action` = 1 OR `Feature`.`Action` = 2) OR (`Feature`.`Action` = 4 AND `Feature`.`Installed` = 0) OR (`Feature`.`Action` = 3 AND (`Feature`.`Installed` = 1 OR `Feature`.`Installed` = 2 OR `Feature`.`Installed` = 4)) OR (`Feature`.`Action` = NULL AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2) AND (`Feature`.`Installed` = 1 OR `Feature`.`Installed` = 2 OR `Feature`.`Installed` = 4)))
MSI (s) (90:90) [23:06:36:568]: Note: 1: 2235 2: 3: DisplayResourceDLL 4: SELECT `Name`, `Target`, null, `Arguments`, `WkDir`, `Icon_`, `IconIndex`, `Hotkey`, `ShowCmd`, `Shortcut`.`Description`, `Shortcut`.`Directory_`, `Component`.`RuntimeFlags`, null, null, null, null, null, `DisplayResourceDLL`, `DisplayResourceId`, `DescriptionResourceDLL`, `DescriptionResourceId` From `Shortcut`, `Component` WHERE `Shortcut`.`Component_` = `Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2)
Action start 23:06:36: CreateShortcuts.
MSI (s) (90:90) [23:06:36:569]: Doing action: RegisterClassInfo
Action ended 23:06:36: CreateShortcuts. Return value 1.
Action start 23:06:36: RegisterClassInfo.
MSI (s) (90:90) [23:06:36:570]: Doing action: RegisterExtensionInfo
Action ended 23:06:36: RegisterClassInfo. Return value 1.
MSI (s) (90:90) [23:06:36:571]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 23:06:36: RegisterExtensionInfo.
MSI (s) (90:90) [23:06:36:572]: Doing action: RegisterProgIdInfo
Action ended 23:06:36: RegisterExtensionInfo. Return value 1.
MSI (s) (90:90) [23:06:36:573]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 23:06:36: RegisterProgIdInfo.
MSI (s) (90:90) [23:06:36:574]: Doing action: RegisterMIMEInfo
Action ended 23:06:36: RegisterProgIdInfo. Return value 1.
MSI (s) (90:90) [23:06:36:575]: Note: 1: 2262 2: MIME 3: -2147287038
MSI (s) (90:90) [23:06:36:575]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 23:06:36: RegisterMIMEInfo.
MSI (s) (90:90) [23:06:36:576]: Doing action: WriteRegistryValues
Action ended 23:06:36: RegisterMIMEInfo. Return value 1.
Action start 23:06:36: WriteRegistryValues.
MSI (s) (90:90) [23:06:36:600]: Doing action: WriteIniValues
Action ended 23:06:36: WriteRegistryValues. Return value 1.
MSI (s) (90:90) [23:06:36:601]: Note: 1: 2205 2: 3: IniFile
MSI (s) (90:90) [23:06:36:601]: Note: 1: 2228 2: 3: IniFile 4: SELECT `FileName`,`IniFile`.`DirProperty`,`Section`,`IniFile`.`Key`,`IniFile`.`Value`,`IniFile`.`Action` FROM `IniFile`, `Component` WHERE `Component`=`Component_` AND (`Component`.`Action`=1 OR `Component`.`Action`=2) ORDER BY `FileName`,`Section`
Action start 23:06:36: WriteIniValues.
MSI (s) (90:90) [23:06:36:601]: Doing action: WriteEnvironmentStrings
Action ended 23:06:36: WriteIniValues. Return value 1.
MSI (s) (90:90) [23:06:36:602]: Note: 1: 2205 2: 3: Environment
MSI (s) (90:90) [23:06:36:602]: Note: 1: 2228 2: 3: Environment 4: SELECT `Name`,`Value` FROM `Environment`,`Component` WHERE `Component_`=`Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2)
Action start 23:06:36: WriteEnvironmentStrings.
MSI (s) (90:90) [23:06:36:602]: Doing action: RegisterFonts
Action ended 23:06:36: WriteEnvironmentStrings. Return value 1.
MSI (s) (90:90) [23:06:36:603]: Note: 1: 2205 2: 3: Font
MSI (s) (90:90) [23:06:36:603]: Note: 1: 2228 2: 3: Font 4: SELECT `FontTitle`, `FileName`, `Directory_`, `Action` From `Font`, `FileAction` Where `Font`.`File_` = `FileAction`.`File` And (`FileAction`.`Action` = 1 Or `FileAction`.`Action` = 2) ORDER BY `FileAction`.`Directory_`
Action start 23:06:36: RegisterFonts.
MSI (s) (90:90) [23:06:36:603]: Doing action: InstallODBC

