View Full Version : "system has recovered from a serious error"
wordsmith
2006-12-15, 07:53
hi everyone - AGAIN. (sigh).
ok, so this time i'm having serious problems....it started a couple of days ago and has gotten progressively worse. i used a file sharing program (i know, i know...)...
so my computer started running really slow...then yesterday it stopped letting me click on some of the folders in my "my computer" area - namely, the cd player. i mean, it lets me click on it, but nothing happens. then tonight it started acting really weird - when i go to my music folder, i can usually double click a song and it'll bring up my winap music player and play the file. it won't anymore. then, after my winamp player stopped altogether a couple of times, i tried to click on its icon to reopen it, but i just got a dialogue box that said that it's a shortcut & gave me its properties. then tonight it started running REALLY slow again and just restarted for no reason. when it restarted, there was a dialogue box that said, "system has recovered from a serious error" and it said it was sending a report and had some error codes (i wrote them down if you need to see them).
i ran a panda scan but didn't find anything. i'm running kaspersky right now - trendmicro won't even run for me (the online virus scan). what should i do?? i did a google search and found that other people have gotten the same message & had the same symptoms, but i didn't see any solutions...
please help! (i promise to stop using file sharing, but in all fairness, my roommate is to blame). thank you!!:sad:
Hello wordsmith.
It might help if you provided the logs for a helper to analyse. ;)
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
wordsmith
2006-12-22, 04:56
(cough) i knew that. :oops: here you go:
Logfile of HijackThis v1.99.1
Scan saved at 7:54:46 PM, on 12/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\StanaPhone\StanaClient.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner\Desktop\VIRUSES & TROJANS\ANTIVIRUS & SPYWARE\HijackThis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Startup: StanaPhone.lnk = C:\Program Files\StanaPhone\StanaClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PayPal Plug-In for Outlook Express.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.inspiredsilver.com
O15 - Trusted Zone: http://*.savinathompson.com
O15 - Trusted Zone: www.vh1.com
O15 - Trusted Zone: http://www.vh1.com
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.topproduceronline.com/Downloads/arview2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
LonnyRJones
2006-12-25, 12:06
Sorry about the delay
Find a resolution yet ? still problems ?
Perhaps uninstall winap re-download and install it again.
This topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.
LonnyRJones
2007-01-05, 07:43
Hi
Please explain the current problems in as much detail as possible.
Post another new hijackthis log, a Panda online report might help to.
Did you take this advice ? "Perhaps uninstall winap re-download and install it again."
wordsmith
2007-01-06, 06:11
hi lonny,
i'm not sure what winap is, so i haven't done that yet...here's the issue as it stands - the same symptoms as were described in the first post:
the computer has restarted by itself out of the blue 3 times so far - it doesn't seem to matter if i'm doing something or if i'm just looking at a static page on the screen...after it restarts, i get a message that says that the system just recovered from a serious error, or something to that effect. also, some of the keys on the keyboard don't work some of the time - my "delete" and "backspace" keys weren't working for part of last night, but i don't know if that's related. that just started. it's also going very slow at times...
last night i ran ewido and it found a few things, but mostly adware...i then ran spybot and it found nothing...then i ran adaware and it found 12 things, including 1 more piece of the not-a-virus (i don't remember the extension - i have it written down if you need to know it) virus. then i ran mwav and it found a lot. here's the "infected items" list from mwav:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "medload Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "2antispyware Trojan" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "coolwwwsearch.smartsearch Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
unfortunately it doesn't remove the items unless you purchase the product, so i haven't done anything yet. for some reason, i can't run the trendmicro online virus scan on my computer - the page just keeps saying that it's loading, but even if it sits there for an hour (which i let it do last night), it won't load. here's my latest hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 9:08:05 PM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\StanaPhone\StanaClient.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Outlook Express\msimn.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\program files\microsoft office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\VIRUSES & TROJANS\ANTIVIRUS & SPYWARE\HijackThis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Startup: StanaPhone.lnk = C:\Program Files\StanaPhone\StanaClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PayPal Plug-In for Outlook Express.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.inspiredsilver.com
O15 - Trusted Zone: http://*.savinathompson.com
O15 - Trusted Zone: www.vh1.com
O15 - Trusted Zone: http://www.vh1.com
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.topproduceronline.com/Downloads/arview2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
please let me know what else you need...thank you!