cunxray

2008-07-13, 21:29

Here is the second half:
Action ended 23:06:36: RegisterFonts. Return value 1.
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2711 2: ODBCDriverManager
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2711 2: ODBCDriverManager64
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCDriver`, `File`, `Component` WHERE `File_` = `File` AND `ODBCDriver`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCDriver`, `File`, `Component` WHERE `File_` = `File` AND `ODBCDriver`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCTranslator`, `File`, `Component` WHERE `File_` = `File` AND `ODBCTranslator`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCTranslator`, `File`, `Component` WHERE `File_` = `File` AND `ODBCTranslator`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2) AND `BinaryType` = ?
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (90:90) [23:06:36:604]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2) AND `BinaryType` = ?
Action start 23:06:36: InstallODBC.
MSI (s) (90:90) [23:06:36:605]: Doing action: RegisterTypeLibraries
Action ended 23:06:36: InstallODBC. Return value 0.
Action start 23:06:36: RegisterTypeLibraries.
MSI (s) (90:90) [23:06:36:606]: Doing action: SelfRegModules
Action ended 23:06:36: RegisterTypeLibraries. Return value 1.
Action start 23:06:36: SelfRegModules.
MSI (s) (90:90) [23:06:36:607]: Doing action: RegisterComPlus
Action ended 23:06:36: SelfRegModules. Return value 1.
MSI (s) (90:90) [23:06:36:608]: Note: 1: 2205 2: 3: Complus
MSI (s) (90:90) [23:06:36:608]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND (`Action` = 1 OR `Action` = 2)
Action start 23:06:36: RegisterComPlus.
MSI (s) (90:90) [23:06:36:608]: Doing action: InstallServices
Action ended 23:06:36: RegisterComPlus. Return value 0.
MSI (s) (90:90) [23:06:36:608]: Detected older ServiceInstall table schema
MSI (s) (90:90) [23:06:36:609]: Note: 1: 2205 2: 3: ServiceInstall
MSI (s) (90:90) [23:06:36:609]: Note: 1: 2228 2: 3: ServiceInstall 4: SELECT `Name`,`DisplayName`,`ServiceType`,`StartType`,`ErrorControl`,`LoadOrderGroup`,`Dependencies`,`StartName`,`Password`,`ComponentId`,`Directory_`,`FileName`,`Arguments` FROM `ServiceInstall`, `Component`, `File` WHERE `ServiceInstall`.`Component_` = `Component`.`Component` AND (`Component`.`KeyPath` = `File`.`File`) AND (`Action` = 1 OR `Action` = 2)
Action start 23:06:36: InstallServices.
MSI (s) (90:90) [23:06:36:609]: Doing action: StartServices
Action ended 23:06:36: InstallServices. Return value 1.
MSI (s) (90:90) [23:06:36:610]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (90:90) [23:06:36:610]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 23:06:36: StartServices.
MSI (s) (90:90) [23:06:36:610]: Doing action: RegisterUser
Action ended 23:06:36: StartServices. Return value 1.
Action start 23:06:36: RegisterUser.
MSI (s) (90:90) [23:06:36:611]: Doing action: RegisterProduct
Action ended 23:06:36: RegisterUser. Return value 1.
Action start 23:06:36: RegisterProduct.
MSI (s) (90:90) [23:06:37:048]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (s) (90:90) [23:06:37:049]: Doing action: PublishComponents
Action ended 23:06:37: RegisterProduct. Return value 1.
MSI (s) (90:90) [23:06:37:049]: Note: 1: 2262 2: PublishComponent 3: -2147287038
Action start 23:06:37: PublishComponents.
MSI (s) (90:90) [23:06:37:050]: Doing action: MsiPublishAssemblies
Action ended 23:06:37: PublishComponents. Return value 1.
Action start 23:06:37: MsiPublishAssemblies.
MSI (s) (90:90) [23:06:37:063]: Doing action: PublishFeatures
Action ended 23:06:37: MsiPublishAssemblies. Return value 1.
Action start 23:06:37: PublishFeatures.
MSI (s) (90:90) [23:06:37:067]: Doing action: PublishProduct
Action ended 23:06:37: PublishFeatures. Return value 1.
Action start 23:06:37: PublishProduct.
MSI (s) (90:90) [23:06:37:071]: Doing action: InstallFinalize
Action ended 23:06:37: PublishProduct. Return value 1.
MSI (s) (90:90) [23:06:37:074]: Running Script: C:\Windows\Installer\MSI4379.tmp
MSI (s) (90:90) [23:06:37:074]: PROPERTY CHANGE: Adding UpdateStarted property. Its value is '1'.
MSI (s) (90:90) [23:06:37:082]: Machine policy value 'DisableRollback' is 0
MSI (s) (90:90) [23:06:37:092]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (90:90) [23:06:37:099]: Executing op: Header(Signature=1397708873,Version=400,Timestamp=911522003,LangId=1033,Platform=0,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
Action start 23:06:37: InstallFinalize.
MSI (s) (90:90) [23:06:37:101]: Executing op: ProductInfo(ProductKey={37477865-A3F1-4772-AD43-AAFC6BCFF99F},ProductName=MSXML 4.0 SP2 (KB927978),PackageName=msxml.msi,Language=1033,Version=68429425,Assignment=1,ObsoleteArg=0,,,PackageCode={2B27DCD9-53FA-4885-B6CD-698623819F4C},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
MSI (s) (90:90) [23:06:37:101]: Executing op: DialogInfo(Type=0,Argument=1033)
MSI (s) (90:90) [23:06:37:102]: Executing op: DialogInfo(Type=1,Argument=MSXML 4.0 SP2 (KB927978))
MSI (s) (90:90) [23:06:37:102]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
MSI (s) (90:90) [23:06:37:102]: Executing op: SetBaseline(Baseline=0,)
MSI (s) (90:90) [23:06:37:102]: Executing op: SetBaseline(Baseline=1,)
MSI (s) (90:90) [23:06:37:102]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,)
MSI (s) (90:90) [23:06:37:103]: Executing op: ProgressTotal(Total=5,Type=1,ByteEquivalent=24000)
MSI (s) (90:90) [23:06:37:103]: Executing op: ComponentUnregister(ComponentId={E9BC82F6-AC0E-407C-8666-619D6D60DF2B},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (90:90) [23:06:37:104]: Note: 1: 1402 2: UNKNOWN\Components\6F28CB9EE0CAC704686616D9D606FDB2 3: 2
MSI (s) (90:90) [23:06:37:104]: Note: 1: 1402 2: UNKNOWN\Components\6F28CB9EE0CAC704686616D9D606FDB2 3: 2
MSI (s) (90:90) [23:06:37:104]: Executing op: ComponentUnregister(ComponentId={81754FFD-DA2B-49C6-9447-E1C1E1733BB6},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (90:90) [23:06:37:104]: Note: 1: 1402 2: UNKNOWN\Components\DFF45718B2AD6C9449741E1C1E37B36B 3: 2
MSI (s) (90:90) [23:06:37:104]: Note: 1: 1402 2: UNKNOWN\Components\DFF45718B2AD6C9449741E1C1E37B36B 3: 2
MSI (s) (90:90) [23:06:37:104]: Executing op: ComponentUnregister(ComponentId={5E6714E1-EA46-4B0F-B479-06D87058DC74},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (90:90) [23:06:37:105]: Note: 1: 1402 2: UNKNOWN\Components\1E4176E564AEF0B44B97608D0785CD47 3: 2
MSI (s) (90:90) [23:06:37:105]: Note: 1: 1402 2: UNKNOWN\Components\1E4176E564AEF0B44B97608D0785CD47 3: 2
MSI (s) (90:90) [23:06:37:105]: Executing op: ComponentUnregister(ComponentId={57E0F99D-E884-4BD0-B8CB-803CF9EA2066},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (90:90) [23:06:37:106]: Note: 1: 1402 2: UNKNOWN\Components\D99F0E75488E0DB48BBC08C39FAE0266 3: 2
MSI (s) (90:90) [23:06:37:106]: Note: 1: 1402 2: UNKNOWN\Components\D99F0E75488E0DB48BBC08C39FAE0266 3: 2
MSI (s) (90:90) [23:06:37:106]: Executing op: ComponentUnregister(ComponentId={C763CD13-6E1E-4166-8C78-D274B266E9B6},,BinaryType=0,PreviouslyPinned=1)
MSI (s) (90:90) [23:06:37:106]: Note: 1: 1402 2: UNKNOWN\Components\31DC367CE1E66614C8872D472B669E6B 3: 2
MSI (s) (90:90) [23:06:37:106]: Note: 1: 1402 2: UNKNOWN\Components\31DC367CE1E66614C8872D472B669E6B 3: 2
MSI (s) (90:90) [23:06:37:106]: Executing op: ProgressTotal(Total=14,Type=1,ByteEquivalent=24000)
MSI (s) (90:90) [23:06:37:107]: Executing op: ComponentRegister(ComponentId={4075CDF6-D88F-4F57-AF1A-29A124755695},KeyPath=C:\Program Files\MSXML 4.0\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:108]: Executing op: ComponentRegister(ComponentId={D21D9CCD-C3FA-4D72-982F-C29A2DE361EC},KeyPath=02:\Software\Microsoft\Updates\MSXML4SP2\Q927978\Description,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:109]: Executing op: ComponentRegister(ComponentId={4B1F71A7-50C6-44B7-A3AD-B6C3574BB896},KeyPath=C:\Windows\system32\msxml4.dll,State=3,,Disk=1,SharedDllRefCount=1,BinaryType=0)
MSI (s) (90:90) [23:06:37:110]: Executing op: ComponentRegister(ComponentId={62846705-2671-4547-AB45-854DCC93B3C7},KeyPath=C:\Windows\system32\msxml4r.dll,State=3,,Disk=1,SharedDllRefCount=1,BinaryType=0)
MSI (s) (90:90) [23:06:37:111]: Executing op: ComponentRegister(ComponentId={3AAE95CD-F592-46E7-89A1-9B56717C4413},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:112]: Executing op: ComponentRegister(ComponentId={CCF8B6EF-5FB9-4DE1-A276-683008BA3485},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:113]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-A06B-D6B9ABF34537},KeyPath=>msxml4.dll\Microsoft.MSXML2,type="win32",version="4.20.9841.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86",State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:114]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:115]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:116]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-A06B-D6B9ABF34537},KeyPath=>msxml4r.dll\Microsoft.MSXML2R,type="win32",version="4.1.0.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86",State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:118]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-C06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:119]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-B06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:120]: Executing op: ComponentRegister(ComponentId={0E9F98FC-A692-A6DF-A06B-D6B9ABF34537},KeyPath=>\policy.4.20.Microsoft.MSXML2,type="win32-policy",version="4.20.9841.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86",State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:121]: Executing op: ComponentRegister(ComponentId={0E9F98FC-A692-A6DF-C06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (90:90) [23:06:37:122]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200)
MSI (s) (90:90) [23:06:37:123]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:123]: Executing op: ProgressTick()
MSI (s) (90:90) [23:06:37:123]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200)
MSI (s) (90:90) [23:06:37:124]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:124]: Executing op: ProgressTick()
MSI (s) (90:90) [23:06:37:124]: Executing op: ActionStart(Name=RemoveODBC,Description=Removing ODBC components,)
MSI (s) (90:90) [23:06:37:125]: Executing op: ODBCDriverManager(,BinaryType=0)
MSI (s) (90:90) [23:06:37:125]: Executing op: ODBCDriverManager(,BinaryType=1)
MSI (s) (90:90) [23:06:37:125]: Executing op: ActionStart(Name=CreateFolders,Description=Creating folders,Template=Folder: [1])
MSI (s) (90:90) [23:06:37:125]: Executing op: FolderCreate(Folder=C:\Program Files\MSXML 4.0\,Foreign=0,)
MSI (s) (90:90) [23:06:37:128]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1], Directory: [9], Size: [6])
MSI (s) (90:90) [23:06:37:128]: Executing op: ProgressTotal(Total=1245696,Type=0,ByteEquivalent=1)
MSI (s) (90:90) [23:06:37:129]: Executing op: SetTargetFolder(Folder=C:\Windows\system32\)
MSI (s) (90:90) [23:06:37:129]: Executing op: SetSourceFolder(Folder=1\System\)
MSI (s) (90:90) [23:06:37:129]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_Core.cab,BytesPerTick=32768,CopierType=2,ModuleFileName=C:\Windows\Installer\653ddc.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (90:90) [23:06:37:129]: Executing op: FileCopy(SourceName=msxml4.dll,SourceCabKey=msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7,DestName=msxml4.dll,Attributes=512,FileSize=1245696,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.20.9841.0,Language=0,InstallMode=58982400,,,,,,,)
MSI (s) (90:90) [23:06:37:149]: File: C:\Windows\system32\msxml4.dll; Overwrite; Won't patch; Existing file is a lower version
MSI (s) (90:90) [23:06:37:149]: Source for file 'msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7' is compressed
MSI (s) (90:90) [23:06:37:149]: Re-applying security from existing file.
MSI (s) (90:90) [23:06:37:152]: Verifying accessibility of file: msxml4.dll
MSI (s) (90:90) [23:06:37:179]: SOFTWARE RESTRICTION POLICY: Verifying object --> 'C:\Windows\Installer\653ddc.msi' against software restriction policy
MSI (s) (90:90) [23:06:37:179]: SOFTWARE RESTRICTION POLICY: C:\Windows\Installer\653ddc.msi has a digital signature
MSI (s) (90:90) [23:06:37:236]: SOFTWARE RESTRICTION POLICY: C:\Windows\Installer\653ddc.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (90:90) [23:06:37:250]: Note: 1: 2318 2: C:\Windows\system32\msxml4.dll
MSI (s) (90:90) [23:06:37:252]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:253]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:255]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:256]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:257]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:258]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:259]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:260]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:261]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:262]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:263]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:264]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:266]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:267]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:268]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:269]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:270]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:271]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:272]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:273]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:274]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:275]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:276]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:277]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:278]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:279]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:280]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:281]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:282]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:283]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:284]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:285]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:286]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:286]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:288]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:289]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:290]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:290]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:299]: Executing op: FileCopy(SourceName=msxml4r.dll,SourceCabKey=msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7,DestName=msxml4r.dll,Attributes=512,FileSize=82432,PerTick=32768,,VerifyMedia=1,,,,,CheckCRC=0,Version=4.10.9404.0,Language=1033,InstallMode=58982400,,,,,,,)
MSI (s) (90:90) [23:06:37:302]: File: C:\Windows\system32\msxml4r.dll; Won't Overwrite; Won't patch; Existing file is of an equal version
MSI (s) (90:90) [23:06:37:302]: Executing op: SetTargetFolder(Folder=C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\)
MSI (s) (90:90) [23:06:37:302]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\vl34x2va.rt8\)
MSI (s) (90:90) [23:06:37:302]: Executing op: AssemblyCopy(SourceName=zl34x2va.rt8|x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest,SourceCabKey=ul_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,DestName=x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest,,FileSize=3973,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,ComponentId={7B2FCEFF-0F22-B7E1-A06B-D6B9ABF34537},IsManifest=1,,,AssemblyMode=0,)
MSI (s) (90:90) [23:06:37:338]: Source for file 'ul_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed
MSI (s) (90:90) [23:06:37:435]: Executing op: AssemblyCopy(SourceName=0m34x2va.rt8|x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat,SourceCabKey=ul_catalog.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,DestName=x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat,,FileSize=8347,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,ComponentId={7B2FCEFF-0F22-B7E1-A06B-D6B9ABF34537},,,,AssemblyMode=0,)
MSI (s) (90:90) [23:06:37:435]: Source for file 'ul_catalog.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed
MSI (s) (90:90) [23:06:37:457]: Executing op: AssemblyCopy(SourceName=2m34x2va.rt8|msxml4.dll,SourceCabKey=ul_msxml4.dll.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,DestName=msxml4.dll,,FileSize=1245696,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,ComponentId={7B2FCEFF-0F22-B7E1-A06B-D6B9ABF34537},,,,AssemblyMode=0,)
MSI (s) (90:90) [23:06:37:457]: Source for file 'ul_msxml4.dll.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed
MSI (s) (90:90) [23:06:37:481]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:482]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:483]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:485]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:486]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:487]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:488]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:489]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:490]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:491]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:492]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:493]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:494]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:495]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:496]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:497]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:498]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:499]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:501]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:502]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:503]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:504]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:504]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:505]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:506]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:508]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:509]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:510]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:511]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:512]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:512]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:513]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:514]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:515]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:516]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:517]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:518]: Note: 1: 2360
MSI (s) (90:90) [23:06:37:758]: Executing op: SetTargetFolder(Folder=C:\Windows\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\)
MSI (s) (90:90) [23:06:37:758]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\j0r1wg7y.dqe\)
MSI (s) (90:90) [23:06:37:758]: Executing op: AssemblyCopy(SourceName=n0r1wg7y.dqe|4.20.9841.0.policy,SourceCabKey=ul_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537,DestName=4.20.9841.0.policy,,FileSize=652,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,ComponentId={0E9F98FC-A692-A6DF-A06B-D6B9ABF34537},IsManifest=1,,,AssemblyMode=0,)
MSI (s) (90:90) [23:06:37:759]: Source for file 'ul_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537' is compressed
MSI (s) (90:90) [23:06:37:787]: Executing op: AssemblyCopy(SourceName=o0r1wg7y.dqe|4.20.9841.0.cat,SourceCabKey=ul_catalog.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537,DestName=4.20.9841.0.cat,,FileSize=8359,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,ComponentId={0E9F98FC-A692-A6DF-A06B-D6B9ABF34537},,,,AssemblyMode=0,)
MSI (s) (90:90) [23:06:37:787]: Source for file 'ul_catalog.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537' is compressed
MSI (s) (90:90) [23:06:37:790]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_SDK.cab,BytesPerTick=32768,CopierType=2,ModuleFileName=C:\Windows\Installer\653ddc.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (90:90) [23:06:37:790]: Executing op: CacheSizeFlush(,)
MSI (s) (90:90) [23:06:37:790]: Executing op: ActionStart(Name=WriteRegistryValues,Description=Writing system registry values,Template=Key: [1], Name: [2], Value: [3])
MSI (s) (90:90) [23:06:37:791]: Executing op: ProgressTotal(Total=102,Type=1,ByteEquivalent=13200)
MSI (s) (90:90) [23:06:37:791]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:791]: Executing op: RegAddValue(,Value=XML DOM Document 4.0,)
MSI (s) (90:90) [23:06:37:792]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:792]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:792]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:793]: Executing op: RegOpenKey(,Key=Msxml2.DOMDocument.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:793]: Executing op: RegAddValue(,Value=XML DOM Document 4.0,)
MSI (s) (90:90) [23:06:37:793]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:793]: Executing op: RegAddValue(,Value=Msxml2.DOMDocument.4.0,)
MSI (s) (90:90) [23:06:37:794]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:794]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:794]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:794]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (90:90) [23:06:37:795]: Executing op: RegOpenKey(,Key=Msxml2.DOMDocument.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:795]: Executing op: RegAddValue(,Value={88D969C0-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:796]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:796]: Executing op: RegAddValue(,Value=Free Threaded XML DOM Document 4.0,)
MSI (s) (90:90) [23:06:37:796]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:796]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:797]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:797]: Executing op: RegOpenKey(,Key=Msxml2.FreeThreadedDOMDocument.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:797]: Executing op: RegAddValue(,Value=Free Threaded XML DOM Document 4.0,)
MSI (s) (90:90) [23:06:37:798]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:798]: Executing op: RegAddValue(,Value=Msxml2.FreeThreadedDOMDocument.4.0,)
MSI (s) (90:90) [23:06:37:798]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:798]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:799]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:799]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (90:90) [23:06:37:799]: Executing op: RegOpenKey(,Key=Msxml2.FreeThreadedDOMDocument.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:799]: Executing op: RegAddValue(,Value={88D969C1-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:800]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:800]: Executing op: RegAddValue(,Value=XML Data Source Object 4.0,)
MSI (s) (90:90) [23:06:37:800]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:801]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:801]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)
MSI (s) (90:90) [23:06:37:802]: Executing op: RegOpenKey(,Key=Msxml2.DSOControl.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:802]: Executing op: RegAddValue(,Value=XML Data Source Object 4.0,)
MSI (s) (90:90) [23:06:37:802]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:802]: Executing op: RegAddValue(,Value=Msxml2.DSOControl.4.0,)
MSI (s) (90:90) [23:06:37:803]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:803]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:803]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:803]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (90:90) [23:06:37:804]: Executing op: RegOpenKey(,Key=Msxml2.DSOControl.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:804]: Executing op: RegAddValue(,Value={88D969C4-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:804]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:804]: Executing op: RegAddValue(,Value=XML HTTP 4.0,)
MSI (s) (90:90) [23:06:37:805]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:805]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:805]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)
MSI (s) (90:90) [23:06:37:806]: Executing op: RegOpenKey(,Key=Msxml2.XMLHTTP.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:806]: Executing op: RegAddValue(,Value=XML HTTP 4.0,)
MSI (s) (90:90) [23:06:37:806]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:806]: Executing op: RegAddValue(,Value=Msxml2.XMLHTTP.4.0,)
MSI (s) (90:90) [23:06:37:807]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:807]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:807]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:807]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (90:90) [23:06:37:808]: Executing op: RegOpenKey(,Key=Msxml2.XMLHTTP.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:808]: Executing op: RegAddValue(,Value={88D969C5-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:808]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:808]: Executing op: RegAddValue(,Value=Server XML HTTP 4.0,)