wordsmith
2007-01-06, 06:21
hi lonny,
i have no idea what this is, but i was just looking through my c drive and found a folder called "c7bebf6fd69d3fc7be9a7f872d990d54" - in it is a text file called "msxml4-KB927978-enu.log" - i opened the text file and it looks really suspicious to me...can you please tell me what this is? here are the contents of the text file (i'm going to have to paste them in more than one message cuz the file has a lot in it):
=== Verbose logging started: 11/19/2006 3:02:23 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (A8:DC) [03:02:23:796]: Resetting cached policy values
MSI (c) (A8:DC) [03:02:23:796]: Machine policy value 'Debug' is 0
MSI (c) (A8:DC) [03:02:23:796]: ******* RunEngine:
******* Product: c:\c7bebf6fd69d3fc7be9a7f872d990d54\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (A8:DC) [03:02:23:796]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (A8:DC) [03:02:23:812]: Grabbed execution mutex.
MSI (c) (A8:DC) [03:02:24:187]: Cloaking enabled.
MSI (c) (A8:DC) [03:02:24:187]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (A8:DC) [03:02:24:203]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (14:DC) [03:02:24:296]: Grabbed execution mutex.
MSI (s) (14:34) [03:02:24:296]: Resetting cached policy values
MSI (s) (14:34) [03:02:24:296]: Machine policy value 'Debug' is 0
MSI (s) (14:34) [03:02:24:296]: ******* RunEngine:
******* Product: c:\c7bebf6fd69d3fc7be9a7f872d990d54\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (14:34) [03:02:24:468]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (14:34) [03:02:24:656]: File will have security applied from OpCode.
MSI (s) (14:34) [03:02:25:156]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\c7bebf6fd69d3fc7be9a7f872d990d54\msxml.msi' against software restriction policy
MSI (s) (14:34) [03:02:25:156]: SOFTWARE RESTRICTION POLICY: c:\c7bebf6fd69d3fc7be9a7f872d990d54\msxml.msi has a digital signature
MSI (s) (14:34) [03:02:29:250]: SOFTWARE RESTRICTION POLICY: c:\c7bebf6fd69d3fc7be9a7f872d990d54\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (14:34) [03:02:29:281]: End dialog not enabled
MSI (s) (14:34) [03:02:29:281]: Original package ==> c:\c7bebf6fd69d3fc7be9a7f872d990d54\msxml.msi
MSI (s) (14:34) [03:02:29:281]: Package we're running from ==> c:\WINDOWS\Installer\8bca2cb.msi
MSI (s) (14:34) [03:02:29:531]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (14:34) [03:02:29:546]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (14:34) [03:02:29:562]: MSCOREE not loaded loading copy from system32
MSI (s) (14:34) [03:02:29:781]: Machine policy value 'TransformsSecure' is 0
MSI (s) (14:34) [03:02:29:781]: User policy value 'TransformsAtSource' is 0
MSI (s) (14:34) [03:02:29:828]: Machine policy value 'DisablePatch' is 0
MSI (s) (14:34) [03:02:29:828]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (14:34) [03:02:29:828]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (14:34) [03:02:29:828]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (14:34) [03:02:29:828]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (14:34) [03:02:29:828]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (14:34) [03:02:29:828]: Transforms are not secure.
MSI (s) (14:34) [03:02:29:828]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\c7bebf6fd69d3fc7be9a7f872d990d54 CLIENTUILEVEL=3 CLIENTPROCESSID=2216
MSI (s) (14:34) [03:02:29:828]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (14:34) [03:02:29:828]: Product Code passed to Engine.Initialize: ''
MSI (s) (14:34) [03:02:29:828]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (14:34) [03:02:29:828]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (14:34) [03:02:29:828]: Product not registered: beginning first-time install
MSI (s) (14:34) [03:02:29:828]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (14:34) [03:02:29:828]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (14:34) [03:02:29:828]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (14:34) [03:02:29:875]: Adding new sources is allowed.