MSI (s) (90:90) [23:06:37:809]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:809]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:810]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)
MSI (s) (90:90) [23:06:37:810]: Executing op: RegOpenKey(,Key=Msxml2.ServerXMLHTTP.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:810]: Executing op: RegAddValue(,Value=Server XML HTTP 4.0,)
MSI (s) (90:90) [23:06:37:811]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:811]: Executing op: RegAddValue(,Value=Msxml2.ServerXMLHTTP.4.0,)
MSI (s) (90:90) [23:06:37:811]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:811]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:812]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:812]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)
MSI (s) (90:90) [23:06:37:812]: Executing op: RegOpenKey(,Key=Msxml2.ServerXMLHTTP.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:812]: Executing op: RegAddValue(,Value={88D969C6-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:813]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:813]: Executing op: RegAddValue(,Value=XML Schema Cache 4.0,)
MSI (s) (90:90) [23:06:37:813]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:813]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:814]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:814]: Executing op: RegOpenKey(,Key=Msxml2.XMLSchemaCache.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:814]: Executing op: RegAddValue(,Value=XML Schema Cache 4.0,)
MSI (s) (90:90) [23:06:37:815]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:815]: Executing op: RegAddValue(,Value=Msxml2.XMLSchemaCache.4.0,)
MSI (s) (90:90) [23:06:37:815]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:815]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:816]: Executing op: RegOpenKey(,Key=Msxml2.XMLSchemaCache.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:816]: Executing op: RegAddValue(,Value={88D969C2-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:816]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:816]: Executing op: RegAddValue(,Value=XSL Template 4.0,)
MSI (s) (90:90) [23:06:37:817]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:817]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:818]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:818]: Executing op: RegOpenKey(,Key=Msxml2.XSLTemplate.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:818]: Executing op: RegAddValue(,Value=XSL Template 4.0,)
MSI (s) (90:90) [23:06:37:819]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:819]: Executing op: RegAddValue(,Value=Msxml2.XSLTemplate.4.0,)
MSI (s) (90:90) [23:06:37:819]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:819]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:820]: Executing op: RegOpenKey(,Key=Msxml2.XSLTemplate.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:820]: Executing op: RegAddValue(,Value={88D969C3-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:820]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:820]: Executing op: RegAddValue(,Value=SAX XML Reader 4.0,)
MSI (s) (90:90) [23:06:37:821]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:821]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:821]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:822]: Executing op: RegOpenKey(,Key=Msxml2.SAXXMLReader.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:822]: Executing op: RegAddValue(,Value=SAX XML Reader 4.0,)
MSI (s) (90:90) [23:06:37:822]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:822]: Executing op: RegAddValue(,Value=Msxml2.SAXXMLReader.4.0,)
MSI (s) (90:90) [23:06:37:823]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:823]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:823]: Executing op: RegOpenKey(,Key=Msxml2.SAXXMLReader.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:824]: Executing op: RegAddValue(,Value={7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F},)
MSI (s) (90:90) [23:06:37:824]: Executing op: RegOpenKey(,Key=CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:824]: Executing op: RegAddValue(,Value=MX XML Reader 4.0,)
MSI (s) (90:90) [23:06:37:825]: Executing op: RegOpenKey(,Key=CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:825]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:825]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:826]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:826]: Executing op: RegAddValue(,Value=MXXMLWriter 4.0,)
MSI (s) (90:90) [23:06:37:826]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:826]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:827]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:827]: Executing op: RegOpenKey(,Key=Msxml2.MXXMLWriter.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:827]: Executing op: RegAddValue(,Value=MXXMLWriter 4.0,)
MSI (s) (90:90) [23:06:37:828]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:828]: Executing op: RegAddValue(,Value=Msxml2.MXXMLWriter.4.0,)
MSI (s) (90:90) [23:06:37:828]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:828]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:829]: Executing op: RegOpenKey(,Key=Msxml2.MXXMLWriter.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:829]: Executing op: RegAddValue(,Value={88D969C8-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:829]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:829]: Executing op: RegAddValue(,Value=MXHTMLWriter 4.0,)
MSI (s) (90:90) [23:06:37:830]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:830]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:830]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:831]: Executing op: RegOpenKey(,Key=Msxml2.MXHTMLWriter.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:831]: Executing op: RegAddValue(,Value=MXHTMLWriter 4.0,)
MSI (s) (90:90) [23:06:37:831]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:831]: Executing op: RegAddValue(,Value=Msxml2.MXHTMLWriter.4.0,)
MSI (s) (90:90) [23:06:37:832]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:832]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:832]: Executing op: RegOpenKey(,Key=Msxml2.MXHTMLWriter.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:832]: Executing op: RegAddValue(,Value={88D969C9-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:833]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:833]: Executing op: RegAddValue(,Value=SAXAttributes 4.0,)
MSI (s) (90:90) [23:06:37:833]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:833]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:834]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:834]: Executing op: RegOpenKey(,Key=Msxml2.SAXAttributes.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:834]: Executing op: RegAddValue(,Value=SAXAttributes 4.0,)
MSI (s) (90:90) [23:06:37:835]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:835]: Executing op: RegAddValue(,Value=Msxml2.SAXAttributes.4.0,)
MSI (s) (90:90) [23:06:37:835]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:836]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:836]: Executing op: RegOpenKey(,Key=Msxml2.SAXAttributes.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:836]: Executing op: RegAddValue(,Value={88D969CA-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:837]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5},,BinaryType=0,)
MSI (s) (90:90) [23:06:37:837]: Executing op: RegAddValue(,Value=MXNamespaceManager 4.0,)
MSI (s) (90:90) [23:06:37:837]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:837]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:838]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)
MSI (s) (90:90) [23:06:37:838]: Executing op: RegOpenKey(,Key=Msxml2.MXNamespaceManager.4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:838]: Executing op: RegAddValue(,Value=MXNamespaceManager 4.0,)
MSI (s) (90:90) [23:06:37:839]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:839]: Executing op: RegAddValue(,Value=Msxml2.MXNamespaceManager.4.0,)
MSI (s) (90:90) [23:06:37:839]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:839]: Executing op: RegAddValue(,Value=4.0,)
MSI (s) (90:90) [23:06:37:840]: Executing op: RegOpenKey(,Key=Msxml2.MXNamespaceManager.4.0\CLSID,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:840]: Executing op: RegAddValue(,Value={88D969D6-F192-11D4-A65F-0040963251E5},)
MSI (s) (90:90) [23:06:37:840]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Microsoft\Updates\MSXML4SP2\Q927978,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:840]: Executing op: RegAddValue(Name=Description,Value=FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2,)
MSI (s) (90:90) [23:06:37:841]: Executing op: RegAddValue(Name=InstalledDate,Value=2/20/2007,)
MSI (s) (90:90) [23:06:37:842]: Executing op: RegAddValue(Name=InstalledBy,Value=Ken,)
MSI (s) (90:90) [23:06:37:843]: Executing op: RegAddValue(Name=IsInstalled,Value=#1,)
MSI (s) (90:90) [23:06:37:843]: Executing op: RegAddValue(Name=ServicePack,Value=#1,)
MSI (s) (90:90) [23:06:37:844]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:844]: Executing op: RegAddValue(,Value=Microsoft XML, v4.0,)
MSI (s) (90:90) [23:06:37:844]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\0,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:844]: Executing op: RegAddValue(,,)
MSI (s) (90:90) [23:06:37:845]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\0\win32,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:845]: Executing op: RegAddValue(,Value=C:\Windows\system32\msxml4.dll,)
MSI (s) (90:90) [23:06:37:846]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\FLAGS,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:846]: Executing op: RegAddValue(,Value=0,)
MSI (s) (90:90) [23:06:37:846]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\HELPDIR,,BinaryType=0,)
MSI (s) (90:90) [23:06:37:846]: Executing op: RegAddValue(,,)
MSI (s) (90:90) [23:06:37:847]: Executing op: ActionStart(Name=RegisterTypeLibraries,Description=Registering type libraries,Template=LibID: [1])
MSI (s) (90:90) [23:06:37:847]: Executing op: TypeLibraryRegister(,,FilePath=C:\Windows\system32\msxml4.dll,LibID={F5078F18-C551-11D3-89B9-0000F81FE221},Version=1024,,Language=0,,BinaryType=0,IgnoreRegistrationFailure=0,)
MSI (s) (90:90) [23:06:37:848]: QueryPathOfRegTypeLib returned 0 in local context. Path is 'C:\Windows\system32\msxml4.dll'
MSI (s) (90:90) [23:06:37:848]: Note: 1: 1402 2: UNKNOWN\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\400.0\0\win32 3: 2
MSI (s) (90:90) [23:06:37:848]: CMsiServices::ProcessTypeLibrary runs in local context, not impersonated.
MSI (s) (90:90) [23:06:37:882]: ProcessTypeLibraryCore returns: 0. (0 means OK)
MSI (s) (90:90) [23:06:37:882]: CMsiServices::ProcessTypeLibrary runs in local context, not impersonated.
MSI (s) (90:90) [23:06:37:889]: ProcessTypeLibraryCore returns: 0. (0 means OK)
MSI (s) (90:90) [23:06:37:889]: Executing op: ActionStart(Name=RegisterUser,Description=Registering user,Template=[1])
MSI (s) (90:90) [23:06:37:890]: Executing op: UserRegister(Owner=Ken,Company=Hewlett-Packard Company,ProductId=none)
MSI (s) (90:90) [23:06:37:891]: Executing op: ActionStart(Name=RegisterProduct,Description=Registering product,Template=[1])
MSI (s) (90:90) [23:06:37:892]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_Core.cab,BytesPerTick=0,CopierType=2,ModuleFileName=C:\Windows\Installer\653ddc.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (90:90) [23:06:37:892]: Executing op: DatabaseCopy(DatabasePath=C:\Windows\Installer\653ddc.msi,ProductCode={37477865-A3F1-4772-AD43-AAFC6BCFF99F},CabinetStreams=XML_Core.cab;XML_SDK.cab,,)
MSI (s) (90:90) [23:06:37:980]: Executing op: ProductRegister(UpgradeCode={7CE723E3-E56B-432C-9F24-78C0606045A5},VersionString=4.20.9841.0,HelpLink=http://support.microsoft.com/kb/927978,,,InstallSource=e:\60a829cc4c3112e114\,Publisher=Microsoft Corporation,,,,,,,,,,,,EstimatedSize=1269,)
MSI (s) (90:90) [23:06:37:995]: Executing op: ProductCPDisplayInfoRegister()
MSI (s) (90:90) [23:06:37:997]: Executing op: ActionStart(Name=MsiPublishAssemblies,Description=Publishing assembly information,Template=Application Context:[1], Assembly Name:[2])
MSI (s) (90:90) [23:06:37:997]: Executing op: AssemblyPublish(Feature=MSXMLSXS,Component={7B2FCEFF-0F22-B7E1-A06B-D6B9ABF34537},AssemblyType=2,,AssemblyName=Microsoft.MSXML2,type="win32",version="4.20.9841.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86",)
MSI (s) (90:90) [23:06:37:999]: Executing op: AssemblyPublish(Feature=MSXMLSXS,Component={DA6654F6-456F-3658-A06B-D6B9ABF34537},AssemblyType=2,,AssemblyName=Microsoft.MSXML2R,type="win32",version="4.1.0.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86",)
MSI (s) (90:90) [23:06:38:000]: Executing op: AssemblyPublish(Feature=MSXMLSXS,Component={0E9F98FC-A692-A6DF-A06B-D6B9ABF34537},AssemblyType=2,,AssemblyName=policy.4.20.Microsoft.MSXML2,type="win32-policy",version="4.20.9841.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86",)
MSI (s) (90:90) [23:06:38:001]: Executing op: ActionStart(Name=PublishFeatures,Description=Publishing Product Features,Template=Feature: [1])
MSI (s) (90:90) [23:06:38:001]: Executing op: FeaturePublish(Feature=MSXML,,Absent=2,Component=MF}e835XRAhvfl[X%h~W(s-UlQ2mt@MgogY-xd{t)
MSI (s) (90:90) [23:06:38:004]: Executing op: FeaturePublish(Feature=MSXMLSYS,Parent=MSXML,Absent=2,Component=V2?0@7$9*=IdbugpYRMX}GHaGLdZ==A&kv@Y~]3iui-r60O)l=Em%pCn7G4))
MSI (s) (90:90) [23:06:38:006]: Executing op: FeaturePublish(Feature=MSXMLSUPP2,Parent=MSXML,Absent=2,Component=?`ZsjqO[%A*`NW3OG&nR)
MSI (s) (90:90) [23:06:38:008]: Executing op: FeaturePublish(Feature=MSXMLSXS,Parent=MSXML,Absent=2,Component=LdCZOHqG+dpWsfdDE!j5LdCZOHqG+d6XsfdDE!j5LdCZOHqG+d%XsfdDE!j5`DM4olJ_O5pWsfdDE!j5`DM4olJ_O56XsfdDE!j5`DM4olJ_O5%XsfdDE!j5l0Rd'9?m^^pWsfdDE!j5l0Rd'9?m^^6XsfdDE!j5)
MSI (s) (90:90) [23:06:38:011]: Executing op: FeaturePublish(Feature=XMLSDK,,Absent=3,Component=mk`[Q=PRe?RvYBgpXHXc5~{DF_B]-@1_XLnB~RWMMvh8D]u5G@j^sM7=J&oH0G,*i]!a$9uKNVM3Kykc)
MSI (s) (90:90) [23:06:38:013]: Executing op: ActionStart(Name=PublishProduct,Description=Publishing product information,)
MSI (s) (90:90) [23:06:38:013]: Executing op: IconCreate(Icon=icon.exe,Data=BinaryData)
MSI (s) (90:90) [23:06:38:020]: Executing op: CleanupConfigData()
MSI (s) (90:90) [23:06:38:020]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\568774731F3A2774DA34AACFB6FC9FF9\Patches 3: 2
MSI (s) (90:90) [23:06:38:021]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0)
MSI (s) (90:90) [23:06:38:021]: Note: 1: 1402 2: UNKNOWN\Products\568774731F3A2774DA34AACFB6FC9FF9\Patches 3: 2
MSI (s) (90:90) [23:06:38:022]: Executing op: ProductPublish(PackageKey={2B27DCD9-53FA-4885-B6CD-698623819F4C})
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:023]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2
MSI (s) (90:90) [23:06:38:026]: Executing op: UpgradeCodePublish(UpgradeCode={7CE723E3-E56B-432C-9F24-78C0606045A5})
MSI (s) (90:90) [23:06:38:027]: Executing op: SourceListPublish(,,,,NumberOfDisks=2)
MSI (s) (90:90) [23:06:38:027]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9\SourceList 3: 2
MSI (s) (90:90) [23:06:38:029]: Executing op: ProductPublishClient(,,)
MSI (s) (90:90) [23:06:38:030]: Executing op: SourceListRegisterLastUsed(SourceProduct={37477865-A3F1-4772-AD43-AAFC6BCFF99F},LastUsedSource=e:\60a829cc4c3112e114\)
MSI (s) (90:90) [23:06:38:030]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (90:90) [23:06:38:030]: Specifed source is already in a list.
MSI (s) (90:90) [23:06:38:030]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (90:90) [23:06:38:030]: Machine policy value 'DisableBrowse' is 0
MSI (s) (90:90) [23:06:38:030]: Machine policy value 'AllowLockdownBrowse' is 0
MSI (s) (90:90) [23:06:38:030]: Adding new sources is allowed.
MSI (s) (90:90) [23:06:38:030]: Set LastUsedSource to: e:\60a829cc4c3112e114\.
MSI (s) (90:90) [23:06:38:030]: Set LastUsedType to: n.
MSI (s) (90:90) [23:06:38:030]: Set LastUsedIndex to: 1.
MSI (s) (90:90) [23:06:38:031]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=3074496)
MSI (s) (90:90) [23:06:39:127]: User policy value 'DisableRollback' is 0
MSI (s) (90:90) [23:06:39:127]: Machine policy value 'DisableRollback' is 0
MSI (s) (90:90) [23:06:39:153]: No System Restore sequence number for this installation.
MSI (s) (90:90) [23:06:39:153]: Unlocking Server
MSI (s) (90:90) [23:06:39:156]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
MSI (s) (90:90) [23:06:39:157]: Skipping action: SxsUninstallCA (condition is false)
MSI (s) (90:90) [23:06:39:157]: Doing action: RemoveExistingProducts
Action ended 23:06:39: InstallFinalize. Return value 1.
Action start 23:06:39: RemoveExistingProducts.
Action ended 23:06:39: RemoveExistingProducts. Return value 1.
Action ended 23:06:39: INSTALL. Return value 1.
Property(S): ProductName = MSXML 4.0 SP2 (KB927978)
Property(S): ProductCode = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductVersion = 4.20.9841.0
Property(S): ProductLanguage = 1033
Property(S): BannerBitmap = bannrbmp
Property(S): IAgree = No
Property(S): ProductID = none
Property(S): ARPHELPLINK = http://support.microsoft.com/kb/927978
Property(S): ButtonText_Back = < &Back
Property(S): ButtonText_Browse = Br&owse
Property(S): ButtonText_Cancel = Cancel
Property(S): ButtonText_Exit = &Exit
Property(S): ButtonText_Finish = &Finish
Property(S): ButtonText_Ignore = &Ignore
Property(S): ButtonText_Install = &Install
Property(S): ButtonText_InstallNow = &Install Now
Property(S): ButtonText_Next = &Next >
Property(S): ButtonText_No = &No
Property(S): ButtonText_OK = OK
Property(S): ButtonText_Remove = &Remove
Property(S): ButtonText_Reset = &Reset
Property(S): ButtonText_Resume = &Resume
Property(S): ButtonText_Retry = &Retry
Property(S): ButtonText_Return = &Return
Property(S): ButtonText_Yes = &Yes
Property(S): CompleteSetupIcon = completi
Property(S): CustomSetupIcon = custicon
Property(S): DialogBitmap = dlgbmp
Property(S): DlgTitleFont = {&DlgFontBold8}
Property(S): ExclamationIcon = exclamic
Property(S): InfoIcon = info
Property(S): InstallerIcon = insticon
Property(S): INSTALLLEVEL = 3
Property(S): InstallModeTxt_1 = Custom
Property(S): InstallModeVal = InstallModeTxt_1
Property(S): InstallModeTxt_2 = Complete
Property(S): InstallModeTxt_3 = Server Image
Property(S): InstallModeTxt_4 = Change
Property(S): InstallModeTxt_5 = Repair
Property(S): InstallModeTxt_6 = Remove
Property(S): PIDTemplate = 12345<###-%%%%%%%>@@@@@
Property(S): Progress1Txt_1 = Installing
Property(S): Progress1 = Progress1Txt_1
Property(S): Progress2Txt_1 = installs
Property(S): Progress2 = Progress2Txt_1
Property(S): Progress1Txt_2 = Changing
Property(S): Progress2Txt_2 = changes
Property(S): Progress1Txt_3 = Repairing
Property(S): Progress2Txt_3 = repairs
Property(S): Progress1Txt_4 = Removing
Property(S): Progress2Txt_4 = removes
Property(S): PROMPTROLLBACKCOST = P
Property(S): RemoveIcon = removico
Property(S): RepairIcon = repairic
Property(S): Setup = Setup
Property(S): Wizard = Setup Wizard
Property(S): DefaultUIFont = DlgFont8
Property(S): ErrorDialog = ErrorDlg
Property(S): TARGETDIR = e:\
Property(S): COMPANYNAME = Hewlett-Packard Company
Property(S): USERNAME = Ken
Property(S): APPS_TEST = 1
Property(S): VersionNT = 600
Property(S): SecureCustomProperties = MSXML4SP2
Property(S): UpgradeCode = {7CE723E3-E56B-432C-9F24-78C0606045A5}
Property(S): ALLUSERS = 1
Property(S): WINHTTP_51 = WinHttpRequest Component version 5.1
Property(S): MSXML = C:\Program Files\MSXML 4.0\
Property(S): SourceDir = e:\60a829cc4c3112e114\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): ProgramFilesFolder = C:\Program Files\
Property(S): MsiLogFileLocation = e:\60a829cc4c3112e114\msxml4-KB927978-enu.log
Property(S): SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 = C:\Windows\system32\
Property(S): SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 = C:\Windows\system32\
Property(S): SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB = C:\Windows\system32\
Property(S): WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\winsxs\
Property(S): payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
Property(S): payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
Property(S): WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Manifests\
Property(S): WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\
Property(S): SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\system32\
Property(S): WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Policies\
Property(S): policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
Property(S): policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
Property(S): WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\winsxs\
Property(S): payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
Property(S): payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
Property(S): WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Manifests\
Property(S): WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\
Property(S): SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\system32\
Property(S): WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Policies\
Property(S): policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
Property(S): policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
Property(S): WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\winsxs\
Property(S): payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
Property(S): WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Policies\
Property(S): policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
Property(S): WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\
Property(S): SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\system32\
Property(S): WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\winsxs\Manifests\
Property(S): payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
Property(S): policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = C:\Windows\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
Property(S): DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 = C:\Users\Public\Desktop\
Property(S): ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSXML 4.0\
Property(S): DOC.4576A2F1_959E_4BCA_94A9_596523761901 = C:\Program Files\MSXML 4.0\doc\
Property(S): LIB.4576A2F1_959E_4BCA_94A9_596523761901 = C:\Program Files\MSXML 4.0\lib\
Property(S): INC.4576A2F1_959E_4BCA_94A9_596523761901 = C:\Program Files\MSXML 4.0\inc\
Property(S): CommonFilesFolder = C:\Program Files\Common Files\
Property(S): MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 = C:\Program Files\Common Files\Microsoft Shared\
Property(S): MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 = C:\Program Files\Common Files\Microsoft Shared\MSDN\
Property(S): Date = 2/20/2007
Property(S): PackageCode = {2B27DCD9-53FA-4885-B6CD-698623819F4C}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = e:\60a829cc4c3112e114
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 1964
Property(S): MsiSystemRebootPending = 1
Property(S): VersionDatabase = 200
Property(S): VersionMsi = 4.00
Property(S): WindowsBuild = 6000
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): SystemFolder = C:\Windows\system32\
Property(S): System16Folder = C:\Windows\system\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\Ken\AppData\Local\Temp\
Property(S): AppDataFolder = C:\Users\Ken\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\Ken\Favorites\
Property(S): NetHoodFolder = C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\Ken\Documents\
Property(S): PrintHoodFolder = C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\Ken\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\Ken\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\Ken\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): Intel = 6
Property(S): PhysicalMemory = 2046
Property(S): VirtualMemory = 3374
Property(S): AdminUser = 1
Property(S): LogonUser = Ken
Property(S): UserSID = S-1-5-21-553410758-1839020228-3304128605-1001
Property(S): UserLanguageID = 1033
Property(S): ComputerName = KENS-MACHINE
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 20
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 23:06:39
Property(S): MsiNetAssemblySupport = 2.0.50727.312
Property(S): MsiWin32AssemblySupport = 6.0.6000.16386
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): DATABASE = C:\Windows\Installer\653ddc.msi
Property(S): OriginalDatabase = e:\60a829cc4c3112e114\msxml.msi
Property(S): UILevel = 2
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = e:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = e:\60a829cc4c3112e114\
Property(S): SourcedirProduct = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Property(S): ProductToBeRegistered = 1
MSI (s) (90:90) [23:06:39:239]: Note: 1: 1707
MSI (s) (90:90) [23:06:39:239]: Product: MSXML 4.0 SP2 (KB927978) -- Installation completed successfully.