MSI (s) (14:34) [03:02:29:875]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (14:34) [03:02:29:875]: Package name extracted from package path: 'msxml.msi'
MSI (s) (14:34) [03:02:29:875]: Package to be registered: 'msxml.msi'
MSI (s) (14:34) [03:02:29:875]: Note: 1: 2729
MSI (s) (14:34) [03:02:29:968]: Note: 1: 2729
MSI (s) (14:34) [03:02:29:968]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (14:34) [03:02:29:968]: Machine policy value 'DisableMsi' is 0
MSI (s) (14:34) [03:02:29:968]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (14:34) [03:02:29:968]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (14:34) [03:02:29:968]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (14:34) [03:02:29:968]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (14:34) [03:02:29:968]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (14:34) [03:02:29:968]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\c7bebf6fd69d3fc7be9a7f872d990d54'.
MSI (s) (14:34) [03:02:29:968]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (14:34) [03:02:29:968]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '2216'.
MSI (s) (14:34) [03:02:29:968]: TRANSFORMS property is now:
MSI (s) (14:34) [03:02:29:968]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (14:34) [03:02:29:968]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (14:34) [03:02:29:968]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (14:34) [03:02:29:968]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (14:34) [03:02:29:984]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (14:34) [03:02:29:984]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (14:34) [03:02:30:000]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (14:34) [03:02:30:015]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (14:34) [03:02:30:015]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (14:34) [03:02:30:015]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (14:34) [03:02:30:015]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (14:34) [03:02:30:015]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (14:34) [03:02:30:031]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (14:34) [03:02:30:046]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (14:34) [03:02:30:046]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (14:34) [03:02:30:046]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (14:34) [03:02:30:046]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (14:34) [03:02:30:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools
MSI (s) (14:34) [03:02:30:078]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (14:34) [03:02:30:078]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (14:34) [03:02:30:078]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (14:34) [03:02:30:078]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (14:34) [03:02:30:093]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (14:34) [03:02:30:093]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (s) (14:34) [03:02:30:140]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (14:34) [03:02:30:140]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (14:34) [03:02:30:140]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (14:34) [03:02:30:140]: PROPERTY CHANGE: Adding USERNAME property. Its value is ' '.
MSI (s) (14:34) [03:02:30:140]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (14:34) [03:02:30:140]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\8bca2cb.msi'.
MSI (s) (14:34) [03:02:30:140]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\c7bebf6fd69d3fc7be9a7f872d990d54\msxml.msi'.
MSI (s) (14:34) [03:02:30:156]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (14:34) [03:02:30:156]: Machine policy value 'DisableRollback' is 0
MSI (s) (14:34) [03:02:30:156]: User policy value 'DisableRollback' is 0
wordsmith
2007-01-06, 06:22
MSI (s) (14:34) [03:02:30:156]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 11/19/2006 3:02:30 ===
MSI (s) (14:34) [03:02:30:156]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (14:34) [03:02:30:156]: Doing action: INSTALL
MSI (s) (14:34) [03:02:30:187]: Running ExecuteSequence
MSI (s) (14:34) [03:02:30:187]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 3:02:30: INSTALL.
MSI (s) (14:34) [03:02:30:187]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Desktop\'.
Action start 3:02:30: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (14:34) [03:02:30:187]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 3:02:30: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (14:34) [03:02:30:187]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'.
Action start 3:02:30: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (14:34) [03:02:30:187]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 3:02:30: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (14:34) [03:02:30:187]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 3:02:30: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (14:34) [03:02:30:187]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 3:02:30: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (14:34) [03:02:30:187]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:02:30: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (14:34) [03:02:30:187]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 3:02:30: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (14:34) [03:02:30:187]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 3:02:30: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (14:34) [03:02:30:187]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 3:02:30: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (14:34) [03:02:30:187]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:02:30: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (14:34) [03:02:30:187]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 3:02:30: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (14:34) [03:02:30:203]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 3:02:30: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (14:34) [03:02:30:203]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 3:02:30: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (14:34) [03:02:30:203]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:02:30: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (14:34) [03:02:30:203]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB
Action ended 3:02:30: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (14:34) [03:02:30:203]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:02:30: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
MSI (s) (14:34) [03:02:30:203]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1
Action ended 3:02:30: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.
MSI (s) (14:34) [03:02:30:203]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:02:30: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
MSI (s) (14:34) [03:02:30:203]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7
Action ended 3:02:30: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.
MSI (s) (14:34) [03:02:30:203]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\WINDOWS\system32\'.
Action start 3:02:30: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
MSI (s) (14:34) [03:02:30:203]: Doing action: LaunchConditions
Action ended 3:02:30: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.
Action start 3:02:30: LaunchConditions.
MSI (s) (14:34) [03:02:30:203]: Doing action: FindRelatedProducts
Action ended 3:02:30: LaunchConditions. Return value 1.
Action start 3:02:30: FindRelatedProducts.
MSI (s) (14:34) [03:02:30:203]: Doing action: AppSearch
Action ended 3:02:30: FindRelatedProducts. Return value 1.
Action start 3:02:30: AppSearch.
MSI (s) (14:34) [03:02:30:203]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (14:34) [03:02:30:203]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.
MSI (s) (14:34) [03:02:30:203]: Skipping action: CCPSearch (condition is false)
MSI (s) (14:34) [03:02:30:203]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (14:34) [03:02:30:203]: Doing action: ValidateProductID
Action ended 3:02:30: AppSearch. Return value 1.
Action start 3:02:30: ValidateProductID.
MSI (s) (14:34) [03:02:30:203]: Doing action: CostInitialize
Action ended 3:02:30: ValidateProductID. Return value 1.
MSI (s) (14:34) [03:02:30:203]: Machine policy value 'MaxPatchCacheSize' is 10
Action start 3:02:30: CostInitialize.
MSI (s) (14:34) [03:02:30:281]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.
MSI (s) (14:34) [03:02:30:281]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (14:34) [03:02:30:281]: Note: 1: 2205 2: 3: Patch
MSI (s) (14:34) [03:02:30:281]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (14:34) [03:02:30:281]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (14:34) [03:02:30:281]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (14:34) [03:02:30:281]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (14:34) [03:02:30:281]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (14:34) [03:02:30:281]: Doing action: FileCost
Action ended 3:02:30: CostInitialize. Return value 1.
MSI (s) (14:34) [03:02:30:328]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 3:02:30: FileCost.
MSI (s) (14:34) [03:02:30:328]: Doing action: CostFinalize
Action ended 3:02:30: FileCost. Return value 1.
MSI (s) (14:34) [03:02:30:328]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (14:34) [03:02:30:328]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (14:34) [03:02:30:328]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (14:34) [03:02:30:328]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (14:34) [03:02:30:328]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (14:34) [03:02:30:328]: Note: 1: 2205 2: 3: Patch
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying CommonFilesFolder property. Its current value is 'C:\Program Files\Common Files\'. Its new value: 'c:\Program Files\Common Files\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Common Files\Microsoft Shared\MSDN\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Modifying SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\'.
MSI (s) (14:34) [03:02:30:343]: PROPERTY CHANGE: Adding WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Adding payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Adding payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Modifying SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Modifying SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Modifying SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Modifying DesktopFolder property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files\'. Its new value: 'c:\Program Files\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Adding MSXML property. Its value is 'c:\Program Files\MSXML 4.0\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Adding INC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\inc\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Adding LIB.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\lib\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Adding DOC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\doc\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Modifying ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'. Its new value: 'c:\Documents and Settings\All Users\Start Menu\Programs\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Adding MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\'.
MSI (s) (14:34) [03:02:30:359]: PROPERTY CHANGE: Modifying DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Desktop\'. Its new value: 'c:\Documents and Settings\All Users\Desktop\'.
MSI (s) (14:34) [03:02:30:359]: Target path resolution complete. Dumping Directory table...
MSI (s) (14:34) [03:02:30:359]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: TARGETDIR , Object: c:\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WindowsFolder , Object: c:\WINDOWS\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: CommonFilesFolder , Object: c:\Program Files\Common Files\
wordsmith
2007-01-06, 06:24
LONNY - THERE'S A LOT MORE IN THIS TEXT FILE, BUT THIS IS THE LAST THAT I'M GOING TO POST HERE SINCE IT COULD PROBABLY TAKE UP 8 OR 9 MORE POSTS...:
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Common Files\Microsoft Shared\MSDN\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\WINDOWS\system32\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\WINDOWS\system32\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\WINDOWS\system32\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: DesktopFolder , Object: c:\Documents and Settings\All Users\Desktop\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: MSXML , Object: c:\Program Files\MSXML 4.0\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\inc\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\lib\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\doc\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0\
MSI (s) (14:34) [03:02:30:359]: Dir (target): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Desktop\
Action start 3:02:30: CostFinalize.