MSI (s) (90:90) [23:06:39:240]: Windows Installer installed the product. Product Name: MSXML 4.0 SP2 (KB927978). Product Version: 4.20.9841.0. Product Language: 1033. Installation success or error status: 0.

MSI (s) (90:90) [23:06:39:243]: Cleaning up uninstalled install packages, if any exist
MSI (s) (90:90) [23:06:39:243]: MainEngineThread is returning 0
MSI (s) (90:2C) [23:06:39:244]: RESTART MANAGER: Session closed.
MSI (s) (90:2C) [23:06:39:244]: No System Restore sequence number for this installation.
=== Logging stopped: 2/20/2007 23:06:39 ===
MSI (c) (AC:B0) [23:06:39:247]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (AC:B0) [23:06:39:248]: MainEngineThread is returning 0
=== Verbose logging stopped: 2/20/2007 23:06:39 ===

pskelley

2008-07-13, 21:51

Thanks for the feedback, you said:

I have no idea why that setting is like that. That is not my company.
I believe you should address that issue with your Internet Service Provider, they should be able to help you reset that.

What about the other one, is that your ISP:
IP Location: United States Panama City Beach Knology Holdings Inc
If not have your ISP reset that information also:
NameServer = 69.1.30.11,69.1.30.10

Please post only want I request, that looks to be: C:\Windows\system32\msiexec.exe
http://www.liutilities.com/products/wintaskspro/processlibrary/msiexec/
http://ask-leo.com/msiexecexe.html

Please restart the computer and post a new HJT log. Please keep this computer offline if you are not troubleshooting these issues.

Thanks

cunxray

2008-07-13, 22:21

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:50 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=e26fff4e2ac37364ba85f16cde31bff0&url=http%3A%2F%2Fd.64.69.12.43.downloads.estara.com.%2Fas%2FOneCCDM.php&template=1178&sessionid=951626904_64.69.12.43_47023&=&req=1210299706470OneCC.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://209.149.177.89/nortel_cacheable/NetDirect.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://209.149.177.89/nortel_cacheable/iewiper.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9363 bytes

Also when I run the HJ my AVG sends me this: Trojan reported:
C:\Windows\System32\drivers\lsissass.sys

cunxray

2008-07-13, 22:23

What do I need to ask my ISP to reset? Just want to know how to go about asking them?

pskelley

2008-07-13, 22:36

Make sure you can see hidden files and folders:
Windows Vista
Click Start.
Open Computer.
Press the ALT key.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Navigate to that file: C:\Windows\System32\drivers\lsissass.sys <<< and delete it.

Let me know what happens, it's a rootkit associated with this item:
C:\Windows\System32\drivers\core.cache.dsk which MBAM removed, I was hoping it would remove that one also?

Thanks

cunxray

2008-07-13, 22:48

It tells me that I can't delete it because it is being used by another program.
Also when I opened the C drive to get to the Windows folder, the first folder was labeled: $$Delete Me, $$Delete me.

pskelley

2008-07-13, 23:00

Give your ISP this information, ask them to reset it to the correct information for them, make them aware you were infected.

O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain

Please follow the directions carefully, make sure you run this tool as administrator.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

cunxray

2008-07-13, 23:05

After the combofix will I need to restart before I run HJT?

pskelley

2008-07-13, 23:06

No...once combofix is finished running, you may create and post the HJT log without restarting.

Thanks

cunxray

2008-07-13, 23:58

Here is the Combofix log:

ComboFix 08-07-13.6 - Ken 2008-07-13 15:25:47.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2032 [GMT -5:00]
Running from: C:\Users\Ken\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\Users\Ken\AppData\Roaming\inst.exe
K:\Autorun.inf
C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 15:50 . 2008-07-13 15:50 <DIR> d-------- C:\temp\tn3
2008-07-12 19:12 . 2008-07-12 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Users\Ken\AppData\Roaming\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 17:52 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-12 17:52 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 23:18 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-11 23:18 . 2008-04-26 03:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-11 23:18 . 2008-04-26 03:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-11 23:18 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-11 23:18 . 2008-05-09 22:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-11 23:18 . 2008-04-04 20:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-11 23:18 . 2008-04-04 22:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-11 23:12 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 23:12 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 23:11 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-11 23:08 . 2008-05-08 16:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-11 23:08 . 2008-05-08 16:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-11 23:08 . 2008-05-08 16:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-11 23:08 . 2008-05-08 16:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-11 23:08 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-11 23:08 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-11 23:08 . 2008-05-08 16:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-10 22:03 . 2008-07-10 22:03 <DIR> d-------- C:\Users\Ken\AppData\Roaming\Comodo
2008-07-10 22:03 . 2008-07-10 22:56 <DIR> d-------- C:\Users\All Users\comodo
2008-07-10 22:03 . 2008-07-10 22:56 <DIR> d-------- C:\ProgramData\comodo
2008-07-10 22:03 . 2008-07-10 22:03 <DIR> d-------- C:\Program Files\COMODO
2008-07-10 22:03 . 2008-07-10 22:03 143,104 --a------ C:\Windows\System32\guard32.dll
2008-07-10 22:03 . 2008-07-10 22:03 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-07-10 22:03 . 2008-07-10 22:03 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-07-06 21:50 . 2008-07-13 15:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-06 21:20 . 2008-07-12 17:44 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\Users\All Users\avg8
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\ProgramData\avg8
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\Program Files\AVG
2008-07-06 21:20 . 2008-07-08 17:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-07-06 21:20 . 2008-07-06 21:20 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-06 21:20 . 2008-07-08 17:21 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-06-25 06:49 . 2008-06-25 06:49 167,976 --------- C:\Windows\System32\drivers\core.cache.dsk
2008-06-25 06:49 . 2008-06-25 06:49 85,888 --a------ C:\Windows\System32\drivers\lsissass.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 08:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-11 01:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-11 01:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 23:41 --------- d-----w C:\Users\Ken\AppData\Roaming\Azureus
2008-06-25 12:34 --------- d-----w C:\ProgramData\Roxio
2008-06-25 11:48 --------- d-----w C:\Program Files\Free Windows Registry Cleaner
2008-06-20 01:57 --------- d-----w C:\ProgramData\WildTangent
2008-06-17 05:43 --------- d-----w C:\Program Files\Azureus
2008-06-17 03:37 --------- d-----w C:\Program Files\Blubster
2008-06-16 02:48 --------- d-----w C:\Users\Ken\AppData\Roaming\Vso
2008-06-05 01:38 --------- d-----w C:\Users\Ken\AppData\Roaming\Move Networks
2008-06-03 03:22 3,532 ----a-w C:\drmHeader.bin
2008-05-24 21:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 21:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-24 17:32 --------- d-----w C:\Users\Ken\AppData\Roaming\ESET
2008-05-24 17:31 --------- d-----w C:\ProgramData\ESET
2008-05-24 17:31 --------- d-----w C:\Program Files\ESET
2008-05-24 02:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-14 01:56 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-02 13:22 174 --sha-w C:\Program Files\desktop.ini
2008-05-02 12:58 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-02 12:58 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-02 12:32 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-02 12:32 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-01-03 23:54 47,360 ----a-w C:\Users\Ken\AppData\Roaming\pcouffin.sys
2007-10-31 04:15 420 ----a-w C:\Users\Ken\AppData\Roaming\wklnhst.dat
2007-05-25 03:05 1,163,592 ----a-w C:\Users\Ken\install_flash_player.exe
2008-01-21 13:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-01-21 13:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-01-06 20:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-06 20:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-06 20:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-02 19:26 22 --sha-w C:\Windows\SMINST\HPCD.sys
2008-02-01 05:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 18:11 151552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 17:21 1232152]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-10 22:03 1655552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll C:\Windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
backup=C:\Windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-08-14 01:07 102400 C:\Program Files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2006-11-16 17:59 1480296 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2006-09-28 08:42 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 20:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 10:16 65536 C:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-12 06:28 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-07-31 09:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-08-10 12:10 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2006-11-02 04:45 215552 C:\Windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6E6A127A-0B43-4E56-8825-E2B3164F5BC0}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BD383BD3-E6C8-4976-9397-C1937F40170F}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C1819F0B-FF69-4093-AC3E-334153611C8E}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{A7013299-4886-43D0-A152-E4F8C42E372B}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D378F73-CF2A-42A5-8F87-96A6EE31A1E5}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C30651B3-C136-488C-8C66-9A1A3140B937}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A25263A1-2CDF-45DE-A8BF-897BDDCFA182}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{0C06651B-F13E-4112-BF36-A7B656CAFA54}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{B9A7B8B9-36F7-485C-8414-940D5A37D5D7}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{46440B8A-A209-434E-8581-A0B58E16FE10}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{704700B6-6661-48AB-B252-C1D31D8D530C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9E7AD0E6-394C-43EF-BF81-A51607F222FF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ED568ABF-128B-40DC-8018-5768683BC34C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9534223D-A4DC-456C-AC10-742B7DAAD796}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9A6C01E9-FCED-4196-8168-8C10D62C7349}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5EFED946-E209-4339-AEF6-65EB5095474E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8D15887E-978C-4B68-9346-960FBF941865}"= UDP:C:\Program Files\Blubster\Blubster.exe:Blubster
"{7C95C464-4593-4061-9C73-72B7344264B2}"= TCP:C:\Program Files\Blubster\Blubster.exe:Blubster
"{354BB3EE-AD5A-415A-BF09-4E56F56EF56E}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F8215624-F651-464D-80B2-DFB4A346180B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BC1473FC-95DA-4D54-A2E1-A04A3BA8E969}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5A14463C-496E-42AD-AFAF-F83AB40C2266}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{48279ACF-FC4A-4F83-8DBE-10F952F5C473}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{BFE23D80-B40E-46DF-A3CB-FCF4B4DEFB00}"= TCP:63138:Azureus
"TCP Query User{6522C80F-39A6-4EA6-8F19-581E938F6EDF}C:\\users\\ken\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\ken\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{2121E812-5292-405E-953F-1D8B63466853}C:\\users\\ken\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\ken\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{776B6005-4A03-4232-AD28-14728E0DDD25}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F651C470-9718-435E-9CCD-B24FC3E3084D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{415DE8D8-F688-433C-803B-8D1985307300}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F34B6587-EC75-4FA8-91FB-79FFD6596631}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B439C075-8792-466E-AC40-E4A2364B14D5}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4421A75E-99FE-4A45-9907-3B0D8C10E8C5}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{506C781B-A9CE-418D-9EFC-ED5C4D16AB8D}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{538FD763-EC3B-466B-851E-F5606B631FAB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{62564FD6-89FF-43D0-9E13-D6E6451202BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-08 17:21]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-10 22:03]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-10 22:03]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 17:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 13:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 16:30]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 12:13]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 17:25]
S3 NetDirect;TAP-Win32 NetDirect Adapter;C:\Windows\system32\DRIVERS\NetDirect.sys [2007-06-07 07:29]
S3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 02:41]
S3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 02:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c69b87-bfcd-11db-9c7b-806e6f6e6963}]
\shell\AutoRun\command - K:\WD_Windows_Tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 20:50:19 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-05 08:21:52 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-13 16:32:10 C:\Windows\Tasks\User_Feed_Synchronization-{FE738198-38AB-4249-894A-3551E61D8C19}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 15:50:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-07-13 15:56:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 20:55:59

Pre-Run: 209,493,581,824 bytes free
Post-Run: 209,502,760,960 bytes free

282 --- E O F --- 2008-07-12 07:32:32

cunxray

2008-07-14, 00:00

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:43 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=e26fff4e2ac37364ba85f16cde31bff0&url=http%3A%2F%2Fd.64.69.12.43.downloads.estara.com.%2Fas%2FOneCCDM.php&template=1178&sessionid=951626904_64.69.12.43_47023&=&req=1210299706470OneCC.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://209.149.177.89/nortel_cacheable/NetDirect.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://209.149.177.89/nortel_cacheable/iewiper.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8957 bytes

pskelley

2008-07-14, 00:30

Follow the directions carefully:

Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat
to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {3DE051B7-CE1E-4149-A39E-3037F29068E1} -

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Open notepad and copy/paste the text in the codebox below into it:

Driver::
lsissass

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Windows\System32\drivers\lsissass.sys

Save this as CFScript

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks

Let me know what your ISP has to say about those items in the 017 area of the HJT log.
http://www.bleepingcomputer.com/tutorials/tutorial42.html#O17Diag

If you see entries for this and do not recognize the domain as belonging to your ISP or company, and the DNS servers do not belong to your ISP or company, then you should have HijackThis fix it. You can go to Arin to do a whois a on the DNS server IP addresses to determine what company they belong to.We could have HJT fix those but if they should be needed by your ISP it could create a connection problem, that is why it is best to have them do that.

cunxray

2008-07-14, 00:47

What should I do with the Comodo, last time combofix was running the firewall was going crazy with allow or block prompts.
Also, my ISP: Knology. They stated that there was nothing on their end that they could reset. Only the MAC address. I have a dyanmic IP address that changes evertime I get online. The guy really didn't know what I was asking for, but stated that they could not reset anything. Maybe you know something else for that.

pskelley

2008-07-14, 00:52

It would seem since you are old enough to own a computer, you should be old enough to answer some of these questions yourself. I don't care what you do with it, just run the CFScript and post the information I asked for.