MSI (s) (14:34) [03:02:30:578]: Doing action: SetODBCFolders
Action ended 3:02:30: CostFinalize. Return value 1.
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCDriver`, `Component` WHERE `ODBCDriver`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCTranslator`, `Component` WHERE `ODBCTranslator`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
Action start 3:02:30: SetODBCFolders.
MSI (s) (14:34) [03:02:30:578]: Doing action: MigrateFeatureStates
Action ended 3:02:30: SetODBCFolders. Return value 0.
Action start 3:02:30: MigrateFeatureStates.
MSI (s) (14:34) [03:02:30:578]: Doing action: InstallValidate
Action ended 3:02:30: MigrateFeatureStates. Return value 0.
MSI (s) (14:34) [03:02:30:578]: Feature: MSXML; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Feature: MSXMLSYS; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Feature: MSXMLSUPP; Installed: Absent; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Feature: MSXMLSUPP2; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Feature: MSXMLSXS; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Feature: XMLSDK; Installed: Absent; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: RememberInstallFolder; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: QKBKEY; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: MSXML4_SystemRes.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: MSXML4_ANSI.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: WINHTTP50_COMPONENT.781A0624_31FF_4712_BFFD_31C829FFDBF1; Installed: Absent; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: PROXYCFG_COMPONENT.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB; Installed: Absent; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: XMLSDK_LIB.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: XMLSDK_INC.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC59; Installed: Absent; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: __uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: __uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: __uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: __QKBKEY65; Installed: Null; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: __MSXML4_System.246EB7AD_459A_4FA8_83D1_4165; Installed: Null; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: __downlevel_payload.7B2FCEFF_0F22_B7E1_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: __downlevel_manifest.7B2FCEFF_0F22_B7E1_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: __downlevel_payload.DA6654F6_456F_3658_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: __downlevel_manifest.DA6654F6_456F_3658_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: __downlevel_manifest.0E9F98FC_A692_A6DF_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (14:34) [03:02:30:578]: Component: __CookDoc_dll.3FB7DAB3_19E7_40A0_8730_448265; Installed: Null; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Component: __XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596565; Installed: Null; Request: Null; Action: Null
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2205 2: 3: BindImage
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:578]: Note: 1: 2205 2: 3: Font
Action start 3:02:30: InstallValidate.
MSI (s) (14:34) [03:02:30:593]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (14:34) [03:02:30:718]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:718]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:718]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:734]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2205 2: 3: BindImage
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2205 2: 3: Font
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2727 2:
MSI (s) (14:34) [03:02:30:734]: Note: 1: 2727 2:
MSI (s) (14:34) [03:02:30:734]: Doing action: InstallInitialize
Action ended 3:02:30: InstallValidate. Return value 1.
MSI (s) (14:34) [03:02:30:734]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (14:34) [03:02:30:734]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (14:34) [03:02:30:734]: BeginTransaction: Locking Server
MSI (s) (14:34) [03:02:30:734]: SRSetRestorePoint skipped for this transaction.
MSI (s) (14:34) [03:02:30:734]: Server not locked: locking for product {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Action start 3:02:30: InstallInitialize.
MSI (s) (14:34) [03:02:32:546]: Doing action: SxsInstallCA
LonnyRJones
2007-01-06, 07:03
Hi
I mentioned winamp becouse you did in your first post. winamp is a media player.
i have no idea what this is, but i was just looking through my c drive and found a folder called "c7bebf6fd69d3fc7be9a7f872d990d54"
Not wo worry about those, It is from windows update.
Post a report from this tool if any FILES show
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
click the first download button (version with grapichal user interface)
Download/save (not open) and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them YET.....legitimate files can be listed.
Download and run Silentrunners.Vbs post the log it creates please
http://www.silentrunners.org/sr_scriptuse.html click no to not skip the suplimentry searchs
Wait until there is a All Done message !!, Then open and post the log next to it.
Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened, please send me a private message (pm) and provide a link to this thread.