I should mention, the answer you got from Knology is exactly the reason I will never use them and never suggest them to anyone else. You pay them, but when you ask for help with a problem, that is the kind of answer you get.

cunxray

2008-07-14, 01:29

Here is Combo log:
ComboFix 08-07-13.6 - Ken 2008-07-13 17:03:55.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2030 [GMT -5:00]
Running from: C:\Users\Ken\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ken\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Windows\System32\drivers\lsissass.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\System32\drivers\lsissass.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LSISSASS
-------\Service_lsissass

((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-12 19:12 . 2008-07-12 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Users\Ken\AppData\Roaming\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 17:52 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-12 17:52 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 23:18 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-11 23:18 . 2008-04-26 03:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-11 23:18 . 2008-04-26 03:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-11 23:18 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-11 23:18 . 2008-05-09 22:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-11 23:18 . 2008-04-04 20:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-11 23:18 . 2008-04-04 22:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-11 23:12 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 23:12 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 23:11 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-11 23:08 . 2008-05-08 16:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-11 23:08 . 2008-05-08 16:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-11 23:08 . 2008-05-08 16:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-11 23:08 . 2008-05-08 16:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-11 23:08 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-11 23:08 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-11 23:08 . 2008-05-08 16:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-10 22:03 . 2008-07-10 22:03 <DIR> d-------- C:\Users\Ken\AppData\Roaming\Comodo
2008-07-10 22:03 . 2008-07-10 22:56 <DIR> d-------- C:\Users\All Users\comodo
2008-07-10 22:03 . 2008-07-10 22:56 <DIR> d-------- C:\ProgramData\comodo
2008-07-10 22:03 . 2008-07-10 22:03 <DIR> d-------- C:\Program Files\COMODO
2008-07-10 22:03 . 2008-07-10 22:03 143,104 --a------ C:\Windows\System32\guard32.dll
2008-07-10 22:03 . 2008-07-10 22:03 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-07-10 22:03 . 2008-07-10 22:03 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-07-06 21:50 . 2008-07-13 15:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-06 21:20 . 2008-07-12 17:44 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\Users\All Users\avg8
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\ProgramData\avg8
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\Program Files\AVG
2008-07-06 21:20 . 2008-07-08 17:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-07-06 21:20 . 2008-07-06 21:20 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-06 21:20 . 2008-07-08 17:21 10,520 --a------ C:\Windows\System32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 08:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-11 01:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-11 01:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 23:41 --------- d-----w C:\Users\Ken\AppData\Roaming\Azureus
2008-06-25 12:34 --------- d-----w C:\ProgramData\Roxio
2008-06-25 11:48 --------- d-----w C:\Program Files\Free Windows Registry Cleaner
2008-06-20 01:57 --------- d-----w C:\ProgramData\WildTangent
2008-06-17 05:43 --------- d-----w C:\Program Files\Azureus
2008-06-17 03:37 --------- d-----w C:\Program Files\Blubster
2008-06-16 02:48 --------- d-----w C:\Users\Ken\AppData\Roaming\Vso
2008-06-05 01:38 --------- d-----w C:\Users\Ken\AppData\Roaming\Move Networks
2008-06-03 03:22 3,532 ----a-w C:\drmHeader.bin
2008-05-24 21:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 21:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-24 17:32 --------- d-----w C:\Users\Ken\AppData\Roaming\ESET
2008-05-24 17:31 --------- d-----w C:\ProgramData\ESET
2008-05-24 17:31 --------- d-----w C:\Program Files\ESET
2008-05-24 02:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-14 01:56 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-02 13:22 174 --sha-w C:\Program Files\desktop.ini
2008-05-02 12:58 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-02 12:58 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-02 12:32 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-02 12:32 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-01-03 23:54 47,360 ----a-w C:\Users\Ken\AppData\Roaming\pcouffin.sys
2007-10-31 04:15 420 ----a-w C:\Users\Ken\AppData\Roaming\wklnhst.dat
2007-05-25 03:05 1,163,592 ----a-w C:\Users\Ken\install_flash_player.exe
2008-01-21 13:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-01-21 13:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-01-06 20:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-06 20:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-06 20:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-02 19:26 22 --sha-w C:\Windows\SMINST\HPCD.sys
2008-02-01 05:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_15.54.45.74 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 20:49:54 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-13 22:11:13 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-07-13 20:50:22 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-13 22:24:26 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-07-13 20:50:22 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-13 22:24:28 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-07-13 19:14:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-13 21:58:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-13 19:14:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-13 21:58:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-13 19:14:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-13 21:58:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-13 19:19:33 108,894 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-13 22:16:14 108,894 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-13 19:19:33 630,928 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-13 22:16:14 630,928 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-13 19:17:05 87,308 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 20:51:56 87,450 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-13 19:17:04 52,260 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 20:51:48 52,554 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 18:11 151552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 17:21 1232152]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-10 22:03 1655552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll C:\Windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
backup=C:\Windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-08-14 01:07 102400 C:\Program Files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2006-11-16 17:59 1480296 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2006-09-28 08:42 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 20:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 10:16 65536 C:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-12 06:28 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-07-31 09:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-08-10 12:10 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2006-11-02 04:45 215552 C:\Windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6E6A127A-0B43-4E56-8825-E2B3164F5BC0}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BD383BD3-E6C8-4976-9397-C1937F40170F}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C1819F0B-FF69-4093-AC3E-334153611C8E}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{A7013299-4886-43D0-A152-E4F8C42E372B}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D378F73-CF2A-42A5-8F87-96A6EE31A1E5}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C30651B3-C136-488C-8C66-9A1A3140B937}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A25263A1-2CDF-45DE-A8BF-897BDDCFA182}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{0C06651B-F13E-4112-BF36-A7B656CAFA54}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{B9A7B8B9-36F7-485C-8414-940D5A37D5D7}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{46440B8A-A209-434E-8581-A0B58E16FE10}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{704700B6-6661-48AB-B252-C1D31D8D530C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9E7AD0E6-394C-43EF-BF81-A51607F222FF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ED568ABF-128B-40DC-8018-5768683BC34C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9534223D-A4DC-456C-AC10-742B7DAAD796}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9A6C01E9-FCED-4196-8168-8C10D62C7349}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5EFED946-E209-4339-AEF6-65EB5095474E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8D15887E-978C-4B68-9346-960FBF941865}"= UDP:C:\Program Files\Blubster\Blubster.exe:Blubster
"{7C95C464-4593-4061-9C73-72B7344264B2}"= TCP:C:\Program Files\Blubster\Blubster.exe:Blubster
"{354BB3EE-AD5A-415A-BF09-4E56F56EF56E}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F8215624-F651-464D-80B2-DFB4A346180B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BC1473FC-95DA-4D54-A2E1-A04A3BA8E969}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5A14463C-496E-42AD-AFAF-F83AB40C2266}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{48279ACF-FC4A-4F83-8DBE-10F952F5C473}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{BFE23D80-B40E-46DF-A3CB-FCF4B4DEFB00}"= TCP:63138:Azureus
"TCP Query User{6522C80F-39A6-4EA6-8F19-581E938F6EDF}C:\\users\\ken\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\ken\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{2121E812-5292-405E-953F-1D8B63466853}C:\\users\\ken\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\ken\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{776B6005-4A03-4232-AD28-14728E0DDD25}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F651C470-9718-435E-9CCD-B24FC3E3084D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{415DE8D8-F688-433C-803B-8D1985307300}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F34B6587-EC75-4FA8-91FB-79FFD6596631}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B439C075-8792-466E-AC40-E4A2364B14D5}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4421A75E-99FE-4A45-9907-3B0D8C10E8C5}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{506C781B-A9CE-418D-9EFC-ED5C4D16AB8D}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{538FD763-EC3B-466B-851E-F5606B631FAB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{62564FD6-89FF-43D0-9E13-D6E6451202BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-08 17:21]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-10 22:03]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-10 22:03]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 17:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 13:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 16:30]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 12:13]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 17:25]
S3 NetDirect;TAP-Win32 NetDirect Adapter;C:\Windows\system32\DRIVERS\NetDirect.sys [2007-06-07 07:29]
S3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 02:41]
S3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 02:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c69b87-bfcd-11db-9c7b-806e6f6e6963}]
\shell\AutoRun\command - K:\WD_Windows_Tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 22:24:28 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-05 08:21:52 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-13 16:32:10 C:\Windows\Tasks\User_Feed_Synchronization-{FE738198-38AB-4249-894A-3551E61D8C19}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 17:24:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-07-13 17:27:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 22:27:15
ComboFix2.txt 2008-07-13 20:56:13

Pre-Run: 208,983,330,816 bytes free
Post-Run: 211,285,188,608 bytes free

311 --- E O F --- 2008-07-12 07:32:32

cunxray

2008-07-14, 01:30

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:58 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=e26fff4e2ac37364ba85f16cde31bff0&url=http%3A%2F%2Fd.64.69.12.43.downloads.estara.com.%2Fas%2FOneCCDM.php&template=1178&sessionid=951626904_64.69.12.43_47023&=&req=1210299706470OneCC.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://209.149.177.89/nortel_cacheable/NetDirect.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://209.149.177.89/nortel_cacheable/iewiper.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8769 bytes

pskelley

2008-07-14, 01:59

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run Disk Cleanup:
http://www.lockergnome.com/windows/2006/10/26/disk-cleanup-in-vista/

Post a new HJT log.

If things are running as they should, the next step is to remove combofix like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Thanks

cunxray

2008-07-14, 02:17

I went to the ARIN site and these addresses belong to Knology, 69.1.30.11 and 69.1.30.10

cunxray

2008-07-14, 02:18

What do these settings mean?
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain

pskelley

2008-07-14, 02:22

I posted that information for you in post #19 near the end.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

cunxray

2008-07-14, 02:41

So I should not run the HJT and fix these.
I will run the disk clean up and uninstall the Combo fix.
Sorry to irritate you earlier. Just trying to give you info, Just more than you wanted.
You guys seem very busy and are doing great work, I commend you and would love to pay you for this fix. Thanks for all you do.

cunxray

2008-07-14, 04:49

New HJT log:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:52 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8166 bytes